Skip to content
PactSafe AI
Legal

Privacy Policy

Last updated · April 14, 2026

We built PactSafe AI because we got burned by bad contracts ourselves. The last thing we want is to build a product that betrays its users. This page explains what we collect, why, and exactly what you can ask us to delete.

What we collect

When you use PactSafe AI, we collect only what we need to run the product. Specifically:

  • The contracts you submit. Either pasted text or uploaded files (PDF, DOCX, TXT). We store these to run the analysis and show your history.
  • Extracted text. After parsing your upload, we keep a plain-text copy so the clause highlighter and exports can reference the original passages.
  • Analysis results. The risk score, red flags, missing protections, and negotiation drafts our model generates for your contract.
  • Account metadata. If you sign in, we store your email, sign-in provider, and timestamps for created/updated analyses. You can use the product without an account.
  • Usage logs. Timestamps, HTTP status codes, latency, and anonymized error traces — used for reliability and nothing else.

What we don’t collect

We deliberately avoid collecting things we don’t need. We do not collect:

  • Credit card numbers (payments are handled by Stripe).
  • Identity documents, SSNs, or any government ID.
  • Third-party cookies or advertising trackers. No GA, no Facebook pixel, no ad networks.
  • Location beyond the country derived from your IP address.
  • Browser fingerprints.

How your contracts are used

Your contracts are used only to:

  • Generate the analysis you requested (risk score, red flags, negotiation draft).
  • Display your history and let you re-export previous analyses as PDF or JSON.
  • Power the clause highlighter on your own analysis pages.

Your contracts are never used to train machine learning models — not our own, not third-party models, not anyone else. This is a hard rule and is enforced at the system level: our LLM API calls go out with zero-retention flags where available, and we do not keep a separate training corpus.

Third parties we share data with

To run PactSafe we have to send the contract text to a language model provider. We currently use a subset of the following:

  • Anthropic (Claude) — for primary analysis. Zero-retention is requested via API headers.
  • Groq (Llama 3.3 70B) — for fast first-pass scoring. Zero-retention is requested via API headers.
  • Ollama (self-hosted) — for local development. Never leaves our infrastructure.

We do not share your contracts with any other third party. We do not sell data. We do not enrich or syndicate it. If a government agency requests data, we will push back to the extent the law allows and notify you unless a court order prohibits it.

Security

  • In transit: TLS 1.3 on all API endpoints. HSTS enforced on the public site.
  • At rest: AES-256 encryption on stored uploads and database contents.
  • Access: Least-privilege role policies, audit logs, 2FA on all production console access.
  • Retention: Contracts and results are kept until you delete them or until your account is closed. You can delete any analysis from your History page with one click.

Your rights

Regardless of where you live, you have the following rights:

  • Access: Export everything we have on you as a JSON bundle.
  • Deletion: Remove any individual analysis, or close your account and wipe everything.
  • Correction: Update your email or account details at any time.
  • Portability: Download your analyses as PDF or JSON.
  • Objection: Tell us to stop processing your data for any optional reason.

To exercise any of these, email privacy@pactsafe.ai. We aim to respond within 5 business days.

Cookies

We use a small number of first-party cookies for session management and CSRF protection. We do not use third-party or advertising cookies. You can block cookies in your browser; the product may be less convenient but will still work.

Changes

If we materially change this policy, we’ll post the change here and email anyone with an account at least 14 days before it takes effect.

Contact

Questions about privacy: privacy@pactsafe.ai. Everything else: /contact.