Privacy Policy
Last Updated: February 23, 2026
TL;DR
- We collect only what we need — email, user ID, avatar, IP, session cookies, and the AI chat logs you upload.
- Your content is yours. You own everything you upload.
- We do not sell your data. Not now. Not ever.
- No ads, no profiling, no AI training on your content.
- No payment data. The service is in demo mode — we don't process payments.
- You can delete everything. Email us and we'll remove your account and data within 30 days.
- Third parties are limited to Hetzner (hosting), Cloudflare (CDN/security), and PostHog (analytics).
Table of Contents
- Who We Are
- What We Collect
- How We Use Your Data
- Third-Party Processors
- Cookies
- Data Security
- Your Rights
- Illinois Biometric Information Privacy Act (BIPA)
- User-Generated Content & Section 230
- Data Retention
- Law Enforcement & Legal Requests
- Children's Privacy
- Changes to This Policy
- Governing Law
- Contact
1. Who We Are
TL;DR — We're Cooontext LLC, a small company in Chicago that builds a platform for sharing AI conversations.
Cooontext LLC ("we", "us", "our") is a company registered in Chicago, Illinois, United States. We operate:
- Landing page — cooontext.com
- Webapp — app.cooontext.com
- CLI tool — a command-line interface for uploading transcripts
Together, these are the "Service." Cooontext lets you upload, store, and publicly share AI chat logs and transcripts. Our users are individual developers, teams, and organizations who want to archive and share their AI conversations.
2. What We Collect
TL;DR — We collect your account info and the AI chats you upload. We automatically collect basic technical data. We do NOT collect payment info, biometrics, or precise location.
Information You Provide
| Data | Why We Collect It |
|---|---|
| Email address | Account creation, communication, and support |
| User ID | Unique account identification |
| Profile avatar | Display on your public profile |
| AI chat logs / transcripts | Core service — storage and public sharing |
| Comments | Interaction with other users' content |
| Likes | Interaction with other users' content |
Information Collected Automatically
| Data | Why We Collect It |
|---|---|
| IP address | Security, abuse prevention, and general analytics |
| Session cookies | Authentication and keeping you logged in |
| Analytics data (via PostHog) | Understanding how users interact with the Service to improve it |
What We Do NOT Collect
- Payment data. The Service is in demo mode. There are no paid plans, no billing, and no payment processing. We do not collect credit card numbers, bank accounts, or any financial information.
- Biometric data. We do not perform facial recognition, fingerprint scanning, voiceprint analysis, or any other biometric extraction.
- Precise geolocation. We do not track your GPS coordinates or precise physical location.
- Data from third-party social accounts. We do not pull data from your social media profiles.
3. How We Use Your Data
TL;DR — We use your data to run the Service, keep it secure, and make it better. That's it. No ads, no selling, no AI training.
We use the data we collect to:
- Operate the Service — host your account, store your uploaded AI transcripts, display your content publicly as you direct, and provide core functionality.
- Keep things secure — detect abuse, prevent fraud, and protect the integrity of the platform.
- Improve the product — analyze usage patterns in aggregate and anonymized form to understand how the Service is used and where it can be improved.
We explicitly do NOT:
- Use your content to train AI models.
- Build advertising profiles about you.
- Sell, rent, or trade your personal data to any third party.
- Share your data with data brokers.
4. Third-Party Processors
TL;DR — Three companies help us run the Service: Hetzner hosts it, Cloudflare protects it, PostHog provides analytics. That's the full list.
| Provider | Role | Data They May Receive |
|---|---|---|
| Hetzner | Hosting & infrastructure | All stored data (encrypted at rest) |
| Cloudflare | Security, CDN, DDoS protection | IP addresses, request metadata |
| PostHog | Product analytics | Pseudonymized usage events, IP address, device/browser info |
No personally-identifying information is shared with any party beyond these three, unless we are compelled to do so by law (see Section 11).
Each processor is bound by their own privacy commitments and data processing agreements. We encourage you to review their privacy policies.
Where Your Data Is Stored
Our primary infrastructure is hosted on Hetzner in the European Union (Germany). Cloudflare operates a global CDN, which means request data (IP addresses, headers) may be transiently processed at edge nodes worldwide. PostHog analytics data is processed on PostHog's cloud infrastructure.
If you are located in the EU/EEA, your stored data resides within the EU. For any data that crosses borders (e.g., Cloudflare edge processing), our processors rely on Standard Contractual Clauses (SCCs) and, where applicable, the EU-U.S. Data Privacy Framework as transfer mechanisms under GDPR Art. 44–49.
5. Cookies
TL;DR — We use session cookies to keep you logged in. No advertising cookies. PostHog may set an analytics cookie you can block.
Session cookies. We use session cookies solely for authentication — to keep you logged in as you navigate the Service. These cookies are essential for the Service to function.
Analytics cookies. PostHog may set a cookie to distinguish unique visitors and track pseudonymized usage patterns. Where required by applicable law (including the EU ePrivacy Directive and certain U.S. state laws), we will obtain your consent before placing non-essential analytics cookies. You may also block analytics cookies using standard privacy browser extensions (such as uBlock Origin or Privacy Badger) without affecting core functionality.
We do not use:
- Advertising or tracking cookies
- Third-party marketing cookies
- Cross-site tracking pixels
6. Data Security
TL;DR — We take reasonable measures to protect your data, limit production access, and will notify you if a breach occurs.
We take reasonable and appropriate measures to protect your data:
- Hosting. Our infrastructure is hosted on Hetzner, which maintains industry-standard physical and network security controls.
- Access controls. Production systems have restricted access, limited to authorized personnel only.
- Breach notification. In the event of a data breach that affects your personal information, we will notify affected users and relevant authorities as required by applicable law, without unreasonable delay.
No system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
7. Your Rights
TL;DR — No matter where you live, you can access, export, correct, or delete your data. Email us and we'll handle it within 30 days.
Universal Rights
Regardless of your jurisdiction, you have the following rights:
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you. |
| Portability | Request your data in a structured, machine-readable format. |
| Correction | Request that we correct inaccurate or incomplete personal data. |
| Deletion | Request complete removal of your account and personal data. |
To exercise any of these rights, email support@cooontext.com. Deletion requests are processed manually and completed within 30 days.
GDPR (EU/EEA)
If you are located in the European Union or European Economic Area, you also have the right to:
- Object to or restrict the processing of your personal data.
- Withdraw consent at any time where processing is based on consent.
- Lodge a complaint with your local Data Protection Authority.
Our legal bases for processing under GDPR Art. 6(1) are:
| Processing Activity | Legal Basis |
|---|---|
| Account data (email, user ID, avatar) | Contractual necessity — Art. 6(1)(b) — required to provide the Service |
| AI chat log storage and display | Contractual necessity — Art. 6(1)(b) — core service functionality |
| Security measures (IP logging, abuse detection) | Legitimate interest — Art. 6(1)(f) — protecting the Service and users |
| Analytics (PostHog) | Legitimate interest — Art. 6(1)(f) — improving the Service |
| Analytics cookies | Consent — Art. 6(1)(a) — non-essential cookies per ePrivacy Directive |
CCPA (California)
If you are a California resident, you have the right to:
- Know what personal information we collect, use, and disclose.
- Delete your personal information.
- Non-discrimination — we will not discriminate against you for exercising your rights.
We do not sell personal information as defined by the CCPA. We do not share personal information for cross-context behavioral advertising.
PIPEDA (Canada)
If you are a Canadian resident, you have the right to:
- Access your personal information held by us.
- Challenge the accuracy of your personal information and have it amended.
- Withdraw consent for the collection, use, or disclosure of your personal information, subject to legal or contractual restrictions.
8. Illinois Biometric Information Privacy Act (BIPA)
TL;DR — We're based in Chicago, so we take Illinois' BIPA seriously. We do not collect, store, or process any biometric data.
As an Illinois-based company, we are fully committed to compliance with the Illinois Biometric Information Privacy Act (740 ILCS 14):
- No scanning. We do not perform facial recognition, retinal scans, fingerprint collection, voiceprint analysis, or any other form of biometric extraction.
- Just storage. Profile avatars are standard image files (JPEG, PNG, etc.) — we do not analyze them for biometric identifiers.
- Consent first. If we ever introduce features that involve biometric data in the future, we will obtain explicit, informed, written consent before collecting any such data.
9. User-Generated Content & Section 230
TL;DR — You upload it, you own it, you're responsible for it. We're a platform, not a publisher.
Cooontext is a platform provider. We do not author, edit, or endorse user-uploaded AI content. Under Section 230 of the Communications Decency Act (47 U.S.C. § 230), Cooontext is not liable for content created or uploaded by users of the Service.
We reserve the right to review and remove content that violates our Terms of Service, but doing so does not make us the publisher or speaker of that content.
10. Data Retention
TL;DR — We keep your data as long as your account is active. After deletion, everything is purged within 30 days unless the law says otherwise.
- Active accounts. We retain your data for as long as your account is active or as needed to provide the Service.
- After account deletion. Upon account deletion, all personal data and uploaded content is purged from our systems within 30 days.
- Legal obligations. We may retain certain data beyond 30 days only where required by law, regulation, or valid legal process (e.g., tax records, fraud prevention, or active legal proceedings).
11. Law Enforcement & Legal Requests
TL;DR — We only hand over data when legally required. We'll try to let you know before we do.
We will disclose personal data only when required by:
- A valid subpoena
- A court order
- A governmental request issued under Illinois or U.S. federal law
We will attempt to notify affected users before disclosing their data, unless we are legally prohibited from doing so (e.g., by a gag order or national security letter).
12. Children's Privacy
TL;DR — The Service is not for anyone under 13 (or under 16 in the EU/EEA). If we discover a child's data, we delete it immediately.
The Service is not directed at anyone under the age of 13. If you are located in the European Union or European Economic Area, the minimum age is 16. We do not knowingly collect personal data from anyone below these age thresholds.
If we discover that we have inadvertently collected personal data from someone below the applicable minimum age, we will delete that data immediately. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@cooontext.com.
13. Changes to This Policy
TL;DR — If we update this policy, we'll post the changes here with a new date. Continued use means you accept the updates.
We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page.
If we make material changes, we will notify you through the webapp or by other reasonable means. Your continued use of the Service after any changes take effect constitutes your acceptance of the updated Privacy Policy.
14. Governing Law
This Privacy Policy and any disputes arising from it are governed by and construed in accordance with the laws of the State of Illinois, United States, without regard to its conflict of law principles.
15. Contact
All questions, concerns, and data requests should be directed to:
Cooontext LLC Chicago, IL, USA
Email: support@cooontext.com