ContractScanAI

Privacy Policy

Last updated: June 8, 2026

ContractScan AI ("we", "us", "our") provides an AI-powered contract analysis service. This Privacy Policy explains what information we collect, how we use it, the legal basis for processing, who we share it with, and the rights you have under GDPR, CCPA, and similar laws.

1. Information We Collect

Account data. Email, password hash, organization name, billing details, and the plan you subscribe to.

Contract content. The PDFs, Word documents, and text you upload for analysis. We treat this as confidential business data.

Usage data. Pages visited, features used, IP address, browser type, device, and approximate location (city-level), captured via cookies and standard server logs.

Communications. Support emails, chat transcripts, and feedback you send us.

2. How We Use Your Data

  • To run the contract analysis engine and deliver your risk reports.
  • To bill you, manage your subscription, and prevent fraud.
  • To improve product quality, model accuracy, and security.
  • To respond to support requests and send service-related notifications.

We do not sell your personal data, and we do not use the contents of your contracts to train third-party AI models.

3. AI Processing

Contracts are processed by large language models operated by enterprise AI providers under a zero-data-retention agreement: prompts and responses are not stored on the provider's servers and are not used to train their public models. Our internal copy of your contract is retained only as long as your account exists or until you delete it.

4. Data Retention & Deletion

Contracts and reports are retained while your account is active. You may delete any contract from your dashboard at any time; deletion is permanent within 30 days. Billing records are retained for 7 years to meet tax and accounting laws.

5. Sharing & Sub-processors

We use vetted sub-processors for hosting (cloud infrastructure), payment processing, transactional email, and AI inference. A current list is available on request. We never sell or rent your data to advertisers or data brokers.

6. Security

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access to production systems is restricted to a small set of engineers via SSO and hardware-key MFA. We run continuous vulnerability scanning and undergo annual third-party penetration tests.

7. Your Rights

Depending on your jurisdiction, you have the right to access, correct, export, restrict, or delete your personal data, and to object to certain processing. To exercise any of these rights, email hello@contractscanai.com.

8. International Transfers

If you are outside the United States, your data may be transferred to and processed in the U.S. and other countries where our sub-processors operate. We use Standard Contractual Clauses and equivalent safeguards.

9. Children

ContractScan AI is intended for use by businesses and adults aged 18+. We do not knowingly collect data from children under 16.

10. Changes to this Policy

We will notify you by email at least 30 days before any material change. The "Last updated" date above always reflects the current version.

11. Contact

Questions or complaints? Email hello@contractscanai.com or write to ContractScan AI, Data Protection Officer, 1209 Orange Street, Wilmington, DE 19801, USA.