Privacy Policy

Last Updated: May 2026

This Privacy Policy explains how Contextify ("we", "us", "our") collects, uses, and protects your information when you use the Contextify application, the optional Contextify Cloud service, and the Personal Self-Hosted deployment of the Cloud software (together, the "Service").

1. How Contextify Works

Contextify can be deployed in three shapes:

  • Local-only mode (default): The macOS app and Linux CLI run entirely on your device. No account required. No data is transmitted to Contextify.
  • Contextify Cloud (Cloud Free, Cloud Pro, Team, and Enterprise): If you create a Contextify Cloud account and enable cloud sync, conversation data is transmitted to Contextify Cloud servers (operated by us) so you can search across devices. Cloud sync is always user-initiated; we never upload your data without your explicit action.
  • Personal Self-Hosted: If you run the Contextify Cloud software on your own server (for example, a Mac Mini or Linux box on your home network), conversation data is transmitted to your server and never to Contextify-operated infrastructure. We are not a data processor for that traffic. Third parties such as Sentry or Resend are operator-controlled, not us. See §4.3 below for the full Personal Self-Hosted data-flow disclosure.

Sections 2–7 below describe Contextify Cloud (Hosted) data handling. For Personal Self-Hosted, the operator of your server is the controller; this policy describes only the software we license to that operator and any optional services they may choose to use.

2. Data We Collect

2.1 Account Data

When you create a Contextify Cloud account, we collect:

  • Email address
  • Name (optional)
  • Organization name (Team and Enterprise plans)

2.2 Payment Data

Payments are processed by Stripe. We do not store credit card numbers, bank account details, or other payment credentials on our servers. We receive from Stripe:

  • Subscription status (active, cancelled, past due)
  • Billing period and plan type
  • Last four digits of the payment method (for display in your account)

2.3 Conversation Data

When you enable cloud sync, the following data is uploaded:

  • AI conversation transcripts (messages between you and Claude Code or Codex CLI)
  • LLM-generated summaries of conversation entries
  • Project names and associated metadata
  • Session timestamps and durations

This data is uploaded only when you initiate a sync. The local application never contacts our servers unless you have configured cloud sync.

2.4 Usage Data

For cloud subscribers, we collect limited operational data:

  • Sync frequency and timestamps
  • Search queries executed against cloud data
  • Aggregate statistics (number of conversations, storage used)

We do not collect usage analytics from the local-only application.

2.5 Device Data

When connecting to Contextify Cloud, the application transmits:

  • A device identifier (generated locally, not your hardware serial number)
  • Operating system version
  • Application version

This data helps us provide support and ensure compatibility.

2.6 Release-Announcement Email Subscriptions

If you submit your email address through the newsletter form on contextify.sh (homepage or download page), we collect:

  • Email address

We use this address to send release announcements only. We do not send marketing emails outside of release announcements, and we do not share newsletter addresses with third parties for marketing purposes. You can unsubscribe at any time using the link included in every release announcement; on unsubscribe, your email is removed from the active list. Newsletter subscription is independent of any Cloud account; it does not require an account, and creating a Cloud account does not subscribe you to release announcements.

3. How We Use Your Data

We use your data to:

  • Provide the Service: Store and index your conversations for cross-device search
  • Process payments: Manage subscriptions and billing through Stripe
  • Send service notifications: Account confirmations, billing alerts, security notices, and material changes to the Service
  • Send release announcements to subscribers of the contextify.sh newsletter (separate from any Contextify Cloud account; opt-in only)
  • Improve the Service: Understand aggregate usage patterns to prioritize features and fix issues
  • Provide support: Respond to your questions and troubleshoot issues

We commit to the following:

  • We never sell your data to third parties.
  • We never use your conversation data to train AI models.
  • We never share your data with advertisers.
  • We never read your conversation content except when required to provide technical support you have requested, or when legally compelled.

4. Data Storage and Security

4.1 Local Data

Local data is stored in ~/Library/Application Support/Contextify/ (or a custom location you configure). Security relies on macOS file system permissions and, for App Store builds, macOS application sandboxing.

4.2 Cloud Data

Cloud data is stored with the following protections:

  • Tenant isolation: Synced conversation data is stored in tenant-specific PostgreSQL schemas. Account, billing, authentication, device, audit, and operational records are stored in shared service tables keyed by tenant and protected by application-level access controls.
  • Encryption in transit: All communication between the application and our servers uses TLS 1.2 or higher.
  • Access controls: Cloud sync operations require authenticated API access. Dashboard, account, billing, and administrative surfaces use authenticated web-session or service-level access controls appropriate to the surface. API keys can be revoked where API-key access is used.
  • Infrastructure: Cloud servers are hosted on reputable infrastructure providers with industry-standard physical and network security.

