Legal

Privacy Policy

This Privacy Policy ("Policy") explains how Contract Aegis ("we," "us," or "our") collects, uses, stores, and protects your information when you use the Contract Aegis desktop application, website, and related services (collectively, the "Service").

By using the Service, you agree to the practices described in this Policy. If you do not agree, please do not use the Service.

Contract Aegis is designed with a local-first architecture. Your contracts are processed on your device and are never uploaded to or stored on our servers. The only external transmission of contract data is to third-party AI providers (currently Google Gemini) for analysis purposes.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • First name and last name
  • Email address
  • Password (stored in hashed form; we never store plaintext passwords)

1.2 Contract Data

When you use the Service to analyze contracts, the following data is processed:

  • Contract text you upload (PDF) or paste into the application
  • Analysis results, risk scores, and flagged clauses
  • AI-suggested revisions for flagged clauses (Pro tier)
  • PDF analysis reports generated after analysis
  • Chat-based Q&A interactions about your contracts (Pro tier)

All contract data is processed and stored locally on your device. We do not upload, store, or have access to your contracts on our servers.

1.3 Subscription and Billing Information

If you subscribe to a paid plan (Pro) or purchase a Pay As You Go analysis, we collect payment information through our third-party payment processor. We do not directly store your full credit card number, bank account details, or other financial account information on our servers.

1.4 Usage Information

We may collect basic, non-identifying usage data to improve the Service, such as:

  • Application version and operating system
  • Feature usage frequency (e.g., number of analyses run, features accessed)
  • Error logs and crash reports

This data does not include the contents of your contracts or any personally identifiable information beyond your account details.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Create and manage your account
  • Process subscription payments and manage billing
  • Send you important notices about your account, subscription status, or changes to our terms
  • Respond to your support requests and inquiries
  • Diagnose technical issues and improve application performance
  • Enforce our Terms of Service and protect against misuse

We do not use your contract data, analysis results, or AI-generated output for advertising, marketing profiling, or any purpose unrelated to providing the Service to you.

3. Data Storage and Local Processing

3.1 Local-First Architecture

Contract Aegis is built around a local-first model. Your contract files, analysis results, and exported PDFs are stored locally on your device in the application's data directory — never on our servers.

3.2 Local Data Retention

The application stores the following data locally on your device:

  • Up to 50 analysis results in application memory
  • Up to 20 PDF buffers for analysis reports

You may clear your local history at any time through the application interface. Uninstalling the application removes all locally stored data.

3.3 Account Data

Your account information (name, email, hashed password) is stored on our servers for the purpose of authentication and subscription management. We retain this data for as long as your account is active. If you delete your account, we will remove your account data within 30 days, except where retention is required by law.

4. Third-Party Services

4.1 Google Gemini API

To perform AI-powered contract analysis, your contract text is transmitted to Google's Gemini API. Free tier users are served by Gemini 2.5 Flash; Pro and Pay As You Go users are served by Gemini 2.5 Pro. This is the only circumstance under which contract data leaves your device. Google's handling of this data is governed by Google's AI Terms of Service and Google's Privacy Policy.

If you use your own Gemini API key (available on the Pro tier), your contract data is transmitted directly from your device to Google under your own API agreement.

4.2 Payment Processors

Subscription payments are handled by third-party payment processors. These processors collect and handle your payment information in accordance with their own privacy policies and PCI-DSS compliance standards. We only receive confirmation of payment status and do not have access to your full payment details.

4.3 Google Fonts

Our website loads fonts from Google Fonts. When you visit our website, your browser makes requests to Google's servers to retrieve font files. This is subject to Google's Privacy Policy.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following limited circumstances:

  • Service providers: With trusted third-party service providers who assist us in operating the Service (e.g., payment processing, hosting), bound by contractual obligations to protect your data
  • AI analysis: Contract text is transmitted to Google Gemini for the sole purpose of performing AI-powered analysis, as described in Section 4.1
  • Legal requirements: When required by law, regulation, legal process, or governmental request
  • Safety and enforcement: To protect the rights, property, or safety of Contract Aegis, our users, or the public, and to enforce our Terms of Service
  • Business transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets, with notice provided to you

6. Data Security

We take reasonable technical and organizational measures to protect your information, including:

  • Passwords are hashed using industry-standard algorithms before storage
  • All data transmissions between your device and external services use TLS encryption
  • Contract data remains on your local device and is not stored on our servers
  • Access to account data is restricted to authorized personnel only

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, and you use the Service at your own risk.

7. Your Rights and Choices

7.1 Account Information

You may update or correct your account information at any time through the application settings. You may request deletion of your account by contacting us at the email address listed below.

7.2 Local Data

Since contract data is stored locally on your device, you have full control over it. You can clear your analysis history and delete cached PDFs through the application interface at any time.

7.3 Communications

You may opt out of non-essential communications (such as product updates or promotional emails) by using the unsubscribe link in those messages. You cannot opt out of essential account-related communications (such as billing notices or security alerts).

7.4 Data Portability and Deletion

You may request a copy of the personal data we hold about you, or request its deletion, by contacting us. We will respond to such requests within 30 days, subject to applicable legal obligations.

8. Cookies and Tracking

Our website may use essential cookies to maintain session state and support basic site functionality (such as keeping you logged in). We do not use third-party advertising cookies or cross-site tracking technologies.

The desktop application does not use cookies. Any data stored by the application is kept in local application storage as described in Section 3.

9. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us immediately.

10. International Data Transfers

If you access the Service from outside the United States, your information may be transferred to and processed in the United States or other jurisdictions where our service providers operate. By using the Service, you consent to the transfer of your information to jurisdictions that may have different data protection laws than your country of residence.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Service or by other reasonable means (such as email) before the changes take effect. Your continued use of the Service after the updated Policy takes effect constitutes your acceptance of the changes.

We encourage you to review this Policy periodically for any updates.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

privacy@contractaegis.app