Privacy Policy

1. Introduction

Welcome to Kontext ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our knowledge management and AI-powered chat application.

2. Information We Collect

2.1 Personal Information

• Account Information: Email address, name, and profile data
• Authentication Data: Google OAuth credentials, JWT tokens, and OTP verification codes
• User-Generated Content: Projects, chat messages, and AI conversation history

2.2 Knowledge Content

• Documents: Files you upload (PDFs, images, etc.) up to 50MB
• Web Content: URLs and extracted content from web pages
• Processed Data: Text extractions, embeddings, and vector representations
• Metadata: File names, upload timestamps, processing status

2.3 Technical Information

• Usage Data: API requests, chat interactions, and feature usage
• System Logs: Application logs for debugging and monitoring
• Performance Metrics: Response times, error rates, and system health data

3. How We Use Your Information

• Service Provision: Process documents, generate AI responses, and enable semantic search
• AI Processing: Create embeddings and enable context-aware chat responses using OpenAI services
• Account Management: User authentication, session management, and security
• Service Improvement: Monitor performance, debug issues, and enhance features
• Communication: Send service-related notifications and updates

4. Data Storage and Processing

4.1 Cloud Infrastructure

• AWS S3: Document storage with encryption at rest
• AWS CloudFront: Content delivery network
• PostgreSQL: User data, projects, and chat history
• Qdrant Vector Database: Document embeddings for semantic search
• Redis: Session management and caching

4.2 Third-Party Services

• OpenAI: AI model processing for chat responses and embeddings
• Google OAuth: Authentication services
• AWS SQS: Message queuing for document processing

5. Data Sharing and Disclosure

We do not sell your personal information. We may share data in the following circumstances:

• Service Providers: AWS, OpenAI, and Google for essential service functionality
• Legal Requirements: When required by law or to protect our rights
• Business Transfer: In case of merger, acquisition, or asset sale
• Consent: With your explicit permission

6. Data Security

• Encryption: Data encrypted in transit and at rest
• Authentication: JWT-based security with refresh tokens
• Access Control: Role-based permissions and user isolation
• Monitoring: Security monitoring and audit trails
• Infrastructure: Cloud-based security with AWS best practices

7. Data Retention

• Account Data: Retained until account deletion
• Chat History: Stored until manually deleted by user
• Documents: Retained until removed from projects
• Logs: System logs retained for 30 days for debugging
• Backups: Backup data retained for disaster recovery purposes

8. Your Rights

• Access: Request access to your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and data
• Portability: Export your data in a structured format
• Withdrawal: Revoke consent for data processing

9. Cookies and Tracking

We use essential cookies for:

• User authentication and session management
• Security and fraud prevention
• Application functionality and preferences

10. Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we discover such information, we will delete it immediately.

11. International Data Transfers

Your data may be processed in countries outside your residence. We ensure adequate protection through:

• Standard contractual clauses
• Adequacy decisions by relevant authorities
• Appropriate safeguards as required by law

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by:

• Posting the updated policy on our website
• Sending email notifications for material changes
• Updating the "Last Updated" date above

13. AI and Machine Learning

Our service uses AI technologies including:

• Large Language Models: OpenAI GPT-4 for generating responses
• Embeddings: Text vectorization for semantic search
• Document Processing: Automated text extraction and analysis
• RAG Technology: Retrieval-augmented generation for context-aware responses

Your content may be processed by these AI systems to provide service functionality.