ClauseFort

Privacy Policy

Last updated: March 27, 2026

ClauseFort · https://clausefort.com

This Privacy Policy explains how ClauseFort("we", "us", "our") collects, uses, and protects your information when you use our service at https://clausefort.com. We are committed to protecting your privacy and handling your data transparently.

1. Information We Collect

1.1 Information You Provide

  • Email address — provided during account creation (Pro/Business plans) or for single scan report delivery
  • Full name — optionally provided during account creation
  • Payment information — processed entirely by Stripe. We never see, receive, or store your credit card numbers, CVV, or banking details
  • Contract text — the text content of documents you upload for analysis. This is processed in memory only and is never permanently stored on our servers. Original files are deleted immediately after text extraction

1.2 Information Generated by the Service

  • Analysis results — the reports generated from analyzing your contracts. Stored according to your plan's retention policy (see Section 5)
  • Usage data — pages visited, features used, analysis counts. Collected via Vercel Analytics for service improvement

1.3 Information Collected Automatically

  • IP address — used for free scan tracking (one scan per device) and abuse prevention. Not used for user profiling
  • Browser type and device information — collected by Vercel Analytics for performance optimization

2. Information We Do NOT Collect

  • We do not permanently store original contract files. They are processed in memory and deleted immediately after text extraction
  • We do not build tracking profiles or behavioral models of our users
  • We do not sell, rent, trade, or share personal data with third parties for marketing or advertising purposes
  • We do not use advertising cookies or third-party tracking pixels
  • We do not store credit card numbers or payment credentials

3. How We Use Your Information

We use your information for the following purposes:

  • Providing the Service — processing contract uploads, generating analysis reports, delivering results
  • Processing payments — facilitating transactions through Stripe
  • Transactional emails — sending report delivery notifications, account verification, password resets, and subscription confirmations via Resend
  • Preventing abuse — enforcing rate limits, detecting duplicate uploads, preventing unauthorized access
  • Improving the Service — analyzing aggregated, anonymized usage patterns to improve features and performance

4. Third-Party Services

ClauseFort relies on the following third-party services to operate. Each service processes data in accordance with their own privacy policies:

4.1 Stripe (Payment Processing)

All payment data is processed and stored by Stripe. Stripe is PCI-DSS Level 1 certified. We receive only a confirmation of payment status, subscription details, and a Stripe customer identifier. We never handle or store raw payment credentials.

4.2 Anthropic API (AI Analysis)

Contract text is sent to Anthropic's Claude API for analysis. According to Anthropic's data policy, API inputs are not used for model training. Contract text is processed for analysis only and is not retained by Anthropic beyond the API request lifecycle.

4.3 Supabase (Database)

User account data and analysis results are stored in Supabase PostgreSQL. All data is encrypted at rest. Row-level security ensures users can only access their own data.

4.4 Vercel (Hosting & Analytics)

ClauseFort is hosted on Vercel. Vercel Analytics collects anonymized performance and usage data. No personally identifiable information is shared with Vercel Analytics beyond standard server logs.

4.5 Resend (Email)

Transactional emails (report delivery, account notifications) are sent via Resend. Email addresses are shared with Resend solely for the purpose of email delivery.

5. Data Retention

  • Free scans: Contract text is deleted immediately after analysis. No report is stored. IP-based scan tracking data is retained for rate limiting purposes only
  • Single scans: Analysis reports are retained for 30 days from the date of purchase, then permanently and automatically deleted
  • Pro/Business plans: Analysis reports are retained for the duration of your subscription and are permanently deleted within 30 days of account deletion
  • Account data: Retained until you delete your account, then purged from all systems within 30 days
  • Payment records: Transaction records are retained by Stripe per their data retention policy and by us for accounting and legal compliance purposes

6. Your Rights

Under the General Data Protection Regulation (GDPR) and similar data protection laws, you have the following rights:

6.1 Right to Access

You may request a copy of all personal data we hold about you. Pro and Business subscribers can export their data from account settings at any time.

6.2 Right to Erasure

You may delete your account and all associated data at any time. Upon account deletion, all personal data, analysis reports, and usage history are permanently removed within 30 days.

6.3 Right to Rectification

You may update your personal information (name, email) from your account settings at any time.

6.4 Right to Data Portability

You may export your data in a machine-readable JSON format from your account settings.

6.5 Right to Object

You may opt out of non-essential data processing, including analytics cookies, via the cookie consent banner or by contacting us.

6.6 Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority if you believe your data rights have been violated.

6.7 Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33.

7. Cookies

7.1 Essential Cookies

We use essential cookies for session management and authentication. These cookies are strictly necessary for the Service to function and cannot be disabled.

7.2 Analytics Cookies

We use Vercel Analytics to understand how users interact with ClauseFort. Analytics cookies are only set with your consent via the cookie consent banner. You may accept or decline analytics cookies at any time.

7.3 No Advertising Cookies

ClauseFort does not use advertising cookies, retargeting pixels, or any third-party tracking technology for advertising purposes.

8. Children's Privacy

ClauseFort is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a user is under 18, we will promptly delete their account and associated data.

9. International Data Transfers

ClauseFort is operated from Morocco. Your data may be processed in the United States by our infrastructure providers (Vercel, Supabase, Anthropic). By using ClauseFort, you consent to the transfer of your data to these jurisdictions. We ensure that all data transfers are protected by appropriate safeguards in accordance with applicable data protection laws.

10. Security

We take the security of your data seriously. Measures include:

  • HTTPS/TLS 1.3 encryption for all data in transit
  • AES-256 encryption for all data at rest in Supabase
  • Row-level security ensuring users can only access their own data
  • Original contract files are never written to permanent storage
  • API rate limiting to prevent abuse
  • CORS restrictions to prevent unauthorized access

11. Changes to This Policy

We will provide at least 30 days notice of material changes to this Privacy Policy by email (for registered users) or by posting a notice on the Service. The "Last updated" date at the top of this page reflects the most recent revision.

12. Contact

For data protection inquiries, data access requests, or questions about this Privacy Policy, contact us at privacy@clausefort.com.

This Privacy Policy is effective as of March 27, 2026.

See also: Terms of Service · Disclaimer