Privacy Policy

1. An Overview of Data Protection

General Information

The following information will provide you with an easy to navigate overview of what will happen with your personal data when you visit this website. The term "personal data" comprises all data that can be used to personally identify you.

Data Recording on This Website

Who is the responsible party for the recording of data on this website?

The data on this website is processed by the operator of the website, whose contact information is available under section "Information about the responsible party" in this Privacy Policy.

How do we record your data?

We collect your data as a result of your sharing of your data with us. This may, for instance, be information you enter into our contact form. Other data is recorded automatically by our IT systems when you visit this website. This data primarily includes technical information (e.g., web browser, operating system, or time the site was accessed).

What are the purposes we use your data for?

A portion of the information is generated to guarantee the error-free provision of the website. Other data may be used to analyze your user patterns.

What rights do you have as far as your information is concerned?

You have the right to receive information about the source, recipients, and purposes of your archived personal data at any time without having to pay a fee for such disclosures. You also have the right to demand that your data are rectified or eradicated. If you have consented to data processing, you have the option to revoke this consent at any time. You also have the right to demand that the processing of your data be restricted under certain circumstances. Furthermore, you have the right to object to the processing of your data (Art. 21 GDPR) and the right to data portability (Art. 20 GDPR). Furthermore, you have the right to log a complaint with the competent supervising agency.

2. Hosting

Vercel

We host the content of our website with the following provider: Vercel (440 N Barranca Ave Suite 4133 Covina, CA 91723 United States).

Vercel is a tool for building and hosting websites. When you visit our website, your data (including IP addresses and server log files) is processed on Vercel's servers. This may also involve the transfer of personal data to the parent company of Vercel, Vercel Inc., 8 Clarkson St, New York, NY 10014, USA. Vercel also stores cookies that are required for the display of the site and to ensure security (necessary cookies).

The use of Vercel is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the most reliable presentation of our website. The data transfer to the US is based on the EU-US Data Privacy Framework (DPF) and the standard contractual clauses of the EU Commission. Details can be found in Vercel's Privacy Policy.

Data Processing Agreement (DPA)
We have concluded a Data Processing Agreement (Auftragsverarbeitungsvertrag) with the above-mentioned provider in accordance with Art. 28 GDPR. This is a contract mandated by data privacy laws that guarantees that the provider processes personal data of our website visitors only based on our instructions and in compliance with the GDPR.

PostHog Analytics (Cookie-less)

We use PostHog, provided by PostHog, Inc. (2261 Market Street #4008, San Francisco, CA 94114, United States), for website analytics. Our website integration is configured in cookieless mode (cookieless_mode: "always"), which means this setup does not store identifiers in cookies, local storage, or session storage for website tracking.

In this mode, we process aggregated usage information such as page views and basic technical metadata to understand website performance and usage trends. We do not intentionally process direct identifiers such as names or email addresses for website analytics and we do not call PostHog identify methods in this cookieless website setup.

The processing is based on Art. 6(1)(f) GDPR (legitimate interest) to operate, maintain, and improve the reliability and usability of our website. More information is available in PostHog's Privacy Policy and Data Processing Agreement.

Vercel API Routes and Upstash KV (Free-Tier Enforcement)

We operate server-side API routes (for example under /api/v1/free/* and /api/v1/license/*) on Vercel to provide licensing and free-tier enforcement functionality for the Context Master VS Code extension. For free-tier enforcement, we use Upstash (Redis-compatible Key-Value Store) to store pseudonymous usage counters keyed by a hashed machineID identifier.

This processing is necessary to enforce free-tier business rules (such as daily call limits and abuse prevention), ensure fair resource allocation, and protect service stability. The legal basis is Art. 6(1)(f) GDPR (legitimate interest), and where applicable Art. 6(1)(b) GDPR for processing required to provide the service requested by the user. Upstash-backed usage keys are configured with automatic expiration.

3. General Information and Mandatory Information

Data Protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this Privacy Policy.

Information about the responsible party

The responsible party for data processing on this website is:

LuGoSoft
Thalkirchner Str. 47
80337 Munich, Germany
Email: info@context-master.dev

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

Storage Duration

Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for which it was collected no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data.

4. VS Code Extension (Context-Master)

Payment Processing and Licensing via LemonSqueezy

If you purchase a license for our VS Code extension, the transaction is processed and fulfilled by our Merchant of Record, LemonSqueezy (Lemon Squeezy LLC, 222 Main Street Suite 500 Salt Lake City, UT 84101 United States). As the Merchant of Record, LemonSqueezy acts as an independent Data Controller for your payment, billing, and transaction data. We do not process or store your credit card information. We only receive access to non-financial data (such as your email address, license key, and order status) to verify your active license within the extension. This processing is based on the performance of a contract (Art. 6(1)(b) GDPR).

Product Analytics and Error Monitoring via PostHog

We use PostHog to analyze product usage and monitor extension reliability in the Context Master VS Code extension. The provider is PostHog, Inc., 2261 Market Street #4008, San Francisco, CA 94114, United States. For this processing, PostHog acts as our processor under Art. 28 GDPR. You can review PostHog's privacy information at https://posthog.com/privacy and its Data Processing Agreement at https://posthog.com/dpa.

We process only telemetry data required to understand extension usage and stability, such as a pseudonymous machine identifier provided by VS Code, extension and VS Code version, aggregated event metrics (for example tool usage counters), license state signals (for example activation outcomes), and technical error telemetry. We do not intentionally send source code, file contents, prompts, or repository content to PostHog.

User Control & Opt-Out: The extension strictly follows VS Code's global telemetry setting. If telemetry is disabled in VS Code, PostHog telemetry from the extension is disabled as well. If telemetry is enabled, telemetry can be processed for product analytics and reliability monitoring.

The processing is based on Art. 6(1)(f) GDPR (legitimate interest) to operate, secure, and continuously improve the extension. If PostHog is configured with the EU endpoint (for example https://eu.posthog.com), telemetry is processed on EU-hosted PostHog infrastructure. Where data transfers to third countries occur, they are safeguarded through applicable transfer mechanisms such as adequacy decisions, PostHog's participation in the EU-U.S. Data Privacy Framework (including UK Extension and Swiss-U.S. DPF), and/or standard contractual clauses as described in PostHog's privacy and DPA documentation.