4.3 Personal Self-Hosted

Anyone (not just enterprise customers) may run the Contextify Cloud software on their own server — for example, a Mac Mini, NUC, or Linux box on a home network or private tailnet. In Personal Self-Hosted mode:

  • Where your data goes: Synced conversation data is transmitted from the macOS app or Linux CLI to your server, and never to Contextify-operated infrastructure. No Contextify-operated server receives your transcript data when you use Personal Self-Hosted.
  • Our role: We provide the cloud software under the Contextify application license. We do not operate the deployment, do not have access to your data, and are not a data processor for that traffic.
  • Third parties: Optional integrations such as Sentry (error monitoring), Resend (transactional email), and SMTP (invitation email) are operator-controlled. The Contextify Cloud software does not require Sentry, Resend, SMTP, or Stripe by default; auth emails fall back to local container logs. The documented v1.6.0 Personal Self-Hosted quickstart uses Tailscale for private network access; operators who use another network topology are responsible for that configuration. If the operator configures any third-party service, that operator's relationship with the third party governs that data, not us.
  • No Stripe involvement: Personal Self-Hosted does not require Stripe billing or a Contextify-hosted subscription for the operator-run server.
  • Retention: Operator-controlled. Backup, restore, and deletion are run by the operator on their own server.
  • You as data subject: If you are running Personal Self-Hosted for your own use, you are simultaneously the operator and the data subject. There are no per-user erasure obligations from us in this mode; your data lives on infrastructure you operate. If the operator extends the deployment beyond themselves to other users, that operator becomes the controller and/or processor for those users' data, governed by the operator's own agreements with those users.

Personal Self-Hosted puts you in control of the server. The macOS app will ask if it can check for app updates. For the server, the other outbound communications options are yours to turn on and configure. For example, you can choose to turn on server Sentry (for error reporting), Resend (for sending email), SMTP (email), or Tailscale (simplified networking).

5. Data Retention

The following retention policy applies to Contextify Cloud (Hosted) data:

  • Cloud Free: Cloud Free is intended to provide access to the most recent 60 days of cloud conversation history. Older entries may be removed from hosted-cloud availability through our retention process. We do not currently promise hard deletion on a fixed schedule for the Cloud Free tier; this commitment will be tightened in a future update once the retention enforcement work lands.
  • Cloud Pro / Team / Enterprise (active subscription): Cloud data is retained for as long as your subscription is active.
  • Cancelled accounts: After cancellation, your data is retained for a reasonable period to allow you to resubscribe or export your data, then permanently deleted.
  • Backups: Database backups are retained for disaster recovery purposes and destroyed when no longer needed.
  • Account records: Basic account records (email, subscription history) may be retained for up to 12 months after deletion for legal and accounting purposes.
  • Local data: Local data is never affected by subscription changes. It remains on your device under your control indefinitely.
  • Personal Self-Hosted: Retention is operator-controlled. We do not set or enforce a retention window on data stored on operator-run infrastructure. Backup, restore, and deletion are performed by the operator using the documented Personal Self-Hosted backup, restore, and wipe procedures.
  • Newsletter subscriptions: Email addresses submitted to the contextify.sh newsletter are retained on the active list as long as you are subscribed. When you unsubscribe (via the link in any release announcement), your address is removed from the active list; we may retain a minimal suppression record to honor your unsubscribe preference.

Manual erasure procedure: Data erasure requests submitted to support@contextify.sh are completed manually within 30 days.

6. Your Rights

The following rights apply to data Contextify directly collects or processes — that is, Contextify Cloud (Hosted) account and sync data, newsletter subscriptions, support requests, and website interactions. They do not apply to sync data stored only on a Personal Self-Hosted server, which is under operator control (see the Personal Self-Hosted paragraph below).

  • Export: Download your Contextify Cloud account metadata at any time through the application or API. We are working on expanding export to include full conversation data.
  • Delete: Request deletion of your Contextify Cloud account and all associated Hosted Cloud data.
  • Opt out of cloud: Disable Hosted Cloud sync at any time. The local application always works without cloud features, and Local-only app mode sends no application data to Contextify. This does not affect separate records you may provide to us directly, such as newsletter subscriptions, support emails, or account records.
  • Access: View all data we hold about you through your Contextify Cloud account dashboard.
  • Correction: Update your Contextify Cloud account information at any time through your account settings.
  • Portability: Export your data for use with other tools. Export format options are being expanded.

