Privacy Policy
Contexto — a product of Marameo Design Pty Ltd
Last updated: June 2026
Who we are
Contexto is an AI chat concierge widget built and operated by Marameo Design Pty Ltd (ABN: 33 631 679 251), an Australian digital agency.
Registered address: 75 Pearl Street, Kingscliff NSW 2487, Australia
Privacy contact: mara@marameodesign.com
How Contexto works
Contexto is embedded on third-party websites. When you use Contexto on a website, you are interacting with a widget that has been configured and deployed by that website's owner (the client). Marameo Design processes data on behalf of that client. This means the website owner is the data controller — they determine why your data is collected — and Marameo Design is the data processor, responsible for how it is handled.
If you have questions about why a particular website uses Contexto, please contact that website's owner directly.
What we collect and why
When you use Contexto, your conversation is saved so the website you are visiting can understand what its users need. By default, this conversation is not linked to your name or any personal detail — it is stored anonymously. You can choose to let Contexto remember you across visits, but only if you say so.
How your data is handled depends on the choices you make while using Contexto. There are three modes.
Mode 1 — Anonymous (default for all visitors)
This is the default for every visitor. Nothing is stored on your device without your knowledge.
When you open Contexto and send a message:
- A session identifier is generated on our server to maintain your conversation. This identifier is never written to your browser — it exists only on our side.
- We use your browser's temporary session storage to keep track of your conversation as you move between pages on the same website. This is cleared automatically when you close the tab. It is not a cookie and does not persist beyond your current browsing session.
- Your conversation content is stored in our database, linked to a random identifier that has no connection to your name, email address, or any other information that could identify you personally. This data is used to help the website owner understand what their visitors need. For example, if many visitors ask about a topic the website does not cover, the website owner can use that insight to improve their content.
- No cookies are written to your device in this mode.
We process this data on the basis of the legitimate interests of the website owner in understanding and improving their digital content (GDPR Article 6(1)(f); Australian Privacy Principles).
Mode 2 — Remembered visitor (only if you choose this)
After your third message, Contexto may ask whether you would like to be remembered for future visits. You are never remembered without your explicit choice.
If you click "Remember me":
- We set one cookie on your device named
contexto_vid. This cookie contains a randomly generated unique identifier — it is not your name, email address, or any other personal detail. It has a lifespan of 365 days. - On your next visit to the same website, Contexto reads this cookie to recognise you. This means Contexto can pick up where you left off without you having to repeat yourself.
- Your conversation history across visits is linked to this identifier in our database.
If you click "No thanks":
- We set a short-term preference cookie named
contexto_remember_choicewith a value of "declined" and a lifespan of 30 days. This cookie contains no identifying information. Its only purpose is to avoid prompting you again for 30 days. - Your session continues as anonymous. No persistent identifier is created.
You can ask to be forgotten at any time by contacting the website owner through their privacy or contact form. See the Your rights section below for details.
We process remembered visitor data on the basis of your consent (GDPR Article 6(1)(a); Australian Privacy Principles).
Mode 3 — Logged-in users with profile context
On websites where you have an account, the website owner may choose to share certain profile information with Contexto — for example, your research interests, membership type, or career stage. This allows Contexto to give you more relevant answers within your current session.
This profile data is used only to inform Contexto's responses during your active session. It is never written to our database. When your session ends, it is gone.
The website owner is responsible for telling you that they share your profile data with Contexto. Please refer to that website's privacy policy for details of what is shared and why.
Cookies summary
| Cookie | Purpose | Lifespan | Set without consent? |
|---|---|---|---|
contexto_vid | Identifies you across visits so Contexto can remember you | 365 days | No — only set if you click "Remember me" |
contexto_remember_choice | Records that you declined the "Remember me" prompt | 30 days | No — only set if you click "No thanks" |
sessionStorage: contexto_state | Maintains your active conversation across page transitions within the same tab | Cleared on tab close | Yes — strictly necessary for the service to function |
Where your data is stored
We store data regionally to keep it close to where it originates.
- Australian clients: conversation and session data is stored in Sydney, Australia (AWS ap-southeast-2).
- European clients: conversation and session data is stored in Frankfurt, Germany (AWS eu-central-1). Data does not leave the European Union.
