Privacy Policy
Last updated: 2026-04-13
This Privacy Policy explains how CtxKit collects, uses, and protects your information. We are committed to handling your data transparently and securely.
1. Information We Collect
Account data: phone number or email, hashed password, display name. Usage data: API calls, Credits consumption, request logs (kept for 90 days for billing and security auditing). Content: URLs you submit and the processed results (markdown, images, embeddings) stored in your project.
2. How We Use Your Information
To provide and operate the service. To process your requests and deliver results to your agents. To calculate usage and manage billing. To detect abuse and enforce our Terms of Service. To communicate service updates and security notices.
3. Data Storage
Account and billing data are stored in PostgreSQL. Processed content and embeddings are stored in our storage backends (object storage and vector database). Verification codes are stored in Redis with short TTL and deleted after use.
4. Data Security
Passwords are hashed using bcrypt. API keys are stored as HMAC-SHA256 hashes -- we never see the plaintext after creation. Internal service communication uses HMAC-SHA256 signing with timestamp-based anti-replay. All data is encrypted in transit via HTTPS.
5. Data Sharing
We do not sell your personal data. We use the following third-party services to operate the platform: Aliyun SMS (SMS verification codes), Tencent SES (email verification codes), Tencent COS (object storage). These providers process data only on our instructions and for the purposes described.
6. Content Processing Backends
Document processing uses third-party AI services (e.g., OCR and embedding models). When you submit a URL, the processed content may pass through these services. We do not share content across projects -- each project's data is isolated.
7. Your Rights
You can access and update your profile in account settings. You can delete individual resources from your projects. You can close your account at any time -- this permanently deletes all your data. You can request an export of your data by contacting us.
8. Data Retention
Account data is retained until you close your account. Usage logs are retained for 90 days. Processed content is retained until you delete it or close your account. Backups are retained for 30 days beyond deletion.
9. Cookies
We use cookies only for authentication (session management) and for remembering your language preference. We do not use tracking or advertising cookies.
10. Children's Privacy
CtxKit is not intended for users under 13 years of age. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us for prompt deletion.
11. Changes to This Policy
We may update this Privacy Policy. Material changes will be communicated via email or in-platform notification. Continued use after changes constitutes acceptance.
12. Contact
For privacy-related questions or requests, use the in-platform support channel or the contact options in your account settings.