Your data's security is foundational to everything we build. Here's how we protect it at every layer.
Last updated: April 26, 2026
Multi-tenant cloud architecture with strict isolation, encryption at every layer, and security built into every feature.
Contextary runs as a multi-tenant cloud service with strict isolation between organizations. Your data is encrypted, separated from other tenants at the database level, and processed per our Privacy Policy.
Context flows from your warehouse through Contextary to your AI tools. Raw data stays in your warehouse.
Warehouse credentials encrypted at rest with AES-256 before storage
Passwords hashed with Argon2, resistant to GPU and ASIC attacks
All communication encrypted with TLS between your browser and our servers
Secure token-based authentication for MCP and API access
Every layer of Contextary is designed to prevent unauthorized access. Tenant isolation isn't just a policy — it's enforced at the database level and validated with a dedicated test suite.
Security is built into every layer of the application, not bolted on after the fact.
Destructive queries (DROP, DELETE, TRUNCATE, ALTER) are blocked by default. AI-generated SQL passes through a validation layer before it can be executed against your warehouse, protecting against accidental data loss.
API endpoints are rate-limited to prevent abuse, brute-force attacks, and service degradation. Limits are configured per-endpoint to balance usability with security.
All user input is validated using Zod schemas on both client and server. This prevents injection attacks, malformed data, and unexpected payloads from reaching the application layer.
Cross-Origin Resource Sharing is configured to only allow requests from authorized origins, preventing unauthorized third-party sites from accessing the API.
We are actively building our compliance posture to meet enterprise requirements. Our security practices are designed to align with industry standards, and we are transparent about where we are in the process.
If your organization has specific compliance requirements, please reach out to security@contextary.ai and we will work with your team to address them.
You control which AI provider you use and what data they see.
AI queries use your own API keys, stored encrypted at rest. We never have access to your unencrypted keys.
Only schema metadata (table names, column names, types) and your annotations are sent to AI providers — not your raw data.
Contextary supports Anthropic (Claude), OpenAI, and Google (Gemini). You pick the provider that meets your organization's requirements.
Some things are just as important for what we choose not to do.
Your data is never sold to third parties. Period.
Your data is never used to train or fine-tune AI models.
Cross-tenant isolation is enforced and tested. Your data is yours alone.
Query results are returned to you in real time. We store metadata (row count, execution time), not your actual data.
We are happy to discuss our security practices, answer questions from your security team, or work through compliance requirements.