Privacy Policy

Last updated: December 1, 2024

1. Information We Collect

We collect information you provide directly to us, including:

  • Account information (name, email, company, role)
  • Contract documents you upload for analysis
  • Usage data and interaction logs
  • Payment and billing information (processed by our payment provider)
  • Communications you send to us (support requests, feedback)

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our AI contract analysis services
  • Process transactions and send related information
  • Send technical notices, updates, and support messages
  • Respond to your comments, questions, and requests
  • Monitor and analyze trends, usage, and activities
  • Detect, investigate, and prevent fraud and abuse

3. Contract Data & AI Training

We never use your contract data to train our AI models. Your documents are processed for analysis purposes only and are encrypted at rest using AES-256 encryption. You retain full ownership of all contract data uploaded to the platform.

4. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • SOC 2 Type II certified infrastructure
  • AES-256 encryption at rest, TLS 1.3 in transit
  • Regular security audits and penetration testing
  • Role-based access controls and audit logging
  • Data residency options (US, EU)

5. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share information with service providers who assist us in operating our platform (hosting, payment processing, analytics), subject to confidentiality agreements.

6. Data Retention

We retain your account information for as long as your account is active. Contract data is retained according to your plan settings and can be exported or deleted at any time. After account cancellation, data is retained in read-only mode for 90 days before permanent deletion.

7. Your Rights

You have the right to:

  • Access and receive a copy of your personal data
  • Rectify inaccurate personal data
  • Request deletion of your personal data
  • Object to processing of your personal data
  • Data portability
  • Withdraw consent at any time

8. GDPR Compliance

For users in the European Economic Area, we comply with GDPR requirements. Our legal basis for processing includes contract performance, legitimate interests, and consent. We have appointed a Data Protection Officer reachable at dpo@contractai.com.

9. Cookies

We use essential cookies for authentication and security, and optional analytics cookies to improve our service. You can manage cookie preferences through your browser settings.

10. Contact Us

If you have questions about this Privacy Policy, please contact us at privacy@contractai.com or write to: ContractAI Inc., 548 Market Street, Suite 92834, San Francisco, CA 94104.