Privacy Policy

Last Updated: November 8, 2025

ClauseoAI LLC ("ClauseoAI," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services (collectively, the "Service").

BY USING THE SERVICE, YOU AGREE TO THIS PRIVACY POLICY. IF YOU DO NOT AGREE, DO NOT USE THE SERVICE.

1. Information We Collect

1.1 Information You Provide

• Account Information: Email address, name, company name, and encrypted password when you create an account.
• Contract Documents: Files you upload (PDF, DOCX, TXT) containing contract information for analysis.
• Payment Information: Billing details processed securely by our third-party payment processor (Stripe). We do NOT store complete credit card numbers on our servers.
• Communications: Messages, feedback, support requests, and correspondence you send to us.

1.2 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent, clicks, contract uploads, and interaction patterns.
• Device Information: IP address, browser type and version, operating system, device identifiers, referral URLs.
• Cookies and Tracking: Session cookies, authentication tokens, and analytics cookies. See Section 9 for details.
• Log Data: Server logs, error reports, API calls, timestamps, and system performance metrics.

2. How We Use Your Information

We use collected information for the following purposes:

• Service Delivery: Provide, maintain, and improve the Service; analyze contracts using AI; extract key terms and clauses.
• Alerts and Notifications: Send renewal reminders, risk alerts, and important service updates via email.
• Payment Processing: Process subscriptions, manage billing, handle refunds, and prevent fraud.
• Customer Support: Respond to inquiries, troubleshoot issues, and provide technical assistance.
• Service Improvement: Analyze usage patterns (using aggregated, anonymized data) to enhance features, performance, and user experience.
• Security: Detect, prevent, and respond to security threats, fraud, abuse, and unauthorized access.
• Legal Compliance: Comply with applicable laws, regulations, legal processes, and governmental requests.
• Communications: Send transactional emails, product updates, and (with your consent) marketing communications.

3. How We Share Your Information

WE DO NOT SELL, RENT, OR TRADE YOUR PERSONAL INFORMATION.

We may share your information only in the following limited circumstances:

3.1 Service Providers

We work with trusted third-party vendors who assist in operating our Service:

• Hosting & Infrastructure: Render, Vercel, or AWS for hosting, storage, and computing resources.
• Payment Processing: Stripe for secure payment handling and subscription management.
• AI Services: Anthropic (Claude), OpenAI, or OpenRouter for AI-powered contract analysis.
• Email Services: SendGrid, Mailgun, or similar for transactional and notification emails.
• Analytics: Google Analytics or similar (using anonymized data) for usage insights.

These providers are contractually obligated to protect your data, use it only for specified purposes, and maintain confidentiality.

3.2 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, including to:

• Comply with court orders, subpoenas, or legal obligations
• Protect our rights, property, safety, or the rights of our users
• Prevent, detect, or investigate fraud, security threats, or illegal activities
• Enforce our Terms of Service and other agreements

3.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our Service of any such change in ownership or control.

3.4 Aggregated Data

We may share aggregated, anonymized, non-personally identifiable data (e.g., industry trends, usage statistics) with partners, researchers, or the public. This data cannot be used to identify you.

4. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in Transit: TLS/SSL (HTTPS) for all data transmission between your device and our servers.
• Encryption at Rest: AES-256 encryption for stored data, including uploaded contracts and database records.
• Access Controls: Role-based permissions, multi-factor authentication for staff, and principle of least privilege.
• Password Security: Passwords are hashed using bcrypt with salt; we never store plain-text passwords.
• Infrastructure Security: Hosting on SOC 2 compliant cloud platforms with regular security audits.
• Monitoring: Continuous monitoring for unauthorized access, anomalies, and security incidents.
• Incident Response: Documented procedures for detecting, responding to, and notifying users of security breaches.

HOWEVER, NO METHOD OF TRANSMISSION OR STORAGE IS 100% SECURE. While we strive to protect your data using commercially acceptable means, we cannot guarantee absolute security. You acknowledge and accept these inherent risks.

5. Data Retention

• Active Accounts: Data retained while your account is active and for the duration of your subscription.
• Contract Files: Retained for subscription term plus 90 days in backups, then permanently deleted.
• Usage Logs: Retained for up to 12 months for security, debugging, and analytics purposes.
• Deleted Accounts: Personal data permanently deleted within 30 days of account deletion, except where legally required to retain.
• Legal Retention: Some data may be retained longer to comply with legal obligations (e.g., tax records, fraud prevention).

6. Your Rights and Choices

6.1 Access and Correction

You can access, view, and update your account information at any time through your account settings or dashboard.

6.2 Data Portability

You can request a machine-readable copy of your data by emailing team@clauseoai.com. We will provide your data within 30 days.

6.3 Deletion

You can delete your account and all associated data at any time through account settings. Upon deletion, your data will be permanently removed within 30 days (except for legally required retention periods).

6.4 Marketing Opt-Out

You can opt out of marketing emails by clicking "unsubscribe" in any marketing email or by updating your communication preferences in account settings. Note: You will still receive transactional emails (e.g., renewal alerts, security notifications) necessary for Service operation.

6.5 Cookie Management

You can control cookies through your browser settings. Disabling essential cookies may limit some functionality of the Service. See Section 9 for more details.

7. Children's Privacy

Our Service is NOT intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at team@clauseoai.com, and we will promptly delete such information.

8. International Data Transfers

Our Service is operated in the United States. If you access the Service from outside the U.S., your information will be transferred to, stored, and processed in the United States and potentially other countries where our service providers operate.

These countries may have data protection laws different from those in your jurisdiction. By using the Service, you consent to such transfers. We implement appropriate safeguards (e.g., Standard Contractual Clauses) for international transfers where required.

9. Cookies and Tracking Technologies

We use the following types of cookies:

• Essential Cookies: Required for authentication, session management, and core Service functionality. Cannot be disabled.
• Analytics Cookies: Collect anonymized usage data to help us understand how users interact with the Service (e.g., Google Analytics).
• Preference Cookies: Remember your settings and preferences (e.g., language, theme).

You can manage cookie preferences through your browser settings. Most browsers allow you to block or delete cookies. Note that disabling essential cookies will prevent you from using certain features of the Service.

10. California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

• Right to Know: Request disclosure of personal information we collect, use, and share about you.
• Right to Delete: Request deletion of your personal information (subject to legal exceptions).
• Right to Opt-Out: We do NOT sell personal information, so no opt-out is necessary.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise these rights, email team@clauseoai.com with "CCPA Request" in the subject line. We will verify your identity and respond within 45 days.

11. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland, you have rights under the General Data Protection Regulation:

• Right of Access: Obtain confirmation of whether we process your data and access to your personal data.
• Right to Rectification: Correct inaccurate or incomplete personal data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten").
• Right to Restrict Processing: Request limitation of how we process your data.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or direct marketing.
• Right to Withdraw Consent: Withdraw consent at any time (does not affect lawfulness of prior processing).
• Right to Lodge a Complaint: File a complaint with your local data protection authority.

Legal Basis for Processing:

• Performance of contract (providing the Service you requested)
• Legitimate interests (improving Service, security, fraud prevention)
• Consent (marketing communications, optional features)
• Legal obligations (compliance with laws and regulations)

To exercise your GDPR rights, contact team@clauseoai.com. We will respond within 30 days. For data processing questions or to request a Data Processing Addendum (DPA), email team@clauseoai.com.

12. Third-Party Links

Our Service may contain links to third-party websites, plugins, or services. We are not responsible for the privacy practices or content of these third parties. We encourage you to review their privacy policies before providing any information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending an email notification to your registered email address
• Displaying an in-app notification when you next log in

Your continued use of the Service after the effective date of changes constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, you must stop using the Service and delete your account.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: team@clauseoai.com
• Support: team@clauseoai.com
• Legal: team@clauseoai.com
• Address: ClauseoAI LLC, 100 Park Avenue, Suite 2500, New York, NY 10017, USA

This Privacy Policy is part of our Terms of Service. By using ClauseoAI, you agree to both documents.