Privacy Policy

• Account data. The email address you use to sign in, and authentication session metadata (created/expires timestamps, IP address of sign-in).
• Contracts you upload. The original file and the extracted text. Stored privately in your account.
• Analyses. The AI-generated redlines, summaries, and email drafts associated with each contract you process.
• Usage logs. Request timestamps, file sizes, latency, and error details, used for operating and improving the Service. We do not store contract text in operational logs.

• To provide the contract-review Service to you.
• To maintain your account and history.
• To enforce usage limits and detect abuse.
• To debug, monitor, and improve the Service.

We do not use your contracts to train AI models. We do not sell your data to third parties.

We rely on the following service providers to operate CounterClause. Each receives only the data necessary for its function:

• Anthropic, PBC — runs the AI model that produces redlines. Receives the contract text or PDF for analysis. Does not retain inputs for training.
• Vercel Inc. — hosts the application, stores uploaded files (Vercel Blob), and runs serverless functions.
• Neon Inc. — Postgres database where account data and saved analyses are stored.
• Resend Inc. — sends magic-link sign-in emails. Receives your email address.

• Saved analyses and uploaded contracts are retained as long as your account is active.
• On account deletion, we remove your data within 30 days.
• Operational logs are retained for up to 90 days for debugging and security purposes, then deleted.

You can request a copy of your data, ask us to correct inaccuracies, or request deletion of your account and stored contracts at any time by emailing hi@counterclause.com. If you are in the EU/UK, you also have rights under GDPR including the right to lodge a complaint with your local data-protection authority.

We use a small number of essential cookies to keep you signed in and to maintain CSRF protection. We do not use advertising or third-party tracking cookies.

All traffic is encrypted in transit (HTTPS). Uploaded contracts are stored in private Vercel Blob storage and are accessible only via authenticated, server-side requests verified against your account. AI credentials are stored as encrypted environment variables; the AI provider receives only the document under review for the duration of the request.

CounterClause is not intended for children under 18.

We may update this policy from time to time. The Effective date above indicates the most recent version. Material changes will be communicated by email or in-product notice.

Questions or requests: hi@counterclause.com