Privacy Policy

1. Who We Are

AI-Contract is an AI-powered contract analysis platform operated by SaaS Studio Pte. Ltd. ("Company"), a company incorporated in Singapore. Our registered business address is 68 Circular Road, #02-01, Singapore 049422. You can contact us at support@ai-contract.net.

We provide legal document analysis services including risk identification, clause extraction, and Q&A functionality powered by artificial intelligence. We are not a law firm and do not provide legal advice.

2. Information We Collect

2.1 Information You Provide Directly

• Email address — collected when you create an account or sign in via magic link.
• Documents — any PDF or DOCX files you upload to the platform for analysis.
• Chat messages — questions and answers in the Q&A chat interface tied to your documents.
• Contact form submissions — your name, email, subject, and message when you contact our support team.
• Billing information — payment card details processed by Stripe (we never store full card numbers).

2.2 Information Collected Automatically

• Usage data — pages visited, features used, time spent, button clicks, and navigation patterns.
• Device and browser data — browser type, operating system, screen resolution, and language settings.
• IP address — collected for security, fraud prevention, and approximate geographic location.
• Error logs — crash reports and error stack traces to help us identify and fix bugs.
• API usage metrics — token counts for Claude AI requests (used for billing and capacity planning).

2.3 Information from Third Parties

• Stripe — subscription status, plan tier, billing history, and customer ID.
• Supabase Auth — authentication tokens and session metadata.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the AI-Contract platform and its features.
• Process your uploaded documents through AI analysis (risk flags, clause extraction, summary generation).
• Send transactional emails such as magic link sign-in, analysis completion notifications, and credit usage warnings.
• Manage your subscription, process payments, and handle billing enquiries.
• Respond to support requests and contact form submissions.
• Monitor platform performance, detect errors, and diagnose technical issues.
• Analyse usage patterns to improve our features and user experience.
• Enforce our Terms of Service and prevent fraudulent or abusive activity.
• Comply with legal obligations applicable to our business.

4. Document Privacy and AI Processing

We understand that the contracts and legal documents you upload may contain highly sensitive commercial, personal, or confidential information. We take the following measures:

• Documents are stored encrypted at rest in Supabase Storage with row-level security (RLS) policies that ensure only you can access your own files.
• Document text is transmitted to Anthropic's Claude API for AI analysis over encrypted HTTPS connections. Anthropic's data handling is governed by their own privacy policy.
• We do not use your documents to train our own AI models.
• Documents are not shared with other users or third parties except as required to provide the service (e.g. AI analysis).
• You can delete your documents at any time. Deletion removes the file from storage and all associated analysis data from our database.

5. How We Share Your Information

We do not sell your personal data. We share information only in the following circumstances:

5.1 Service Providers

We use the following trusted third-party services to operate the platform:

5.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or if we believe in good faith that such disclosure is necessary to protect our rights, your safety, or the safety of others.

5.3 Business Transfers

If AI-Contract is acquired, merged, or its assets transferred, your information may be transferred as part of that transaction. We will notify you via email before your data becomes subject to a different privacy policy.

6. Data Retention

• Account data — retained for as long as your account is active. If you delete your account, we will delete your personal data within 30 days.
• Documents and analyses — retained until you delete them or close your account.
• Chat messages — retained until you delete the associated document or close your account.
• Billing records — retained for 7 years to comply with financial regulations.
• Error logs — retained for 90 days for debugging purposes.
• Analytics events — retained in anonymised form for up to 12 months.

7. Data Security

We implement industry-standard security measures to protect your data:

• All data is transmitted over encrypted HTTPS (TLS 1.2+) connections.
• Documents and database records are encrypted at rest.
• Row-level security (RLS) policies in our database ensure users can only access their own data.
• API keys and service credentials are stored as server-side environment variables and never exposed to the client.
• Authentication uses passwordless magic links — no passwords are stored.
• Access to production systems is restricted to authorised personnel only.

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach affecting your rights, we will notify you as required by applicable law.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Correction — request that we correct inaccurate or incomplete data.
• Deletion — request that we delete your personal data ("right to be forgotten").
• Portability — request your data in a structured, machine-readable format.
• Objection — object to the processing of your data for certain purposes.
• Restriction — request that we restrict processing of your data.
• Withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, email us at support@ai-contract.net. We will respond within 30 days. We may need to verify your identity before processing your request.

9. Cookies and Tracking

We use the following types of cookies and tracking technologies:

• Essential cookies — required for authentication and session management. Cannot be disabled.
• Analytics cookies — used by PostHog to collect anonymised usage statistics. Can be opted out via browser settings.
• Error tracking — Sentry may set cookies to track error sessions for debugging purposes.

We do not use advertising or third-party marketing cookies.

10. International Data Transfers

Our service infrastructure is hosted primarily in the United States and Asia-Pacific regions (via Supabase, Vercel, and Anthropic). By using AI-Contract, you acknowledge that your data may be transferred to and processed in countries other than your own. We ensure that such transfers comply with applicable data protection laws and that appropriate safeguards are in place.

11. Children's Privacy

AI-Contract is not directed at children under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at support@ai-contract.net and we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by email and by updating the "Last updated" date at the top of this page. Your continued use of the platform after the effective date constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us: