Last updated: June 2026

Privacy Policy

What we collect

When you create an account, we collect your email address and a password (stored securely via Supabase's authentication system — we never see or store your password in plain text). When you upload a contract, we store the document file and the AI-generated review tied to your account.

How we use your contract data

Your uploaded contracts are sent to a third-party AI provider (currently Google Gemini or Anthropic Claude, depending on what's active) solely to generate the risk analysis you requested. We do not use your contracts to train any AI model, and we do not sell, rent, or share your documents with any third party for marketing or any other purpose.

Where your data is stored

Account data and contract reviews are stored in Supabase, a secured cloud database provider. Files are stored in a private storage bucket accessible only to your account — no other user can view, list, or download your contracts.

Payment information

If you subscribe to a paid plan, payment is processed directly by our payment provider (Stripe). We do not store your card details on our servers at any point.

Data retention and deletion

You can delete any individual contract review at any time from your dashboard, which permanently removes both the file and the analysis. If you'd like your entire account and all associated data deleted, contact us and we'll process the request within a reasonable timeframe.

Cookies and analytics

We use only the minimal cookies required for you to stay logged in. We do not currently run third-party advertising trackers or sell data to ad networks.

Changes to this policy

If this policy changes in a way that affects how your data is handled, we'll update this page and, where appropriate, notify you by email.

Contact

Questions about this policy can be directed to the ContractAI team via the contact option in your account settings.