Privacy Policy

Last Updated: November 15, 2025

This Privacy Policy explains how Contract Monster ("we", "our", or "us") collects, uses, and protects your personal data when you use our contract analysis service. We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

Data Controller: Contract Monster
Email: privacy@contract-monster.example.com
Address: [Your business address]

We are the data controller responsible for your personal data. If you have any questions about how we handle your data, please contact us using the details above.

2. Data We Collect

2.1 Account Information

  • Email address (required for account creation)
  • Password (encrypted)
  • Account creation date

2.2 Contract Documents

  • Uploaded contract files (PDF, DOCX)
  • Extracted text from documents
  • File metadata (filename, size, upload date)

2.3 Analysis Data

  • Analysis results (risks, obligations, recommendations)
  • Confidence scores and metadata
  • Analysis timestamps

2.4 Technical Data

  • IP address (for security purposes)
  • Browser type and version
  • Device information
  • Access logs and timestamps

3. How We Use Your Data

We use your personal data for the following purposes:

  • Provide the Service: To analyze your contracts and provide legal insights
  • Account Management: To create and maintain your account
  • Communication: To send service-related notifications
  • Security: To protect against fraud and unauthorized access
  • Legal Compliance: To comply with legal obligations
  • Service Improvement: To improve our AI models and user experience (anonymized data only)

5. Personal Data Protection (PII Redaction)

🔒 We Protect Your Personal Information

Before sending your contract to our AI analysis engine, we automatically redact (remove) all personally identifiable information (PII) to protect your privacy.

What We Redact:

  • Personal names (replaced with role context, e.g., "Landlord", "Tenant")
  • Email addresses
  • Phone numbers
  • Physical addresses
  • Bank account numbers (IBAN)
  • Credit card numbers
  • National ID numbers (passport, social security, etc.)
  • IP addresses

Important: The redacted text is what gets analyzed by our AI. This means your personal information never leaves our secure servers and is never sent to third-party AI providers.

6. Third-Party Services

We use the following third-party services to provide our platform:

GROQ (AI Analysis Provider)

  • Purpose: AI-powered contract analysis
  • Data Sent: Redacted contract text only (NO personal information)
  • Data Protection: GROQ is a GDPR-compliant data processor
  • Location: [US/EU - verify with GROQ]

Note: We have a Data Processing Agreement (DPA) with all third-party processors to ensure GDPR compliance.

7. Data Retention

We retain your data for the following periods:

  • Account Data: Until you delete your account
  • Contract Files: Until you delete them (you have full control)
  • Analysis Results: Until you delete the associated contract
  • Access Logs: 90 days for security purposes

You can delete your contracts and analyses at any time from your account dashboard. Account deletion is permanent and irreversible.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

Right to Access (Article 15)

You can request a copy of all personal data we hold about you.

Right to Rectification (Article 16)

You can correct inaccurate or incomplete data.

Right to Erasure (Article 17)

You can delete your account and all associated data at any time.

Right to Data Portability (Article 20)

You can export your analysis results in PDF, DOCX, or JSON format.

Right to Object (Article 21)

You can object to processing based on legitimate interests.

Right to Withdraw Consent

You can withdraw consent at any time by deleting your data or account.

Right to Lodge a Complaint

You have the right to lodge a complaint with your national supervisory authority.

To exercise any of these rights, please contact us at privacy@contract-monster.example.com

9. Security Measures (GDPR Article 32)

We implement appropriate technical and organizational measures to protect your data:

  • Encryption: HTTPS for data in transit, encrypted password storage
  • PII Redaction: Automatic removal of personal information before AI processing
  • Access Control: Authentication required, user data isolation
  • Audit Logging: All data access is logged for security monitoring
  • Regular Updates: Security patches and vulnerability assessments
  • Secure Deletion: Permanent removal of data upon deletion request

10. Cookies

We use essential cookies to provide our service:

  • Authentication: To keep you logged in
  • Security: To prevent cross-site request forgery (CSRF)
  • Preferences: To remember your language and theme settings

We do NOT use tracking or advertising cookies. You can disable cookies in your browser, but this may affect functionality.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice on our website. The "Last Updated" date at the top of this policy indicates when it was last revised.

12. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Supervisory Authority

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with your national data protection authority:

This Privacy Policy is effective as of November 15, 2025

Terms of Service Back to Home