Contextia AI Admin

1. Introduction

Contextia AI ("Contextia AI," "we," "us," or "our") operates the Contextia AI mobile application (the "App") and the web-based administration portal at contextiaai.com (together, the "Service"). This Privacy Policy describes how we collect, use, share, and protect your personal information when you use the Service.

By creating an account or using the Service, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

Account Information: Name, email address, and password when you register. If you sign in with Apple or Google, we receive your name and email address (and, for Apple, a relay email address if you choose to hide your email).
Profile Information: Phone number and communication preferences you optionally provide.
Chat Messages: Text messages you send to the AI assistant, including follow-up questions and troubleshooting details.
Photos and Images: Images you capture via camera or select from your photo library during chat sessions. These are uploaded to our secure storage and may be analyzed by AI models to assist with your request.
Voice Recordings: When you use the voice input feature, audio is recorded on your device and transmitted to our servers for transcription. See Section 4 for details on voice data handling.
Escalation Requests: When you request human support, the AI generates a summary of your conversation that is shared with your integration company.

2.2 Information Collected Automatically

Device Information: Device model, operating system version, unique device identifiers, and app version.
Usage Data: Features accessed, interaction timestamps, AI response latency, model used, and token counts.
Log Data: IP addresses, browser type (admin portal), error logs, and crash reports.
Authentication Events: Login timestamps, authentication method used, and multi-factor authentication status for admin accounts.

2.3 Information from Your Integration Company

Your smart home integration company provides us with information about your residence, including: room layouts, installed device inventory (brands, models, locations), network configuration details, floor plans, system manuals, service history notes, and general notes about your home setup. This information is used to personalize the AI assistant's knowledge of your specific home.

3. How We Use Your Information

We use the information we collect for the following purposes:

Provide the Service: Deliver personalized AI-powered smart home support based on your specific home configuration and devices.
Process AI Responses: Send your messages and relevant home context to AI language models to generate helpful troubleshooting responses.
Transcribe Voice Input: Convert voice recordings to text using speech-to-text AI models so you can interact with the assistant hands-free.
Analyze Photos: Process uploaded images through AI vision models to identify devices, read error indicators, or understand the physical context of your issue.
Generate Escalation Reports: Create detailed summaries of troubleshooting sessions when you request human technician support.
Send Notifications: Deliver escalation confirmation emails and service updates via your integration company.
Improve the Service: Analyze usage patterns, response quality, and error rates to improve AI accuracy and platform reliability.
Ensure Security: Monitor for unauthorized access, enforce rate limits, and maintain audit logs for admin accounts.

4. Voice Data Collection and Processing

When you tap the microphone button in the App, the App requests permission to access your device's microphone and records audio until you tap the button again to stop. Voice recording is entirely optional — you can always type messages instead.

Recording: Audio is recorded locally on your device in M4A format.
Transmission: The recording is sent to our server over an encrypted HTTPS connection.
Transcription: Our server forwards the audio to OpenAI's Whisper speech-to-text API for transcription. The resulting text is returned to the App and placed in your message input field for review before sending.
Storage: Audio recordings are not permanently stored on our servers. They are held in memory only for the duration of the transcription request and are discarded immediately after processing.
Voice Calls: If your integration company has enabled voice calling, you may have real-time voice conversations with the AI assistant. Voice audio is streamed to our transcription service, and AI responses are converted to speech using ElevenLabs text-to-speech. Audio streams are processed in real-time and are not stored.

You can revoke microphone permission at any time through your device's Settings app. Revoking microphone access will disable voice input but will not affect text-based chat functionality.

5. Photos and Images

The App may request access to your device's camera and photo library to allow you to share images during chat sessions. Photo sharing is entirely optional.

Upload: Selected photos are uploaded to our secure cloud storage (Supabase Storage) over an encrypted HTTPS connection.
AI Processing: Uploaded images are sent to AI vision models (via OpenRouter) to analyze their content — for example, identifying a device model, reading an error light pattern, or understanding the physical layout of your room.
Storage: Photos are stored securely and associated with your conversation. They are accessible only to you and authorized personnel at your integration company.
Retention: Photos are retained for as long as your conversation history is maintained (see Section 10).

You can revoke camera and photo library permissions at any time through your device's Settings app.

6. Device Permissions

The App may request the following device permissions. All permissions are optional and can be managed through your device settings:

Microphone: Required for voice input (dictation) and voice calling features. Audio is used only for transcription and real-time conversation — it is not stored permanently.
Camera: Required to take photos during chat sessions for visual troubleshooting. Photos are uploaded to your conversation and may be processed by AI vision models.
Photo Library: Required to select existing photos from your device to share in chat sessions.
Push Notifications: Used to notify you of escalation updates and important service messages from your integration company. You can disable notifications at any time.

