Back to Home

Privacy Policy

Last updated: March 2026

Welcome to Context Magnet ("Service", "we", "us", "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using Context Magnet, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

We may collect the following types of information:

  • Account Information – name, email address, billing details
  • Website Content – content from websites you connect to the Service
  • Uploaded Documents – files such as PDF, DOCX, TXT
  • Conversations – interactions between your AI assistant and end users
  • Usage Data – logs, analytics, and performance metrics
  • Lead Data – information submitted by users via chat widget (e.g., name, email, message)

2. How We Use Information

We use collected information to:

  • Provide, operate, and maintain the Service
  • Process and complete transactions
  • Improve and optimize performance
  • Communicate with you (including support and updates)
  • Ensure security and prevent abuse
  • Comply with legal obligations

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your data based on:

  • Contractual necessity – to provide the Service
  • Legitimate interests – to improve and secure the Service
  • Legal obligations – compliance with applicable laws
  • Consent – where required (e.g., cookies, marketing)

4. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy.

4.1 Retention Periods

| Data Type | Retention Period | | ------------------ | ------------------------------------------------------------ | | Account data | Duration of account + 30 days after deletion | | Billing data | As required by applicable tax laws | | Uploaded documents | Until deleted by user or account deletion | | Website content | Until removed or re-crawled | | Conversations | Up to 12 months from creation, unless deleted earlier by you | | Usage logs | Up to 12 months | | Lead data | Until deleted by you or account deletion |

After the retention period, data may be deleted or anonymized.

5. Data Sharing and Disclosure

We may share your data with:

  • Paddle (Merchant of Record) – for payment processing
  • Service providers – hosting, analytics, infrastructure
  • Legal authorities – when required by law

We do not sell your personal data.

6. Agencies and Third-Party Use

If you use the Service on behalf of a third party (such as your client), you acknowledge and agree that:

  • You act as an independent data controller (or processor, as applicable) for any personal data collected through your use of the Service
  • You are solely responsible for ensuring that you have a valid legal basis to collect and process such data
  • You must provide all required notices (including privacy disclosures) to end users on the relevant website
  • You must obtain any necessary consents required under applicable data protection laws

We do not control and are not responsible for how you collect or use data on third-party websites where the Service is deployed.

6.1 Access by Your Authorized Team Members

To facilitate team collaboration and agency-client relationships, our Service allows Account Owners to invite "Team Members" to their workspace.

  • End-User Data Visibility: If you (the Account Owner) invite a Team Member and grant them access to a specific domain, that Team Member will be able to view the Chat Transcripts and Lead Information collected by the AI widget on that domain.
  • Your Responsibility: We process and display this data strictly according to the role-based access controls you configure. You are responsible for ensuring that anyone you invite to your workspace is authorized to view this data and complies with your own organization's privacy and data protection standards.
  • Data Security: All access by Team Members is logged and secured via encrypted authentication. We do not share account credentials between users; each invited member must maintain their own secure login.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit
  • Access controls
  • Secure infrastructure

However, no method of transmission over the internet is 100% secure.

8. Your Rights (GDPR)

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion ("right to be forgotten")
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time

To exercise your rights, contact us at: support@contextmagnet.com

9. International Data Transfers

Your data may be processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place, such as standard contractual clauses where required.

10. Cookies and Tracking

We may use cookies and similar technologies to:

  • Maintain sessions
  • Analyze usage
  • Improve user experience

You can control cookies through your browser settings.

11. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for their privacy practices.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Continued use of the Service after changes constitutes acceptance.

13. Contact Information

MM39 s.r.o. Konventna 9, 811 03 Bratislava, Slovak Republic Company ID: 48186872 | VAT ID: SK2120087288 Email: info@contextmagnet.com

By using Context Magnet, you acknowledge that you have read and understood this Privacy Policy.

Data Processing Agreement (DPA)

Last updated: March 2026

This Data Processing Agreement ("DPA") forms part of the Terms of Service between you ("Customer", "Controller") and Context Magnet ("Processor", "we", "us", "our") and governs the processing of Personal Data in connection with the Service.

1. Roles of the Parties

  • The Customer acts as a Data Controller (or Processor on behalf of a third party).
  • Context Magnet acts as a Data Processor, processing Personal Data on behalf of the Customer.

