Security at Contexo

Last updated: May 3, 2026

We treat the security of your account, your documents, and your visitors' conversations as a first-class concern. This page describes the technical and organizational measures we use. It is a snapshot, not a contract; for binding commitments see your agreement with us.

1. Infrastructure

2. Encryption

3. Authentication and access

4. Tenant isolation and quota safety

5. Widget and visitor protections

6. Payments and webhooks

7. Application security

8. AI and data minimization

9. Operational security

10. Incident response

If a security incident occurs that affects your data, we will notify affected customers without undue delay and, where applicable, the relevant regulatory authority within the timeframe required by law (typically 72 hours under GDPR). Our notice will describe what happened, what data was affected, what we did, and what you should do.

11. Reporting a vulnerability

If you believe you have found a security vulnerability, email security@contexo.ai with reproduction steps. We commit to acknowledging good-faith reports within 5 business days. Please do not test in ways that could affect other customers' data.

12. Compliance

We support customer obligations under the GDPR, the UK GDPR, the CCPA/CPRA, and the DPDP Act through this Privacy Policy, our Subprocessors list, and a Data Processing Addendum available on request from legal@contexo.ai. Contexo does not currently hold formal certifications such as SOC 2 or ISO 27001; we will update this page when that changes.