Denying any permission will disable the associated feature but will not prevent you from using the core text-based chat functionality of the App.

7. Third-Party Service Providers

We use the following third-party service providers to operate the Service. Each provider processes your data in accordance with their own privacy policies:

OpenRouter — AI model routing and inference. Your chat messages, home context, and uploaded images are sent to OpenRouter, which routes requests to underlying AI models (currently OpenAI GPT-5.4 Mini and Google Gemini 2.5 Flash). Privacy Policy
OpenAI — Provides the primary AI language model (GPT-5.4 Mini) for generating chat responses and the Whisper API for voice transcription. Privacy Policy
Google (Gemini) — Provides the fallback AI language model (Gemini 2.5 Flash) used when the primary model is unavailable. Privacy Policy
ElevenLabs — Provides text-to-speech voice synthesis for the voice calling feature. AI-generated text responses are sent to ElevenLabs to produce spoken audio. Privacy Policy
Supabase — Provides database hosting, user authentication, and file storage. All user data, conversations, home profiles, and uploaded files are stored in Supabase's infrastructure. Privacy Policy
Resend — Provides email delivery for escalation notifications and service communications. Privacy Policy
Vercel — Hosts the admin web portal and API endpoints. Vercel processes HTTP requests including IP addresses and request metadata. Privacy Policy
Apple (Sign in with Apple) — If you choose to sign in with Apple, Apple provides us with your name and email address (or a private relay email address if you choose to hide your email). We do not receive your Apple ID password. Apple's handling of your data is governed by Apple's Privacy Policy.
Google (Sign in with Google) — If you choose to sign in with Google, Google provides us with your name, email address, and profile photo. Google's handling of your data is governed by Google's Privacy Policy.

8. Information Sharing and Disclosure

We share your personal information only in the following circumstances:

With Your Integration Company: Your conversations, escalation reports, home profile data, and uploaded photos are accessible to authorized personnel at the integration company that manages your smart home system. Your integration company is identified when your account is created and cannot be changed without contacting us.
With AI Processors: Conversation content, home context data, and uploaded images are sent to third-party AI providers (see Section 7) for generating responses. These providers process data under their respective privacy policies and data processing agreements.
For Legal Compliance: We may disclose your information if required by law, subpoena, court order, or governmental regulation, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
Business Transfers: If Contextia AI is involved in a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

We do not sell your personal information to third parties.

9. Automated Decision-Making and AI Processing

The Service uses artificial intelligence to process your messages and generate responses. The following automated processes are used:

Intent Classification: Your messages are automatically classified by intent (e.g., greeting, troubleshooting, general question) to route them to the appropriate response logic. This classification is performed locally using keyword matching — your messages are not sent to an external service for classification.
AI Response Generation: Your messages, along with relevant home and device context, are sent to large language models (LLMs) to generate troubleshooting guidance and answers. AI responses are generated in real-time and are not pre-written.
Escalation Summary: When you request escalation to a human technician, the AI automatically generates a summary report of the conversation, including the issue description, troubleshooting steps attempted, and an assessment. This summary is included in the notification sent to your integration company.
Sentiment Analysis: During escalation, the AI may analyze conversation tone to assign a priority level (e.g., frustrated, urgent). This is used to help your integration company prioritize service requests. No automated action is taken solely based on sentiment — a human technician reviews all escalations.

No fully automated decisions with legal or similarly significant effects are made about you. Escalation to human support is always initiated by you, not automatically by the AI.

10. Data Retention

We retain your data for the following periods:

Account Information: Retained for as long as your account is active. Deleted within 30 days of account deletion request.
Conversation History: Retained for 24 months from the date of the conversation to provide continuity in support. Older conversations may be archived or deleted.
Uploaded Photos: Retained for 24 months alongside the associated conversation. Deleted when the conversation is deleted.
Voice Recordings: Not retained. Audio is processed in real-time for transcription and discarded immediately. Only the resulting text transcript is stored as part of your conversation.
Home and Device Data: Retained for as long as the associated residence is active in your integration company's system. Updated or removed by your integration company as needed.
Escalation Reports: Retained for 36 months to maintain service history records for your integration company.
Admin Audit Logs: Retained for 12 months for security and compliance purposes.
Usage Analytics: Aggregated and anonymized usage data may be retained indefinitely for service improvement. Individual usage records are deleted after 12 months.

You may request early deletion of your data by contacting us at hello@contextiaai.com. Certain data may be retained longer if required by law or to resolve disputes.

