Context
Sign inSign up

Privacy Policy

Last updated: 12 May 2026

1. Who we are

Contextis a construction document-control product operated by Daniel Rae, a sole trader based in New Zealand (the “we”, “us” or “our” in this policy). We provide a SaaS product at contextcontrol.app that helps small NZ and AU construction businesses distribute drawings, RFIs and other documents to their subcontractors and collect acknowledgments.

Our contact address is in section 12 below.

2. What we collect

Account information

When you create an account we collect your name, email address, and any company-level information you provide (company name, ABN or NZBN if you provide one, billing details).

If you sign in with Google or Microsoft we receive your name, email address, profile picture URL and (if you grant it) your verified-email flag. We do not request, store or use any other Google or Microsoft data.

Content you upload

Drawings, RFIs, submittals and other documents that you or your team members upload, including any metadata you attach (title, version, recipients).

Acknowledgments and audit log

Each time a recipient opens or acknowledges a document we record the event, including timestamp, IP address, and the actor. This information underpins the Acknowledgment Report that is the core artefact of the product.

Billing

Stripe, our payment processor, collects and stores your payment-method information. We receive only a customer reference and the status of your subscription — we never see your card details.

Usage and diagnostics

We use Sentry to capture runtime errors and PostHog to record anonymised product-analytics events (page views, feature usage). These services may store small amounts of personal data, typically an internal user id, for as long as is necessary to investigate issues or improve the product.

3. How we use it

  • To operate the product (sign-in, document storage, notifications)
  • To bill you for the subscription
  • To produce the Acknowledgment Report
  • To investigate and fix bugs
  • To improve the product
  • To send transactional emails (magic link, document published, acknowledgment overdue)
  • To send occasional product-update emails (you can opt out at any time)

We do not sell your data. We do not show advertising. We do not use your content to train AI models.

4. Who we share it with

We use the following third-party processors. Each has access only to the data necessary for their function.

  • Vercel — hosting and edge delivery
  • Neon — primary database
  • Cloudflare — object storage (R2) and DNS
  • Stripe — payments and subscription management
  • Resend — transactional email
  • Sentry — error tracking
  • PostHog — product analytics
  • Trigger.dev — background job orchestration
  • Google & Microsoft — only if you choose to sign in with those identities

We share data with these processors strictly to operate the product. We do not share data with any other third parties without your consent or unless required by law.

5. Where it’s stored

Some of our processors are based outside New Zealand and Australia, including in the United States and European Union. Data may be transferred to and stored in those countries. We rely on the third-party processors’ standard contractual protections and certifications.

6. How long we keep it

We keep account information for as long as your account is active. If you cancel your subscription we keep your data for 90 days in case you decide to come back, then we delete it (with some exceptions for backups, which expire on a 30-day rolling basis).

We keep the audit log indefinitely while your account is active because it underpins the Acknowledgment Report. If you delete your account we also delete the audit log unless we are required by law to retain it.

7. Cookies and similar technologies

We use a single first-party session cookie to keep you signed in. We do not use any third-party tracking cookies. PostHog uses a first-party cookie or local storage entry to deduplicate analytics events; you can disable it via your browser settings.

8. Your rights

Under the New Zealand Privacy Act 2020 and the Australian Privacy Act 1988 you have the right to:

  • Access the personal information we hold about you
  • Ask us to correct it
  • Ask us to delete it (subject to our retention obligations)
  • Complain to us, the NZ Office of the Privacy Commissioner, or the OAIC in Australia

To exercise any of these rights, email us at the address in section 12.

9. Children

The product is not intended for use by anyone under 18. We do not knowingly collect data from children.

10. Security

We encrypt data in transit and at rest. Access to production systems is limited to people who need it. We notify you within 72 hours if we discover a breach affecting your data.

11. Changes

We may update this policy. If we make a material change we will tell you before it takes effect, either by email or via a notice in the product.

12. Contact

For any privacy question, including requests under section 8, email privacy@contextcontrol.app.