Privacy Policy

Last updated: March 28, 2026

1. Overview

KontextAI.ai, LLC ("KontextAI," "we," "us," "our") respects your privacy. This Privacy Policy describes how we collect, use, store, and protect your information when you use our personal AI agent platform ("Service"). This policy applies to all users worldwide, including users in the European Economic Area (EEA), United Kingdom, and California.

2. The Short Version

Our commitments:
  • We do not train AI models on your content
  • We do not sell your data to third parties
  • We do not share your uploaded content with other users
  • You can export or delete your data at any time
  • Your uploaded files are stored in isolated, per-user storage

3. Information We Collect

Account information: Email address, name, and authentication credentials when you register. We use this to create and manage your account.

Content you upload: Documents, files, books, transcripts, and other materials you upload to create AI agents. This is processed to generate vector embeddings and enable retrieval-augmented generation (RAG).

Chat and usage data: Your queries to AI agents, conversation history, agent configurations, and how you interact with features of the Service.

Technical data: Browser type, operating system, IP address, device identifiers, referring URLs, and access timestamps, collected automatically through server logs.

Cookies and analytics: We use essential cookies required for the Service to function. We use Umami (self-hosted, privacy-focused analytics) to understand aggregate usage patterns. Umami does not use cookies and does not collect personally identifiable information. We do not use third-party advertising cookies or tracking pixels.

4. How We Use Your Information

We use your information for the following purposes:

  • Providing the Service: Processing your uploads, generating embeddings, powering AI agent responses, and maintaining conversation history
  • Account management: Creating and managing your account, authenticating access, and communicating about your account
  • Improvement: Understanding aggregate usage patterns to improve features, performance, and reliability (using anonymized, non-personal data only)
  • Safety and security: Detecting and preventing abuse, unauthorized access, and violations of our Terms of Service
  • Legal compliance: Complying with applicable laws, regulations, and legal processes

Legal basis (GDPR): We process your data based on: (a) contractual necessity (to provide the Service), (b) legitimate interest (security and improvement), and (c) your consent (where applicable, such as optional analytics).

5. What We Don't Do

  • We do not use your User Content or conversation data to train, fine-tune, or improve AI models — ours or anyone else's
  • We do not sell, rent, or trade your personal information to third parties
  • We do not share your uploaded content with other users of the Service
  • We do not access your BYOK API keys beyond the scope of processing your requests
  • We do not use third-party advertising trackers, retargeting pixels, or behavioral advertising cookies

6. Third-Party AI Providers and BYOK

When you use "Bring Your Own Key" (BYOK), your queries, uploaded file content, and conversation context are transmitted to the third-party AI provider you select (e.g., OpenAI, Anthropic, Google, Together AI) using your own API credentials. That transmission is governed by the applicable provider's own Terms of Service and Privacy Policy:

KontextAI acts as a technical pass-through for BYOK requests. We encrypt BYOK Keys at rest and do not log or persist key values beyond active use. We do not control how third-party providers process data sent through their APIs. If you use the Service in a regulated industry, you should independently verify your chosen provider's data handling practices.

7. Service Providers and Subprocessors

We use the following service providers to operate the Service:

ProviderPurposeData Processed
DigitalOceanCloud hosting and infrastructureAll Service data (encrypted at rest and in transit)
CloudflareCDN, DNS, marketing site hostingIP addresses, request metadata
OpenAI / Anthropic / Google / Together AIAI model inference (BYOK only)Queries, file context (via user's own API key)
StripePayment processingPayment card data, billing address, transaction records

8. Data Security

We use industry-standard security measures to protect your data, including:

  • Encryption in transit (TLS 1.2+) for all connections
  • Encryption at rest for stored data and credentials
  • Isolated, per-user storage for uploaded content
  • Access controls and authentication for all internal systems
  • Regular security reviews and dependency updates

Design principles: KontextAI is designed with user trust as a structural requirement, not a marketing claim. We do not use dark patterns, infinite scroll, autoplay, or engagement-maximizing algorithms. We do not design features to maximize time-on-platform. We do not target minors. Our Service is intended for professionals, researchers, and knowledge workers age 18 and older. The age minimum stated in our Terms of Service (13) reflects legal requirements; our product design, pricing, and content are directed at adults.

No system is completely secure. While we take reasonable precautions, we cannot guarantee absolute security. If we become aware of a security breach affecting your personal data, we will notify affected users and relevant authorities as required by law (within 72 hours for GDPR-covered incidents, within 30 days for California residents).

9. Data Retention

In plain English: We keep your data for as long as your account is active. You can delete individual items (files, sessions, memories) at any time. When you close your account, we retain your data for 30 days to allow export, then begin deletion from active systems. Some data (billing records, server logs) is retained longer for legal and security purposes.
Data TypeRetention Period
Uploaded documents and filesRetained while your account is active. Deleted upon your request or 30 days after account closure.
Vector embeddingsRetained while the source document exists. Deleted when you delete the document.
Chat and conversation historyRetained while your account is active. You can delete individual sessions at any time.
MemoriesRetained while your account is active. You can view, edit, and delete individual memories at any time.
BYOK API keysEncrypted at rest. Deleted immediately upon revocation or account closure.
Account informationRetained until account closure + 30 days for final data export.
Server and access logsRetained for up to 90 days for security, debugging, and abuse prevention.
Billing and payment recordsRetained for 7 years as required by US tax law (IRS).

Note: Deletion from active systems does not guarantee immediate removal from encrypted backups, which are retained for disaster recovery and rotated on a regular schedule. We do not use backup data for any purpose other than system recovery.

10. Your Rights

Depending on your location, you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data ("right to be forgotten")
  • Portability: Request your data in a portable, machine-readable format
  • Restriction: Request that we limit how we process your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time

For California residents (CCPA): You have the right to know what personal information we collect and how it is used, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell or share your personal information as defined under CCPA/CPRA. We do not use personal information for cross-context behavioral advertising. To exercise any of these rights, contact us at [email protected].

For EEA/UK residents (GDPR): You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not handled your data in accordance with applicable law.

11. International Data Transfers

KontextAI is based in the United States. If you access the Service from outside the US, your data will be transferred to and processed in the United States. For transfers from the EEA or UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection of your personal data. By using the Service, you consent to the transfer of your data to the United States.

12. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected].

13. Automated Decision-Making

The Service uses AI models to generate responses based on your uploaded content and queries. These AI-generated outputs are informational tools and are not used to make automated decisions that produce legal or similarly significant effects on you. You always retain control over how you use AI Outputs.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email to the address associated with your account or by posting a prominent notice on the Service at least thirty (30) days before the changes take effect. Your continued use of the Service after the effective date of revised terms constitutes acceptance of those changes.

15. Contact

Questions about privacy or your data? Contact us at [email protected].

KontextAI.ai, LLC — Registered in the State of Wyoming, USA.
Data Controller for GDPR purposes: KontextAI.ai, LLC.