Security at Contexo

We take the security of your data, your documents, and your users' chats incredibly seriously. Here is an overview of our security posture.

1. Infrastructure Security

Contexo is built on modern, secure cloud infrastructure. All data is stored in secure databases using Supabase with PostgreSQL. Row Level Security (RLS) is strictly enforced so that your data is mathematically isolated from other tenants.

2. Data Encryption

• In Transit: All data sent to or from Contexo is encrypted in transit using 256-bit encryption (TLS 1.2 or higher).
• At Rest: All databases, document embeddings, and file storage buckets are encrypted at rest using industry-standard AES-256 encryption algorithms.

3. Application Security

Our backend services use robust authentication mechanisms. API access is protected by rate limiting, CORS policies, and domain whitelisting to ensure that your embeddable widgets can only be loaded and used on authorized domains.

4. AI Model Privacy

When you upload documents, they are converted into embeddings for our RAG (Retrieval-Augmented Generation) pipeline. The underlying LLM providers do not use your private data to train their foundational models. Your corporate knowledge remains entirely your own.

5. Reporting Vulnerabilities

If you are a security researcher and believe you have found a security vulnerability in our platform, please report it immediately to security@contexo.ai.