For European deployments, transfers of data to our AI service providers in the United States are governed by Standard Contractual Clauses (SCCs) approved by the European Commission.
How long we keep your data
All conversation data — session records and message content — is automatically and permanently deleted after 12 months. This retention period exists because meaningful content analysis requires data across a full annual cycle. No data is kept beyond this period.
If you request deletion before the 12-month period ends, your data will be deleted within 5 business days. See Your rights below.
Your rights
Depending on where you are located, you may have the following rights regarding your data:
- Right of access — you can ask what data is held about you
- Right to rectification — you can ask for inaccurate data to be corrected
- Right to erasure — you can ask for your data to be deleted
- Right to withdraw consent — if you clicked "Remember me", you can withdraw that consent at any time by asking the website owner to delete your data. Withdrawing consent does not affect the lawfulness of any processing that took place before withdrawal.
- Right to object — you can object to processing based on legitimate interests
- Right to data portability — you can ask for your data in a portable format
To request deletion, access, or correction of your data, go to the privacy or contact page of the website where you used Contexto and submit a request there. You do not need to contact Marameo Design directly — the website owner handles all data requests on our behalf. The website owner will locate your data using the visitor identifier associated with your browser and permanently delete all sessions and messages linked to it.
If you are unsure which website to contact, or if the website owner does not respond, you can reach us directly at mara@marameodesign.com and we will assist.
If you are in the EU, you have the right to lodge a complaint with your national data protection authority. A list of EU supervisory authorities is available at edpb.europa.eu.
If you are in the UK, you may contact the Information Commissioner's Office (ICO) at ico.org.uk.
If you are in Australia, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au. If you have a complaint about how we have handled your personal information, please contact us first at mara@marameodesign.com. We will respond within 30 days. If you are not satisfied with our response, you may escalate your complaint to the OAIC.
How to make a privacy complaint
If you believe we have handled your personal information in a way that does not comply with the Australian Privacy Principles, the GDPR, or UK GDPR, you can make a complaint by contacting us at mara@marameodesign.com.
Please describe your concern as clearly as you can. We will acknowledge your complaint promptly and respond in full within 30 days. If the matter is complex or requires investigation, we will keep you informed of our progress.
If you are not satisfied with our response, you may escalate to the relevant authority for your location:
- Australia: Office of the Australian Information Commissioner (OAIC) — oaic.gov.au
- UK: Information Commissioner's Office (ICO) — ico.org.uk
- EU: Your national data protection authority — a full list is available at edpb.europa.eu
Subprocessors
Contexto uses the following third-party services to operate. Each is bound by a data processing agreement. Full details are available at contexto.com.au/subprocessors.
| Subprocessor | Purpose |
|---|---|
| Anthropic | Generates conversational responses |
| OpenAI | Generates text embeddings for content search |
| Supabase | Hosts the database for conversation and session data |
| Vercel | Hosts the application infrastructure |
Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include encryption at rest (AES-256) and in transit (TLS), server-side only database access, and regional data isolation. We require all subprocessors to maintain equivalent standards.
Personal data processed under this policy is never used to train AI or machine learning models, by Marameo Design or any of our subprocessors.
In the event of a data breach that is likely to affect your rights or freedoms, we will notify the affected client without undue delay and in any event within 72 hours of becoming aware of the breach. The client, as data controller, is then responsible for notifying their supervisory authority and affected data subjects in accordance with applicable law.
Automated decision-making
Contexto uses artificial intelligence to generate responses to your questions. This AI processes your query and the content of the website you are visiting to produce an answer.
This does not constitute automated decision-making that significantly affects your legal rights or interests. Contexto's responses are informational only — they help you find information on a website. No decisions about you are made automatically based on your data, and no profiling is carried out for the purposes of evaluating personal aspects about you.
If a client deploys Contexto in a way that involves automated decisions affecting individuals' rights or interests, the client is responsible for ensuring that deployment complies with applicable law, including providing appropriate disclosures to users.
Changes to this policy
When we make material changes to this policy, we will update the date at the top of this page. We encourage you to review it periodically. Continued use of Contexto after changes are posted constitutes acceptance of the updated policy.
Contact
For privacy enquiries related to Contexto, contact us at mara@marameodesign.com.
For enquiries about data held on a specific website where you used Contexto, please contact that website's owner directly.