Personal Self-Hosted: Contextify cannot export, delete, correct, or access sync data stored on an operator-run server — we do not have access to that data. If you operate the server yourself, you control that data directly using the documented Personal Self-Hosted backup, restore, and wipe procedures. If another operator provides the server to you, contact that operator for access, deletion, or portability requests.

7. Third-Party Services

For Contextify Cloud (Hosted), we use the following third-party services:

  • Stripe: Payment processing. Stripe receives your payment information directly. See Stripe's privacy policy for details on how they handle your data. Stripe is not used in Personal Self-Hosted mode.
  • Resend: Transactional email delivery. Resend receives the recipient email address and the body of authentication emails (sign-in magic links, password reset, email verification, email change confirmation, account-related notifications). Resend is required for hosted production; the Cloud server refuses to start without it. Resend is not used in Personal Self-Hosted mode unless the operator explicitly configures it; the default is local container-log delivery.
  • Sentry: Error monitoring. Conversation content (transcripts, prompts, responses) is not sent to Sentry. Neither are request bodies or stack-frame local variables. When a server error occurs, Sentry receives the exception type, the failed route and HTTP status, ops metadata (release, environment, server identity), and the account email and API key ID for correlation. API keys and known secret patterns are stripped from every field before transmission. Sentry is operator-controlled in Personal Self-Hosted mode (disabled by default).

We do not use analytics, advertising, or tracking services on contextify.sh or in the application. If this changes, we will update this policy and notify you.

Release-announcement newsletter delivery: contextify.sh release announcements are sent through an email delivery provider. The provider receives the recipient email address and the message body of each release announcement and applies its own privacy and security practices to that delivery. We will identify the provider here when newsletter sending becomes operational.

For Personal Self-Hosted: any third-party services (Sentry, Resend, SMTP, Tailscale, etc.) used by an operator-run deployment are operator-controlled. We are not a party to the operator's relationship with those services.

8. Cookies and Tracking

The Contextify application does not use cookies or web tracking. Our website (contextify.sh) does not use analytics cookies or third-party tracking scripts.

9. Children's Privacy

Contextify is not directed to children under 18. We do not knowingly collect data from minors. If we learn that we have collected data from a child under 18, we will delete it promptly.

Sections 10–12 apply to personal information that Contextify directly collects or processes — including Contextify Cloud (Hosted) account / sync data, newsletter subscriptions, support requests, and website interactions. They do not apply to sync data stored only on a Personal Self-Hosted server operated by you or another operator, except where Contextify separately receives information from you.

10. International Data Transfers

If you are located outside the United States, your data may be transferred to and processed in the United States where our servers are located. By using Contextify Cloud (Hosted), you consent to this transfer. We take appropriate safeguards to protect your data in accordance with this policy. Personal Self-Hosted data is stored on operator-controlled infrastructure and is not transferred to or processed by Contextify.

11. GDPR (European Users)

If you are in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation. These rights apply to data Contextify directly processes (Hosted Cloud, newsletter, support, website interactions). For Personal Self-Hosted, the operator of your server is the controller / processor under GDPR; address requests to the operator.

  • Legal basis: We process your data based on (a) your consent when enabling cloud sync, (b) contractual necessity to provide the Service, and (c) our legitimate interest in improving the Service.
  • Right to object: You may object to processing based on legitimate interest by contacting us.
  • Right to lodge a complaint: You may file a complaint with your local data protection authority.
  • Privacy contact: Contact us at privacy@contextify.sh for GDPR-related inquiries.

12. CCPA (California Users)

If you are a California resident, you have the following rights under the California Consumer Privacy Act. These rights apply to personal information Contextify directly collects (Hosted Cloud, newsletter, support, website interactions). For Personal Self-Hosted, the operator of your server holds the relevant information; address requests to the operator.

  • Right to know: You may request details about the personal information we collect and how we use it.
  • Right to delete: You may request deletion of your personal information.
  • Right to opt out: We do not sell personal information. There is nothing to opt out of.
  • Non-discrimination: We do not discriminate against you for exercising your CCPA rights.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes at least 30 days before they take effect, via the email address associated with your account. Changes are also posted on this page with an updated date.

For users without accounts (local-only mode), changes are effective when posted to this page.

14. Contact

If you have questions about this Privacy Policy or your data, please contact us: