Privacy Policy
This Privacy Policy explains what data ClauseFinder collects, how we use it, and the choices you have.
1. Data we collect
- Account data. Your email address, display name, and profile picture from your Google sign-in.
- Document data. The text, PDFs, and screenshots you upload — retained only for as long as needed to power your dashboard history. Deletion in-product is permanent.
- Analysis output. Extracted clauses, opt-out steps, deadlines, and drafted letters. Non-identifying aggregates (e.g., "Company X has an arbitration clause") power the public directory.
- Usage data. Timestamps, IPs (transiently, for rate limiting), coarse browser info, and view counts on public directory listings via signed anonymous cookies.
- Billing data. When you upgrade, Stripe collects your payment method directly — ClauseFinder never sees your card number. We store only the Stripe customer ID, subscription ID, and status.
2. How we use it
- To run the analysis, generate letters, and show your history.
- To send transactional emails: deadline reminders, weekly digests (opt-in), maintainer newsletters, and receipts.
- To build and maintain the public arbitration company directory (aggregated & de-identified).
- To prevent fraud, spam, and abuse.
3. Third-party processors
- Anthropic (Claude) — processes document text for clause extraction. Data is sent transiently and is not used for model training.
- Stripe — payment processing.
- Resend — transactional email delivery.
- Google — authentication (OAuth).
- MongoDB Atlas — primary database.
4. What we don't do
- We do not sell your data.
- We do not use your uploaded documents to train ML models.
- We do not run ad-tech trackers or behavioral profiling.
5. Retention
Analyses persist until you delete them. Public directory entries persist so long as they remain useful; a verified maintainer can request corrections. Payment records are retained as required by tax/accounting law (typically 7 years).
6. Your rights
You have the right to access, correct, export, or delete your personal data. Log in and use the in-product tools, or write to us via the enterprise contact form. If you are an EU/UK/California resident, additional statutory rights apply (GDPR, CCPA).
7. Cookies
We use one HttpOnly session cookie for authentication, and a signed anonymous "cid" cookie to power per-device view counts and prevent duplicate feedback submissions. No third-party analytics cookies.
8. Children
ClauseFinder is not directed to children under 13, and we do not knowingly collect data from them.
9. Changes
We'll notify you of material changes at least 14 days before they take effect.