Privacy Policy

1. Information We Collect

Account Information

When you create an account, we collect your full name, email address, and a hashed version of your password. We never store your password in plain text.

Uploaded Contracts

When you upload a contract for analysis, we store the document and its extracted text on our servers. This data is associated with your account and is not shared with third parties.

Usage Data

We collect basic usage information including the number of contracts analyzed per month, feature usage, and general interaction data to improve the Service.

Payment Information

Payment processing is handled by Stripe. We do not store your credit card number, CVV, or full card details on our servers. Stripe's privacy policy governs their handling of your payment data.

2. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Service
• Process your contract analyses and generate risk reports
• Manage your account and subscription
• Send service-related communications (account verification, billing, security alerts)
• Respond to your support requests
• Detect and prevent fraud or abuse

3. What We Do NOT Do

• We do not sell your personal information or uploaded contracts to third parties
• We do not use your uploaded contracts to train our AI models without your explicit consent
• We do not share your contract content with other users
• We do not read your contracts manually (analysis is fully automated)
• We do not send marketing emails without your opt-in consent

4. Data Storage & Security

Your data is stored on secure servers hosted by Railway (backend) and Vercel (frontend). We use industry-standard security measures including:

• HTTPS encryption for all data in transit
• Bcrypt password hashing
• JWT-based authentication with short-lived tokens
• PostgreSQL database with encrypted connections
• File isolation per user account

5. Data Retention

Your uploaded contracts and analysis results are retained as long as your account is active. You may delete individual contracts at any time through the dashboard. Upon account deletion, all associated data (contracts, analyses, account information) will be permanently deleted within 30 days.

6. Third-Party Services

We use the following third-party services:

• Stripe — Payment processing (Stripe Privacy Policy)
• Railway — Backend hosting and database
• Vercel — Frontend hosting
• Google AdSense — Advertisements for free-tier users (Google Privacy Policy)

7. Cookies & Tracking

We use essential cookies for authentication (JWT tokens stored in localStorage). Free-tier users may see ads served by Google AdSense, which uses cookies for ad personalization. You can manage cookie preferences in your browser settings.

8. Your Rights

You have the right to:

• Access your personal data and uploaded contracts
• Delete your contracts and account at any time
• Export your analysis results (available as DOCX, PDF, or TXT)
• Correct inaccurate account information
• Object to processing by contacting us

If you are in the EU/EEA, you have additional rights under GDPR including the right to data portability and the right to lodge a complaint with a supervisory authority.

9. Children's Privacy

ClauseShield is not directed at children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top indicates the most recent revision.

11. Contact Us

For privacy-related questions or to exercise your rights, contact us at privacy@clauseshield.app.