Privacy Policy

1. Overview

Contract Risk Analyzer ("we", "our", or "the service") is committed to protecting your privacy. This policy explains how we handle your information when you use our contract analysis tool.

2. Sensitive Data Is Redacted and Never Sent

Before any contract text is sent from your device or used for analysis, we automatically redact sensitive personal and financial data. Redaction happens on your side and in our pipeline so that the following types of data are never transmitted to our AI or stored in identifiable form:

• Social Security Numbers (SSNs)
• Email addresses
• Credit and debit card numbers
• Phone numbers (US and international)
• Bank or account numbers
• Street addresses, P.O. Boxes, and city/state/ZIP combinations
• IP addresses

Redacted text is replaced with non-identifying placeholders (e.g. [REDACTED_SSN], [REDACTED_EMAIL]) before analysis. We do not send unredacted sensitive data to OpenAI or any other third party.

3. Contract Content and Analysis

The contract text you paste or upload (after redaction) is used only to generate a risk analysis and suggested clauses. We do not use your contract content for training AI models. Processed text may be stored temporarily for the purpose of delivering your report and is handled in accordance with our infrastructure providers' policies.

4. Account and Authentication

To use the analyzer, you sign in with Google or email and password via Supabase. We receive your email address and account identifier for authentication and to associate your usage (e.g. analysis count and paid credits) with your account. Supabase's privacy practices apply to this data.

5. Payments

If you purchase analysis credits, payment is processed by Stripe. We do not store your full card number. Stripe's privacy policy applies to payment data. We store only that a payment was completed and the associated credit for your account.

6. Analytics

We may use Vercel Analytics (or similar) to understand usage and performance (e.g. page views, performance metrics). This does not include your contract content or redacted text.

7. Data Retention and Security

We retain account and usage data as needed to provide the service and comply with legal obligations. We use industry-standard practices and trusted providers (Supabase, Stripe, Vercel, OpenAI) to protect data in transit and at rest.

8. Your Rights

Depending on your location, you may have rights to access, correct, or delete your personal data, or to object to certain processing. Contact us using the details on our website or in the app to exercise these rights.

9. Changes

We may update this privacy policy from time to time. The "Last updated" date at the top will be revised when we do. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact

For questions about this privacy policy or our data practices, please contact us through the contact or support options provided in the app or on our website.