Privacy Policy

The data controller responsible for your personal information is:

For EU/EEA data subjects: While we do not currently maintain a physical establishment in the EU/EEA, we comply with GDPR requirements as they apply to the processing of personal data of individuals in the EU/EEA. You may contact us at the address above or via email for any data protection inquiries.

We collect the following categories of personal information:

2.1 Information You Provide Directly

• Email address: Collected when you subscribe to the newsletter. This is the only personal information required to use the Service.
• Communications: Any information you provide when contacting us (e.g., name, email, message content).

2.2 Information Collected Automatically

• Email engagement data: Open rates, click-through rates, and interaction data related to newsletter emails (collected via our email service provider).
• Website usage data: IP address (anonymized where technically feasible), browser type and version, operating system, referring URL, pages visited, time and date of visit, and time spent on pages.
• Cookies: We use only strictly necessary cookies. We do not use advertising or tracking cookies. See Section 9 for details.

2.3 Information We Do Not Collect

We do not collect sensitive personal data (as defined by GDPR Article 9), including racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sexual orientation. We do not collect financial information (credit card numbers, bank accounts), government identifiers (Social Security numbers, passport numbers), or precise geolocation data.

For individuals in the EU/EEA and UK, we process personal data under the following legal bases:

• Consent (Article 6(1)(a) GDPR): When you voluntarily subscribe to our newsletter, you consent to the processing of your email address for that purpose. You may withdraw consent at any time by unsubscribing.
• Legitimate Interest (Article 6(1)(f) GDPR): We process website usage data for the legitimate interest of operating, maintaining, and improving the Service, and for security purposes. We have conducted a balancing test and determined that these interests are not overridden by your rights and freedoms.
• Legal Obligation (Article 6(1)(c) GDPR): We may process data as required to comply with applicable legal obligations.

We use the information we collect to:

• Deliver the newsletter to your email address;
• Respond to your inquiries and communications;
• Analyze aggregate, anonymized usage patterns to improve the Service;
• Ensure the security and integrity of the Service;
• Comply with legal obligations and enforce our Terms of Service.

We do not sell your personal information. We do not share your personal information with third parties for their own marketing purposes. We do not engage in profiling or automated decision-making that produces legal effects concerning you.

We may share your personal information only in the following limited circumstances:

• Service Providers: We share data with trusted third-party service providers who perform services on our behalf (e.g., email delivery, website hosting, analytics). These providers are contractually obligated to use your data only for the purposes for which it was disclosed and to implement appropriate data protection measures. For EU/EEA data, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses).
• Legal Requirements: We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.
• Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or other similar event, your personal information may be transferred as part of the transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information.

Your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. If you are located outside the United States, please be aware that data protection laws in the United States may differ from those in your country.

EU/EEA Transfers: For transfers of personal data from the EU/EEA to countries outside the EU/EEA that have not been deemed to provide an adequate level of data protection by the European Commission, we rely on: (a) Standard Contractual Clauses (SCCs) approved by the European Commission; and/or (b) other legally recognized transfer mechanisms. You may request a copy of the applicable safeguards by contacting us.

UK Transfers: For transfers from the UK, we rely on the UK International Data Transfer Agreement or UK Addendum to the EU SCCs, as applicable.

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected:

• Email address: Retained for as long as you remain subscribed. Upon unsubscribing, your email address will be deleted or anonymized within thirty (30) days, unless retention is required by law.
• Website usage data: Aggregated and anonymized data may be retained indefinitely for analytical purposes. Identifiable website data is retained for no longer than twelve (12) months.
• Communications: Correspondence is retained for as long as necessary to resolve your inquiry, plus a reasonable period for record-keeping.

8.1 Rights Under the GDPR (EU/EEA and UK Residents)

If you are located in the EU/EEA or UK, you have the following rights under the GDPR / UK GDPR:

• Right of Access (Article 15): Request a copy of the personal data we hold about you.
• Right to Rectification (Article 16): Request correction of inaccurate personal data.
• Right to Erasure (“Right to be Forgotten”) (Article 17): Request deletion of your personal data, subject to legal exceptions.
• Right to Restriction of Processing (Article 18): Request that we restrict processing of your data in certain circumstances.
• Right to Data Portability (Article 20): Receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Object (Article 21): Object to processing based on legitimate interests.
• Right to Withdraw Consent (Article 7(3)): Withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority (supervisory authority).

8.2 Rights Under the CCPA / CPRA (California Residents)

If you are a California resident, you have the following rights:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the categories of third parties with whom we share it.
• Right to Delete: Request deletion of your personal information, subject to legal exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell or share (as defined by the CCPA/CPRA) your personal information. No opt-out is necessary.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise any of these rights, contact us at privacy@thecontextgraph.co. We will respond within the time periods required by applicable law (30 days under GDPR, 45 days under CCPA/CPRA).

8.3 Additional U.S. State Privacy Rights

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with comprehensive privacy laws may have similar rights to access, delete, correct, and opt-out of certain processing. Contact us at privacy@thecontextgraph.co to exercise your rights.

We use only strictly necessary cookies required for the technical operation of the website. We do not use:

• Advertising or marketing cookies;
• Cross-site tracking cookies;
• Social media tracking pixels;
• Third-party analytics cookies that identify individual users.

If we introduce any non-essential cookies in the future, we will implement a cookie consent mechanism compliant with the EU ePrivacy Directive (2002/58/EC) and applicable local laws prior to deploying such cookies.

We comply with the CAN-SPAM Act (15 U.S.C. § 7701 et seq.) and applicable electronic marketing laws. Every newsletter email includes:

• A clear identification of the message as a newsletter;
• Our valid physical mailing address;
• A functional and conspicuous unsubscribe mechanism;
• Accurate sender information and subject lines.

We honor unsubscribe requests within ten (10) business days, as required by the CAN-SPAM Act. For EU/EEA users, we obtain consent before sending marketing communications in compliance with the ePrivacy Directive.

The Service is not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without verification of parental consent, we will take steps to delete that information promptly. If you believe we have collected information from a child under 16, please contact us at privacy@thecontextgraph.co.

We implement appropriate technical and organizational measures to protect your personal information against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include encryption of data in transit (TLS/SSL), access controls, regular security assessments, and secure data storage practices.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority in accordance with Article 33 and Article 34 of the GDPR, and any other applicable breach notification laws.

Some browsers transmit “Do Not Track” (DNT) signals. As there is no common industry standard for DNT, we do not currently respond to DNT signals. However, as described in Section 9, we do not use advertising or tracking cookies.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by: (a) posting the updated policy on our website with a revised “Last updated” date; and (b) sending notice to your registered email address at least thirty (30) days before the changes take effect.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after the effective date of changes constitutes your acceptance of the revised policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will acknowledge your request within five (5) business days and provide a substantive response within the time period required by applicable law.