Privacy Policy

Last updated: April 26, 2026

ClauseCheck is built for sensitive documents. This policy describes exactly what data we collect, what we don’t, and how we handle it. We have tried to write it in plain English rather than legalese.

1. Your contract content

We do not store your contract text. Here is precisely what happens when you scan a document:

• File uploads (PDF, DOCX): your file is parsed entirely inside your browser using local JavaScript (pdf.js / mammoth.js). The original file is never uploaded to our servers. Only the extracted plain text leaves your device.
• Extracted text / pasted text: sent over HTTPS to our API, passed to the Anthropic Claude API for analysis, then discarded. We do not write your contract content to any database.
• What we do log: per scan we store token counts, model cost, prompt version, and the clause category IDs that were flagged (e.g. ip_assignment, auto_renewal). This is used to enforce rate limits, calculate your bill, and generate anonymous benchmark statistics. No contract content is included.

2. Account data

• Email address and Google account ID — collected when you sign in via Google OAuth or email magic link. Used to authenticate you and send transactional emails (welcome, receipts, account notices).
• Role profile — the role you select (designer, developer, writer, consultant, generic). Stored so the scanner can weight clause severity appropriately across sessions.
• Billing: Stripe holds your payment card and billing address. We store only your Stripe customer ID and subscription status — never raw card numbers.

3. Cookies and local storage

We use a Supabase session cookie (HTTP-only, secure, same-site strict) to keep you signed in. We do not use advertising cookies, tracking pixels, or third-party analytics scripts. No cookie consent banner is needed because we set no non-essential cookies.

4. Anonymous benchmarks (opt-out)

By default, the clause categories flagged in your scans contribute to anonymous aggregate statistics — for example, “42% of scanned contracts contain an auto-renewal clause.” This data is never tied to your name, email, or contract content. You can opt out at any time from your Account page.

5. What we never do

• We never train AI models on your contract text.Scans are stateless calls to the Anthropic API. Per Anthropic’s commercial API terms, API inputs and outputs are not used to train their models.
• We never sell or share your personal data with advertisers or data brokers.
• We never store your uploaded files — they never reach our servers.
• We never send marketing email without your explicit consent.

6. Third-party processors

We share data with the following sub-processors only to the extent necessary to operate the service:

• Supabase — authentication and database (US East region). Stores your account data and usage logs.
• Vercel — application hosting (edge network, US primary). Processes all API requests.
• Anthropic — LLM inference (Claude Haiku). Receives the extracted contract text for analysis. Does not retain or train on API data per their commercial terms.
• Stripe — payment processing. Subject to PCI-DSS. We never see your raw card details.
• Resend — transactional email (welcome emails, purchase receipts, account notices). Receives your email address.
• Sentry — error monitoring. Error reports may include your user ID and browser information. Contract content is never included in error reports.

7. Data retention

• Usage logs (token counts, clause categories, cost): retained for 12 months for billing and benchmark purposes, then deleted.
• Account data (email, role profile, plan): retained until you delete your account.
• Contract content: not retained. See Section 1.

8. Your rights

You can export or permanently delete your account and all associated data at any time from your Account page. Deletion cascades to all usage logs and subscription records and is irreversible. If you are located in the EU, UK, or California, you also have the right to:

• Request a copy of your personal data
• Correct inaccurate personal data
• Restrict or object to processing
• Withdraw consent at any time (e.g., benchmark opt-out)

To exercise any of these rights, email hello@clause-check.app. We will respond within 30 days.

9. Children

ClauseCheck is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us data, contact us and we will delete it promptly.

10. Changes to this policy

We may update this policy. Material changes will be posted here with a new “last updated” date and, for active subscribers, communicated by email at least 14 days before taking effect.

11. Contact

Questions about this policy or your data? Email hello@clause-check.app. We aim to respond within 2 business days.