Privacy Policy
Version: 2026-07-15
The data controller is the Context Engine operator. Its legal name, address, and contact channel must be completed in the single operator-details launch gate in the Terms of Service before launch.
Information collected
- GitHub identity data supplied through Supabase Auth, including user ID, username, email when available, display name, and avatar URL.
- Account and license records, including API-key prefixes and hashes, tier and status, creation and last-use timestamps, and terms acceptance records. Raw API keys are displayed once and are not stored by the portal.
- License-verification records and low-frequency aggregate usage telemetry such as tool-call counts, estimated tokens saved, and language identifiers. License telemetry does not contain repository source code.
- Security and operational records needed to authenticate requests, prevent abuse, diagnose failures, and operate the service.
How it is used
Information is used to authenticate users, issue and verify licenses, operate and secure the service, provide support, understand aggregate product usage, and comply with legal obligations. It is not sold.
Service providers
GitHub supports sign-in; Supabase provides authentication and data services; and Render hosts the web portal and control plane. These providers process data under their own terms and data protection commitments.
Cookies and local state
The portal uses authentication cookies and a short-lived, signed, HttpOnly terms-intent cookie. They are used for sign-in, session refresh, and recording terms acceptance, not third-party advertising.
Retention and security
Data is retained only while needed for the purposes above, account and license administration, security, dispute resolution, and applicable legal obligations. Access controls, one-way API-key hashing, encrypted transport, and restricted server credentials are used to protect it; no system can guarantee absolute security.
Choices and rights
Subject to applicable law, you may request access, correction, deletion, restriction, portability, or objection. You may also revoke an API key and stop using the service. Requests must use the legal contact channel identified in the operator-details launch gate.
Policy changes
Material changes will be published with a new version and, where required, renewed notice or consent.