Trust Center
Your knowledge stays protected, portable, and in your control
ContextCache is built for teams and operators who care about durable memory and clear data practices. This page gives a plain-language view of where data is processed, your privacy rights, and the service providers we use.
Data region transparency
We primarily process data in the United States. Some processing can occur in other regions when needed to deliver the service.
Right to be forgotten
Request deletion through privacy@contextcache.ai. Retention and deletion timelines are maintained in Privacy Policy to keep one source of truth.
Security posture
We use layered controls such as encrypted transport, access controls, and vendor due diligence—including preference for providers with SOC 2 Type II and similar attestations where they apply to the service they provide.
Service provider accountability
We disclose categories of subprocessors and the purpose each category serves, then update the list as vendors change.
Our security roadmap
Today we lean on enterprise-grade vendors that publish SOC 2 Type II, ISO, and other independent security programs where relevant to their role (authentication, database, payments, and more). ContextCache is working toward its own SOC 2 Type II program and broader alignment with common customer security questionnaires and frameworks as the product matures—we will update this page when we have material milestones to share.
Vendor certifications are described and updated by each provider; we review them during onboarding and renewal, but we do not replace their auditors.
Privacy rights and deletion requests
To request access, correction, export, or deletion of personal information, email privacy@contextcache.ai. We may ask for verification details to protect account security.
Retention and deletion commitments live in Privacy Policy — Retention and deletion.
Service providers
List last updated: April 14, 2026
We use third-party providers to run key parts of ContextCache. The list below may change as we add or replace vendors while keeping the same purpose for each category. Where we call out SOC 2 or similar programs, refer to each vendor's trust or legal pages for the latest reports and scope.
Clerk (authentication): compliance and legal resources are published at clerk.com/legal (including their public statements on SOC 2 Type II and HIPAA).
| Category | Representative provider | Purpose |
|---|---|---|
| Authentication | Clerk (or successor) | User sign-in, session, and account security. Clerk publicly describes SOC 2 Type II and HIPAA program coverage (details on their site). |
| Cloud infrastructure & hosting | Various (e.g. edge and application hosting providers) | Running the application and related APIs |
| Database | Managed database provider(s) | Storing application and user content. We use vendors that maintain independent SOC 2 Type II (or equivalent) security attestations for their managed database services. |
| Payments | Stripe | Processing subscriptions and payments |
| Embeddings | OpenAI | Generating vector embeddings to support search over your content |
| AI / LLM | Anthropic | Conversational and workflow features (e.g. Blueprints and in-app chat where available) |
| Product analytics | Analytics provider(s) when enabled | Understanding usage and improving the product |
Specific product features (such as Blueprints or Pro-tier in-app chat) determine when content is sent to AI providers; see the Privacy Policy for details.
How updates are communicated
We will update this page when we add, remove, or materially change service providers. For substantive changes to how we use personal data, we will also update our Privacy Policy and, where appropriate, provide additional notice.
Contact
Questions about trust, privacy, or data handling: