Privacy Policy

Last updated: April 26, 2026

1. Introduction

Contextary, Inc. ("Contextary," "we," "our," or "us") provides a warehouse-native knowledge base that serves data context to AI assistants (the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our Service, visit our website at contextary.ai (the "Site"), or otherwise interact with us.

By accessing or using the Service or Site, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Personal information we collect

A. Information you provide to us

  • Account information — name, email address, and password (hashed with Argon2) when you create an account for our cloud-hosted service
  • Warehouse connection credentials — database hostnames, ports, usernames, passwords, and connection parameters you provide to connect your data warehouse. These are encrypted at rest using AES-256 encryption
  • Content you create — annotations, metric definitions, business rules, gotchas, descriptions, and other context you author within the Service
  • Support requests — information you provide when contacting us for help, including email correspondence and any attachments
  • Form submissions — information you submit through forms on our marketing site, such as your name and email address for waitlist signups or contact requests

B. Information collected automatically

  • Usage data — features you use, actions you take within the Service, query history (questions asked, SQL generated, execution metadata, and feedback), and tool invocations
  • Device and browser information — device type, operating system, browser type and version, screen resolution, and language preferences
  • IP addresses — your IP address is collected in connection with your use of the Service for security, rate limiting, and abuse prevention
  • Cookies — we use session cookies (30-day expiry) to maintain your authenticated session. We do not use third-party advertising cookies
  • Analytics — we may use analytics services (such as Google Analytics) on our marketing site to understand traffic patterns. When implemented, we will update this section with specifics
  • Log data — server logs including timestamps, API endpoints accessed, response codes, and performance metrics, tagged with tenant and user identifiers

3. How we use personal information

  • To provide and operate the Service — connecting to your warehouse, storing your annotations and context, generating AI-powered responses, and managing your account
  • To improve and develop the Service — analyzing aggregated, anonymized usage patterns to understand which features are most valuable and to identify areas for improvement
  • To communicate with you — responding to support requests, sending service-related notices (e.g., maintenance windows, security alerts), and providing product updates
  • For security and fraud prevention — detecting and preventing unauthorized access, abuse, and security incidents
  • For compliance — complying with applicable legal obligations, enforcing our Terms of Service, and protecting our legal rights
  • For marketing — with your consent, sending product announcements and updates. You can opt out at any time by clicking "unsubscribe" in any marketing email or contacting us directly

4. How we disclose personal information

  • Service providers — we share information with third-party service providers who help us operate the Service, including cloud infrastructure providers, AI providers (when you use AI features), and analytics services. These providers are contractually obligated to protect your information
  • Legal requirements — we may disclose information if required to do so by law, regulation, legal process, or governmental request
  • Business transfers — in connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information
  • With your consent — we may share information with third parties when you explicitly direct us to do so

We do NOT sell your personal information. We have never sold personal information and have no plans to do so.

5. Third-party AI providers

When you use Contextary's AI-powered features (such as natural language queries, SQL generation, or AI-assisted annotations), your schema context, annotations, and queries are sent to the AI provider you have configured. Contextary supports:

Anthropic (Claude) OpenAI Google (Gemini)

These requests are made using your own API keys. We act as a pass-through and do not maintain our own accounts with these providers on your behalf. Each AI provider has its own privacy policy and data handling practices, and we encourage you to review them.

Important: We do not control how third-party AI providers handle data they receive. Schema metadata (table names, column names, types) and your natural language queries are sent to these providers to generate responses. Your actual row-level data is not sent unless you explicitly include it in a query context. Each provider's own privacy policy governs their handling of this data.

6. Data security

We implement commercially reasonable technical and organizational measures to protect your personal information, including:

  • AES-256 encryption at rest for warehouse credentials stored in our database
  • Argon2 password hashing — a memory-hard algorithm resistant to GPU and ASIC brute-force attacks
  • Cross-tenant isolation enforced at the database level, preventing access to other organizations' data
  • Rate limiting on API endpoints to prevent abuse and protect service availability
  • SQL safety validation — destructive queries (DROP, DELETE, TRUNCATE) are blocked by default
  • TLS encryption in transit for all communications between your browser and our servers

For more details about our security practices, please visit our Security page.

7. Data retention

We retain your personal information for as long as your account is active or as needed to provide you the Service. Specifically:

  • Account data and annotations are retained while your account remains active
  • Query history is retained for your reference and to improve response accuracy
  • Server logs may be retained for operational and security purposes
  • Upon account deletion request, your data is permanently removed within 30 days, except where retention is required by law or for legitimate business purposes (e.g., resolving disputes, enforcing agreements)

8. Your rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access — request a copy of the personal information we hold about you
  • Correction — request that we correct inaccurate or incomplete personal information
  • Deletion — request that we delete your personal information, subject to certain legal exceptions
  • Data export — export your annotations, metrics, and context definitions in YAML format at any time through the Service
  • Object to processing — object to certain processing of your personal information, including direct marketing

To exercise any of these rights, contact us at privacy@contextary.ai. We will respond to your request within 30 days.

9. Children's privacy

The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will promptly delete that information. If you believe a child under 13 has provided us with personal information, please contact us at privacy@contextary.ai.

10. International data transfers

Your personal information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from the laws of your country. By using the Service, you consent to the transfer of your information to the United States and other jurisdictions as described in this Privacy Policy. We take steps to ensure that your information receives an adequate level of protection in the jurisdictions in which we process it.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. For material changes that affect how we handle your personal information, we will provide notice through the Service or by email to cloud-hosted users at least 30 days before the changes take effect. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

12. Contact information

If you have questions about this Privacy Policy, want to exercise your data rights, or have concerns about our data practices, please contact us:

Contextary, Inc.

Email: privacy@contextary.ai

Website: contextary.ai