GDPR Compliance

What is GDPR?

The General Data Protection Regulation (GDPR) is a European law that gives you control over your personal data. Think of it as your digital bill of rights.

If you're in the EU, EEA, or UK, this applies to you. If you're not, you still get the same protections because we believe privacy is a human right, not a geographic privilege.

Your Rights Under GDPR

You have some pretty powerful rights when it comes to your data. Here's what you can do:

Right to Access

You can ask us what data we have about you. Spoiler alert: it's basically nothing because we don't collect personal information.

Right to Rectification

If we somehow have incorrect data about you, you can ask us to fix it. Again, since we don't collect personal data, this is unlikely to be an issue.

Right to Erasure ("Right to be Forgotten")

You can ask us to delete your data. Since we don't store your documents or personal information anyway, this is pretty easy for us to comply with.

Right to Restrict Processing

You can ask us to limit how we use your data. Since we only process your contracts to analyze them and then immediately delete them, there's not much to restrict.

Right to Data Portability

You can ask for your data in a format you can take elsewhere. Since we don't store your data, there's nothing to port.

Right to Object

You can object to how we process your data. We respect this right, though again, we're not doing much processing to begin with.

Rights Related to Automated Decision Making

You have rights regarding automated decisions that significantly affect you. Our AI analyzes contracts, but you're always in control of what you do with that analysis.

How We Protect Your Data

We take data protection seriously, even though we barely collect any data to begin with:

• Minimal Data Collection: We only collect what's absolutely necessary (basically just your account number)
• No Document Storage: Your contracts are processed and immediately deleted
• Encryption: All potentially sensitive data is encrypted, both in transmission and at rest
• Access Controls: Only authorized personnel can access our systems
• Regular Security Audits: We regularly review our security practices

Legal Basis for Processing

When we do process data, we do it based on:

• Legitimate Interest: Providing you with contract analysis services
• Contract Performance: Fulfilling our service agreement with you
• Consent: When you explicitly agree to something

Data Transfers

We're based in the US, but we follow GDPR standards regardless of where you are. If we ever need to transfer data internationally, we'll use appropriate safeguards like:

• Standard Contractual Clauses
• Adequacy decisions
• Other legally approved transfer mechanisms

But honestly, since we don't store your documents, there's not much to transfer anyway.

Data Retention

We keep data for as long as necessary to provide our services:

• Account Information: Until you delete your account
• Contract Documents: Immediately deleted after processing
• Usage Analytics: Anonymized and aggregated, kept for service improvement

Your Data Protection Officer

We don't have a formal Data Protection Officer because we're a small company that barely processes personal data. But if you have questions about your privacy rights, you can contact us directly.

Complaints and Supervisory Authorities

If you're not happy with how we handle your data, you have the right to complain to your local data protection authority. In the EU, you can find your local authority here.

But before you do that, please reach out to us first. We're reasonable people and we want to make things right.

Changes to This Policy

If we update this GDPR policy, we'll let you know by updating the date at the top and posting the new version on our website. For major changes, we might send you a notification.

Contact Us

Questions about your GDPR rights? We're here to help:

We'll respond to your request within 30 days, as required by GDPR. Usually much faster because we're not drowning in bureaucracy.