← Back to Context

Privacy Policy

Last updated: March 2026

Who we are

Context (contextfor.me) is a campaign management tool for music and culture marketers, built and operated by Caitlin Reilly trading as In Cahoots (ABN, sole trader), based in Melbourne, Australia. Context includes campaign planning tools, platform integrations, an AI assistant, and free standalone tools.

What data we collect

When you create an account, we collect:

• Account info — your name and email address (provided during sign-up via email, magic link, or Google OAuth)
• Billing info — your subscription plan and Stripe customer ID (Stripe handles all card details — we never see your card number)
• Campaign data — project names, budgets, briefs, dates, notes, and anything else you enter into the tool
• Integration tokens — OAuth tokens for connected services (Spotify, Meta, Google, Eventbrite, Harvest), stored encrypted in Supabase so we can pull your data on your behalf. You can disconnect any integration at any time.

If you use our free tools (Naming generator, UTM/link builder, Calendar export, Timezone converter, Link shortener) without an account, we don't collect any personal data. These tools work locally in your browser.

How we use your data

Your data is used to:

• Provide and operate the service — authenticate you, sync your campaigns, display your dashboards
• Process payments via Stripe
• Pull data from connected integrations on your behalf
• Improve the product (we look at aggregate usage patterns, not individual campaign data)
• Send transactional emails about your account via Resend (welcome emails, trial reminders, weekly digests) — you can unsubscribe from non-essential emails at any time
• Power the AI assistant (Ask Context) — see "AI data processing" below for details

We do not sell your data. We do not share it with advertisers. We do not use it for profiling or retargeting.

Data storage

Your data is stored in a Supabase PostgreSQL database hosted in the ap-southeast-2 (Sydney, Australia) region. All data is transmitted over HTTPS. Authentication is handled by Supabase with industry-standard security practices.

AI data processing

Context includes an AI assistant ("Ask Context") powered by Claude (Anthropic) with OpenAI embeddings. Here's how your data is handled:

• Your queries are processed via Supabase Edge Functions and sent to Anthropic (Claude) and OpenAI (embeddings) APIs to generate responses
• Your campaign data is not used to train AI models
• The AI knowledge base contains pre-loaded general music marketing resources — not user-generated content or your campaign data
• AI responses are generated on-demand and not stored permanently
• Queries are not sent to third parties beyond the API calls to Anthropic and OpenAI, which process them under their standard API data retention policies
• You can opt out of AI features entirely by not using the ★ button

Integrations and Google data

When you connect third-party integrations, Context accesses your data via read-only access. We do not modify your data on connected platforms. This applies to all Google integrations (YouTube Analytics, Google Analytics, Google Ads, Google Drive, Google Sheets), Spotify for Artists, Meta Ads, Eventbrite, and Harvest.

OAuth tokens are stored encrypted in Supabase. You can disconnect any integration at any time from your account settings, which revokes our access.

Ticketing data from Moshtix, Oztix, and Humanitix is imported manually by you via CSV or PDF — we don't maintain live connections to these services.

Activity logging

Context logs certain activity (such as recent actions and a changelog) locally in your browser via localStorage. This data is not sent to our servers — it stays on your device.

Third-party services

Context uses a small number of third-party services:

• Supabase — authentication and database (hosted in Sydney). Supabase Privacy Policy
• Stripe — payment processing. Handles all billing and card details. Stripe Privacy Policy
• Google — OAuth sign-in, plus integrations (Ads, Sheets, Calendar, Drive, YouTube Analytics). We only access data you explicitly authorise. Google Privacy Policy
• Spotify — integration to pull listener and artist data. Spotify Privacy Policy
• Meta — integration to pull ad campaign data. Meta Privacy Policy
• Eventbrite — integration to pull ticket and event data. Eventbrite Privacy Policy
• Harvest — integration to pull time tracking data. Harvest Privacy Policy
• Anthropic (Claude) — powers the AI assistant. Queries are sent via API for response generation. Anthropic Privacy Policy
• OpenAI — provides embeddings for the AI knowledge base. OpenAI Privacy Policy
• Resend — sends transactional emails (welcome, trial reminders, weekly digests). Resend Privacy Policy
• Google Fonts — loads Space Grotesk and DM Mono typefaces. This may log your IP address on Google's servers.

Cookies and local storage

Context uses minimal cookies. We don't use marketing cookies, analytics cookies, or tracking pixels.

• Session cookies — set by Supabase to maintain your login session. Essential for the service to work.
• localStorage — used to save preferences, cache data, and store activity logs in your browser. This data stays on your device and is not sent to our servers.

That's it. No Google Analytics, no Meta Pixel, no third-party tracking.

Data retention

Your data is kept for as long as your account is active. If you cancel your subscription, your data stays intact — we don't delete it just because you stopped paying. If you want your data deleted, just ask and we'll take care of it.

Your rights

You have the right to:

• Access the personal data we hold about you
• Correct any inaccurate information
• Delete your data — we'll remove your account and all associated data on request
• Export your data in a portable format
• Withdraw consent for data processing at any time

To exercise any of these rights, email hello@contextfor.me. We'll respond within a reasonable timeframe.

Australian Privacy Principles

We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). We collect only what we need, use it for stated purposes, store it securely, and give you access to it on request.

International users

If you're using Context from outside Australia (including from the EU/EEA), here's what you should know:

• Your data is stored in Australia (Sydney region)
• We don't sell your data to anyone
• You can request access to, correction of, or deletion of your data at any time
• We don't do behavioural profiling or automated decision-making

While we're an Australian business and not formally subject to the GDPR, we respect the principles behind it and handle your data accordingly.

Data security

All data is transmitted over HTTPS. Authentication is handled by Supabase with industry-standard security. Payment data is handled entirely by Stripe and never touches our servers. OAuth tokens for integrations are stored securely in our database with row-level security enabled.

Changes to this policy

We may update this policy from time to time. If we make material changes, we'll let you know via email or an in-app notification. The "last updated" date at the top reflects the most recent revision.

Contact

Questions about your data or this policy? Get in touch:

Caitlin Reilly — In Cahoots
hello@contextfor.me
contextfor.me