Privacy Policy

Your trust is fundamental to our business. This policy explains how Clause Labs AI collects, uses, and protects your information.

Effective: February 1, 2026Last updated: February 19, 2026

Zero Data Retention

Contract text discarded after analysis

GDPR Compliant

Full data export and deletion rights

No AI Training

Your data is never used to train models

Right to Delete

30-day soft delete, then permanent removal

1. Who We Are

Clause Labs AI ("we," "us," or "our") is operated by Lineserve, Inc., a Delaware corporation. We provide an AI-powered contract review and analysis platform at app.stephenndegwa.com (the "Service").

Data Controller: Lineserve, Inc.
Contact: privacy@Clause Labs.ai

2. Information We Collect

2.1 Account Information

When you register, we collect:

  • Full name and email address
  • Organization name (if applicable)
  • Password (hashed, never stored in plaintext)
  • Role within your organization (Admin, Member, or Viewer)

2.2 Contract Data

When you upload contracts for review, the contract text is temporarily processed in memory by our AI analysis pipeline. We do not store contract text after analysis is complete. Only the following metadata is retained:

  • Contract title (as provided by you)
  • File type, size, and upload timestamp
  • AI-generated analysis results (risk scores, findings, suggestions)
  • Your interactions with analysis results (accepted/rejected suggestions)

2.3 Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers, CVVs, or full card details on our servers. We retain only:

  • Stripe customer and subscription identifiers
  • Billing plan and tier information
  • Invoice history and payment status

2.4 Usage Data

We automatically collect:

  • IP address and approximate geolocation (country-level)
  • Browser type, operating system, and device type
  • Pages visited, features used, and session duration
  • Referral source

2.5 Cookies and Tracking

We use cookies for authentication session management. See our Cookie Policy for detailed information.

3. How We Use Your Information

We use your information for the following purposes:

  • Provide the Service: Process contracts, generate AI analysis, deliver suggestions and risk assessments
  • Preference Learning: Your accept/reject patterns on suggestions are used to personalize your experience. This data is scoped to your account and never shared
  • Account Management: Authentication, billing, team management, and support
  • Service Improvement: Aggregate, anonymized usage statistics to improve features and performance
  • Communication: Service notifications, security alerts, and (with consent) product updates
  • Legal Compliance: Meet regulatory obligations and respond to lawful requests

4. AI Processing and Data Retention

Clause Labs AI uses Anthropic's Claude API for contract analysis. Our agreement with Anthropic includes:

  • Zero retention: Anthropic does not retain or log contract text sent via our API
  • No training: Your contract data is never used to train or fine-tune AI models
  • Processing only: Contract text is transmitted via encrypted TLS 1.3 connection, processed, and the response is returned. No copies are kept

Analysis results (risk scores, findings, suggestions) are stored in our database and associated with your account. You can delete these at any time by deleting the associated contract.

5. Data Sharing

We do not sell, rent, or share your personal information with third parties for their marketing purposes. We share data only with:

  • Anthropic (Claude API): Contract text for AI analysis (zero retention agreement)
  • Stripe: Payment processing
  • Supabase: Database hosting and authentication infrastructure
  • Cloudflare: CDN, DDoS protection, and SSL termination

All service providers are bound by data processing agreements that require them to protect your data and process it only as instructed.

6. Data Security

We protect your data with:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for all data at rest
  • Row-level security (RLS) on all database tables
  • Role-based access control within teams
  • Hashed passwords (bcrypt)
  • Automatic session expiration and secure token refresh

For more details, see our Security page.

7. Your Rights (GDPR and CCPA)

Depending on your jurisdiction, you have the following rights regarding your personal data:

  • Access: Request a copy of all personal data we hold about you
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your account and all associated data. We perform a 30-day soft delete followed by permanent removal
  • Data Portability: Export your data in a machine-readable format (JSON)
  • Restriction: Request that we limit processing of your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, email privacy@Clause Labs.ai. We will respond within 30 days.

7.1 California Residents (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.

8. Data Retention

  • Contract text: Not retained — discarded after analysis
  • Analysis results: Retained until you delete the contract or your account
  • Account data: Retained while your account is active. Upon deletion request, soft-deleted for 30 days, then permanently removed
  • Payment records: Retained as required by tax and financial regulations (typically 7 years)
  • Usage logs: Retained for 90 days, then aggregated and anonymized

9. International Transfers

Our servers are located in the European Union (Germany). If you access the Service from outside the EU, your data may transit through Cloudflare's global CDN network. Cloudflare maintains appropriate safeguards for international data transfers under GDPR.

10. Children's Privacy

Clause Labs AI is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected data from a minor, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and/or by posting a prominent notice on our Service at least 30 days before the changes take effect. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us:

Questions about your privacy?

We're committed to transparency. Reach out any time.

Email Privacy TeamView Security Details