Get Started
LEGAL

Privacy Policy

Last updated: March 29, 2026

1. Introduction

ContractAnalyzer ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you use our AI-powered contract analysis service.

2. Information We Collect

2.1 Document Data

When you upload a contract for analysis, we process the document content in memory. We do not store, retain, or persist any document content. Documents are processed in an encrypted environment and immediately purged after analysis is complete.

2.2 Analysis Results

We store the analysis output (risk scores, clause analysis, recommendations) associated with a unique report ID. This data does not contain the original document text.

2.3 Email Address

We collect your email address only when you make a purchase, for the purpose of delivering your report and enabling report recovery. We do not use your email for marketing purposes.

2.4 Payment Information

Payment processing is handled entirely by Stripe, Inc. We do not store, process, or have access to your credit card numbers or banking information. Please refer to Stripe's Privacy Policy for details on their data practices.

2.5 Technical Data

We may collect standard technical data such as IP addresses, browser type, and device information for security, rate limiting, and service improvement purposes.

3. How We Use Your Information

  • To process and analyze uploaded contracts using AI
  • To generate and deliver analysis reports
  • To process payments via Stripe
  • To send report delivery and recovery emails
  • To enforce rate limits and prevent abuse
  • To improve our service and AI models (using only aggregated, anonymized data — never your documents)

4. Data Retention

Document content: Zero retention. Documents are processed in memory and never written to persistent storage.

Analysis reports: Retained indefinitely until you request deletion.

Recovery tokens: Expire automatically after 24 hours.

Email addresses: Retained as long as associated reports exist.

5. Data Security

We implement industry-standard security measures to protect your data:

  • All data is encrypted in transit using TLS 1.3
  • Data at rest is encrypted using AES-256
  • Access tokens are stored as SHA-256 hashes — we never store plaintext tokens
  • File uploads are validated for type and size before processing
  • Rate limiting protects against abuse (10 analyses per hour per IP)

6. AI and Your Documents

We never use your uploaded documents to train our AI models. Your contract content is sent to Anthropic's Claude API for analysis in a single request and is subject to Anthropic's Privacy Policy. Anthropic does not use API inputs to train their models.

7. Third-Party Services

We use the following third-party services:

  • Anthropic (Claude API) — AI-powered contract analysis
  • Stripe — Payment processing
  • Resend — Transactional email delivery
  • Hetzner — Infrastructure hosting (EU-based)

8. Your Rights

You have the right to:

  • Request deletion of your analysis reports and associated data
  • Request a copy of data we hold about you
  • Withdraw consent for data processing

To exercise these rights, contact us at privacy@contractanalyzer.io.

9. Cookies

We do not use tracking cookies or third-party analytics. We may use essential cookies for session management only.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by updating the "Last updated" date at the top of this page.

11. Contact

For privacy-related inquiries, contact us at privacy@contractanalyzer.io.