Where the Customer uses the Service on behalf of a third party (e.g., a client), the Customer represents and warrants that it is authorized to act on behalf of such third party.

2. Subject Matter and Duration

  • Subject matter: Processing of Personal Data in connection with the provision of the Service
  • Duration: For as long as the Customer uses the Service, plus any applicable retention period as defined in the Privacy Policy

3. Nature and Purpose of Processing

We process Personal Data solely to:

  • Provide and operate the Service
  • Process and store website content and documents
  • Enable AI-generated responses
  • Facilitate chat interactions and lead capture
  • Provide analytics and performance insights
  • Ensure security and prevent abuse

We do not process Personal Data for our own independent purposes.

4. Types of Personal Data

Depending on usage, Personal Data may include:

  • Names, email addresses, and contact details
  • Website content containing personal data
  • Uploaded documents
  • Chat conversations and messages
  • Lead submission data
  • Technical and usage data (IP address, logs, device information)

5. Categories of Data Subjects

  • Customer’s users and employees
  • Website visitors interacting with the chat widget
  • Leads and end users submitting information
  • Any individuals whose data is included in uploaded or crawled content

6. Customer Obligations

The Customer agrees to:

  • Comply with all applicable data protection laws (including GDPR)
  • Ensure a valid legal basis for processing Personal Data
  • Provide appropriate privacy notices to end users
  • Obtain any required consents
  • Not instruct the Processor to process Personal Data in violation of applicable law

7. Processor Obligations

Context Magnet agrees to:

  • Process Personal Data only on documented instructions from the Customer
  • Ensure personnel are bound by confidentiality obligations
  • Implement appropriate technical and organizational security measures
  • Assist the Customer in fulfilling data subject rights requests
  • Assist with compliance obligations (e.g., breach notifications, DPIAs)
  • Delete or return Personal Data upon termination, unless legally required to retain it

8. Sub-processors

We may engage third-party sub-processors (e.g., hosting, infrastructure providers) to provide the Service.

  • We ensure such sub-processors are bound by data protection obligations
  • A current list of sub-processors will be made available upon request
  • We remain responsible for their performance

8.1. Access Control and Authorized Users

A) Role-Based Access (RBAC): The Service provides the Controller (Account Owner) with the ability to invite additional users ("Team Members" or "Clients") and grant them restricted access to view Personal Data (e.g., chat transcripts and leads) associated with specific domains.

B) Controller Responsibility: The Controller is solely responsible for managing the access rights, invitations, and permissions of these Authorized Users. The Processor shall not be liable for any unauthorized disclosure, alteration, or deletion of Personal Data resulting from the Controller's mismanagement of access credentials or role assignments.

C) Confidentiality of Team Members: The Controller warrants that any Team Member or third party they invite to access the Dashboard has committed themselves to confidentiality and is legally authorized by the Controller to process the End-User Data under the terms of this DPA and the GDPR.

9. International Data Transfers

Where Personal Data is transferred outside the EEA, we ensure appropriate safeguards, such as:

  • Standard Contractual Clauses (SCCs)
  • Other legally recognized transfer mechanisms

10. Security Measures

We implement appropriate security measures, including:

  • Encryption in transit
  • Access controls and authentication
  • Infrastructure security and monitoring

11. Data Breach Notification

We will notify the Customer without undue delay after becoming aware of a Personal Data breach affecting Customer data and provide reasonable assistance in addressing it.

12. Data Subject Rights

We will assist the Customer, where reasonably possible, in responding to requests from data subjects, including:

  • Access
  • Rectification
  • Erasure
  • Restriction
  • Portability

13. Data Deletion

Upon termination of the Service:

  • Personal Data will be deleted in accordance with our Privacy Policy
  • Data may be retained where required by law

14. Audits

Upon reasonable request, we will provide information necessary to demonstrate compliance with this DPA. Formal audits may be permitted where required by law and subject to reasonable notice and confidentiality obligations.

15. Liability

Liability under this DPA is subject to the limitations set forth in the Terms of Service.

16. Governing Law

This DPA is governed by the same law as the Terms of Service.

By using Context Magnet, you acknowledge that you have read and understood this Data Processing Agreement (DPA).