Contexta logoContexta

Privacy Policy

Last updated: 15 May 2026

This Privacy Policy explains how ELab Limited (“ELab”, “we”, “our”) handles personal information collected through the Contexta dashboard. We comply with the New Zealand Privacy Act 2020 and apply equivalent standards for users in other jurisdictions.

1. Information we collect

We collect:

  • Account information — your email address, name, avatar (if uploaded), and the organisation you belong to;
  • Authentication events — sign-in attempts and one-time passcodes used to verify access;
  • Configuration content — organisation rules, capability assignments, and related metadata you create or update;
  • Operational logs — request metadata, error traces, and audit history needed to run the Service securely.

2. How we use it

We use personal information to:

  • authenticate you and protect your account;
  • provide the Service to your organisation, including capability provisioning, rule management, and skill discovery;
  • maintain audit trails of administrative changes (org config history, role changes);
  • investigate incidents, prevent abuse, and meet legal obligations.

We do not use your content to train general-purpose AI models.

3. Sub-processors

We use a small set of trusted infrastructure providers to operate the Service:

  • Supabase — managed Postgres, authentication, and file storage;
  • Vercel — application hosting and edge delivery;
  • Email delivery — for transactional sign-in codes and administrator notifications.

Each sub-processor is bound by data protection terms appropriate to their role. We will update this list when material changes occur.

4. Data location and retention

Personal data is hosted in regions chosen for performance and regulatory fit. We retain account and configuration data for as long as your organisation uses the Service, and for a reasonable period afterwards to satisfy legal, audit, and dispute-resolution obligations. Audit logs are retained for at least twelve months.

5. Sharing

We do not sell personal information. We share it only with the sub-processors listed above, with your organisation’s designated administrators, and where required by law or to enforce our terms.

6. Security

Access to production systems is restricted, authenticated, and logged. We use Row Level Security on the database, encrypted transport (HTTPS), and encrypted storage at rest. We review access and audit trails regularly.

7. Your rights

Under the Privacy Act 2020 and equivalent laws, you may request access to or correction of personal information we hold about you. Many actions can be performed directly in the dashboard (profile, avatar). For requests we cannot satisfy through the product, contact us using the details below and we will respond within a reasonable time.

8. Cookies and local storage

The Service uses cookies and local storage solely to keep you signed in and to remember your interface preferences (such as light/dark mode). We do not use third-party advertising cookies.

9. Changes to this policy

We may update this policy from time to time. Material changes will be communicated through the Service or by email to organisation administrators.

10. Contact

Privacy enquiries can be sent to support@elab.co.nz. Mark the subject “Privacy request” if your enquiry concerns data access, correction, or deletion.