GDPR Compliance

Last updated: January 17, 2026

Contexa is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR). This page explains how we handle your personal data and outlines your rights.

1. Legal Basis for Processing

Consent: You have given clear consent for us to process your personal data for specific purposes, such as marketing communications.

Contract: Processing is necessary to provide our search and recommendation services.

Legal Obligation: Processing is necessary to comply with legal obligations such as tax reporting.

Legitimate Interests: Processing is necessary for fraud prevention, security, and service improvement — provided these interests don't override your rights.

2. Your GDPR Rights

  • Right to Access — Request a copy of the personal data we hold about you. We respond within one month.
  • Right to Rectification — Request correction of inaccurate or incomplete personal data.
  • Right to Erasure — Request deletion of your personal data when it's no longer necessary.
  • Right to Restrict Processing — Request that we restrict processing in certain situations.
  • Right to Data Portability — Receive your data in a structured, machine-readable format.
  • Right to Object — Object to processing based on legitimate interests or direct marketing.
  • Right to Withdraw Consent — Withdraw consent at any time where processing is consent-based.
  • Right to Lodge a Complaint — File a complaint with your local data protection authority.

3. How to Exercise Your Rights

To exercise any of your GDPR rights:

  • Email us at gdpr@contexa.co or privacy@contexa.co
  • Update or delete your information in your account settings
  • Use the data export feature in your dashboard
  • Contact us through contexa.co/contact

We respond within one month. Complex cases may take up to three months — we'll inform you of any extension.

4. Personal Data We Collect

  • Identity Data: Name, username
  • Contact Data: Email address, billing address
  • Financial Data: Payment details (processed by third-party processors)
  • Transaction Data: Payment and service records
  • Technical Data: IP address, browser type, device information, cookies
  • Usage Data: Search queries, interaction data, service usage patterns
  • Marketing Data: Communication preferences

5. Data Retention

  • Account Data: Retained while active, up to 90 days after deletion
  • Transaction Data: 7 years (financial regulations)
  • Tracking Events: 90 days (automatic TTL cleanup)
  • Marketing Data: Until you unsubscribe or withdraw consent
  • Support Communications: 3 years

6. International Data Transfers

Your data may be transferred outside the EEA. We ensure compliance through Standard Contractual Clauses, adequacy decisions, and additional safeguards where necessary.

7. Data Security Measures

  • AES-256-GCM encryption at rest
  • HTTPS/TLS encryption in transit
  • bcrypt password hashing
  • Access controls and authentication (2FA available)
  • Security headers via Helmet.js (CSP, HSTS, X-Frame-Options)
  • Incident response and breach notification procedures

8. Data Breach Notification

In the event of a data breach posing risk to your rights, we notify you and the relevant supervisory authority within 72 hours, as required by GDPR.

9. Data Protection Officer

Email: dpo@contexa.co

Alternative: gdpr@contexa.co

Website: contexa.co/contact

10. Supervisory Authority

If you believe we haven't addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

11. Updates

We may update this page from time to time. Changes will be posted here with an updated revision date.