11. Data Storage and Security

Your data is stored and protected using the following measures:

Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS/HTTPS.
Encryption at Rest: Database contents are encrypted at rest using AES-256 encryption provided by our infrastructure provider (Supabase/AWS).
Row-Level Security: PostgreSQL row-level security policies ensure strict data isolation between companies. Users can only access data belonging to their own company and residence.
Authentication: Secure authentication via email/password, Sign in with Apple, or Sign in with Google. Admin accounts support TOTP-based two-factor authentication (2FA).
Access Controls: Role-based access controls limit data access to authorized personnel. Admin actions are logged in an audit trail.
Signed URLs: Document downloads use time-limited signed URLs that expire after one hour, preventing unauthorized access to stored files.

While we implement industry-standard security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

12. Data Breach Notification

In the event of a data breach that compromises your personal information, we will:

Notify affected users via email within 72 hours of discovering the breach.
Notify your integration company so they can take appropriate action.
Report the breach to relevant regulatory authorities as required by applicable law (including state attorneys general and, where applicable, EU supervisory authorities).
Provide a description of the breach, the types of data affected, steps we are taking to address it, and recommendations for protecting yourself.

13. Cookies and Tracking Technologies

Mobile App: The Contextia AI mobile app does not use cookies or third-party tracking SDKs. We do not use advertising identifiers (IDFA/GAID) or share data with advertising networks.

Admin Web Portal: The admin portal at contextiaai.com uses the following cookies:

Authentication Cookies: Essential cookies set by Supabase Auth to maintain your login session. These are strictly necessary for the portal to function and cannot be disabled.
No Analytics or Advertising Cookies: We do not use Google Analytics, Facebook Pixel, or any third-party analytics or advertising cookies on the admin portal.

14. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

Access: Request a copy of the personal information we hold about you.
Correction: Request correction of inaccurate or incomplete information.
Deletion: Request deletion of your account and associated personal data.
Portability: Request a copy of your data in a structured, machine-readable format.
Restriction: Request that we restrict processing of your data in certain circumstances.
Objection: Object to processing of your data for certain purposes.
Withdraw Consent: Where processing is based on consent, withdraw your consent at any time.

To exercise any of these rights, contact us at hello@contextiaai.com. We will respond to your request within 30 days (or 45 days for California residents if an extension is needed). We may ask you to verify your identity before processing your request.

15. California Residents — Your Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share it.
Right to Delete: You may request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, ongoing service).
Right to Correct: You may request correction of inaccurate personal information.
Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information:

Identifiers: Name, email address, phone number, IP address, device identifiers.
Internet/Electronic Activity: Chat messages, interaction history, usage data, device information.
Audio Information: Voice recordings (processed for transcription, not stored).
Visual Information: Photos uploaded during chat sessions.
Inferences: AI-generated intent classifications, troubleshooting assessments, and escalation priority levels.

To submit a CCPA request, email us at legal@contextiaai.com. You may also designate an authorized agent to submit requests on your behalf. We will verify your identity before processing any request.

16. International Users — European Economic Area, UK, and Switzerland (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, the following additional terms apply:

Legal Bases for Processing

We process your personal data on the following legal bases:

Contract Performance: Processing necessary to provide you with the Service (account management, AI responses, escalation).
Legitimate Interests: Processing necessary for our legitimate interests (security monitoring, service improvement, fraud prevention), balanced against your rights.
Consent: Processing based on your explicit consent (voice recording, photo uploads, optional push notifications). You may withdraw consent at any time.
Legal Obligation: Processing necessary to comply with applicable laws.

International Data Transfers

Your data is processed and stored in the United States. By using the Service, you acknowledge that your data will be transferred to and processed in the United States, which may have different data protection laws than your country of residence. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for such transfers where required.

Your Additional Rights

In addition to the rights listed in Section 14, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your data protection rights.

Data Protection Officer

For GDPR-related inquiries, contact us at legal@contextiaai.com.

17. Children's Privacy

The Service is not intended for use by children. We define "children" as individuals under the age of 13 in the United States and under the age of 16 in the European Economic Area. We do not knowingly collect personal information from children.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at hello@contextiaai.com. If we discover that we have collected personal information from a child without verified parental consent, we will take steps to delete that information promptly.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

We will update the "Last updated" date at the top of this page.
For material changes that affect how we handle your data, we will notify you via email or through an in-app notification at least 30 days before the changes take effect.
Your continued use of the Service after the effective date of the revised policy constitutes your acceptance of the changes.

19. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: hello@contextiaai.com
Legal/Privacy: legal@contextiaai.com
Company: Contextia AI
Website: contextiaai.com

We aim to respond to all inquiries within 30 days.