Privacy Policy

Last updated: April 14, 2026

1. Introduction

Henia ("we", "us", "our") operates ContextQ, a shared context and memory platform for AI agents. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service at contextq.dev. We are committed to protecting your privacy and handling your data transparently.

2. Information We Collect

Account Information

When you create a ContextQ account, we collect:

  • Email address
  • Name or display name
  • Authentication credentials (password hash or OAuth provider tokens)
  • Team name and membership details

API Keys

When you generate API keys to connect AI agents to ContextQ, we store a hashed version of each key. The full key is displayed to you only once at the time of creation. We cannot retrieve the full key after it has been generated.

Context Data

The core of ContextQ is the context entries you and your AI agents store. This may include text content describing architectural decisions, code conventions, infrastructure details, deployment procedures, and other company knowledge. We store this data to provide the Service to you.

Usage Data

We automatically collect certain information about how you use the Service, including:

  • API request logs (endpoints called, timestamps, response codes)
  • Number of context entries created, searched, and retrieved
  • Feature usage patterns (search frequency, team management actions)
  • IP address and approximate geographic location
  • Browser type and version (when accessing the web dashboard)

Payment Information

We do not directly collect or store payment card details. All payment processing is handled by Lemon Squeezy, our third-party payment processor. We receive from Lemon Squeezy only the information necessary to manage your subscription, such as subscription status, billing cycle dates, and transaction identifiers.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service: Storing and retrieving your context data, authenticating API requests, managing teams and permissions.
  • Improving the Service: Analyzing usage patterns to identify performance bottlenecks, improve search quality, and prioritize feature development.
  • Billing and account management: Processing subscriptions, managing trial periods, and communicating about billing matters.
  • Security: Detecting and preventing unauthorized access, abuse, or fraud.
  • Communication: Sending transactional emails about your account, service updates, and security notices. We do not send marketing emails without your explicit opt-in consent.

We do not use your stored context data to train machine learning models, serve advertisements, or for any purpose other than delivering the Service to you.

4. Data Storage and Security

Your context data is stored in PostgreSQL databases. For Pro and Enterprise plans, context entry content is encrypted at the application level using AES-256 encryption with per-tenant encryption keys. This means that even in the event of a database breach, your content remains encrypted and unreadable without the corresponding tenant key.

We implement the following security measures:

  • Row-level security (RLS) in PostgreSQL to enforce strict tenant isolation at the database level.
  • All data is transmitted over TLS (HTTPS) in transit.
  • API keys are stored as salted hashes and cannot be recovered.
  • Regular security reviews and dependency audits.
  • Minimal access principles for internal operations.

While we take reasonable measures to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

5. Third-Party Services

We use the following third-party services in the operation of ContextQ:

  • Lemon Squeezy: Payment processing and subscription management. Lemon Squeezy receives your payment information directly and is subject to their own privacy policy.
  • Cloudflare Pages: Hosting and content delivery for the ContextQ marketing website. Cloudflare may collect standard web traffic data as described in their privacy policy.

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

6. Data Retention

We retain your data as follows:

  • Account data: Retained for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.
  • Context entries: Retained until you delete them or until 30 days after account termination.
  • API request logs: Retained for up to 90 days for security and debugging purposes, then automatically purged.
  • Payment records: Retained for the period required by applicable tax and accounting regulations.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data. We honor these rights for all users regardless of jurisdiction:

  • Access: You can request a copy of the personal data we hold about you.
  • Rectification: You can request that we correct inaccurate or incomplete personal data.
  • Deletion: You can request that we delete your personal data, subject to legal retention requirements.
  • Data portability: You can request an export of your context data in a machine-readable format (JSON).
  • Restriction: You can request that we restrict processing of your personal data in certain circumstances.
  • Objection: You can object to our processing of your personal data where we rely on legitimate interests as the legal basis.

To exercise any of these rights, contact us at privacy@contextq.dev. We will respond to your request within 30 days.

8. International Data Transfers

ContextQ is operated by Henia from Vietnam. Your data may be processed and stored on servers located in various regions depending on our infrastructure providers. By using the Service, you consent to the transfer of your data to these locations. We ensure that appropriate safeguards are in place to protect your data regardless of where it is processed.

9. Cookies and Local Storage

For detailed information about the cookies and local storage mechanisms used by ContextQ, please refer to our Cookie Policy.

10. Children's Privacy

ContextQ is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will promptly delete such data.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and notify you via email or through the Service. We encourage you to review this policy periodically.

12. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us: