Legal
Privacy Policy
Last Updated: April 15, 2026
1. Introduction
SafeToSign ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered contract analysis service at safetosign.io (the "Service").
By using SafeToSign, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.
2. Information We Collect
1.1 Information You Provide Directly
When you create an account or use our Service, we collect:
- Account Information: Email address, password (encrypted), and optional display name
- Payment Information: Processed securely by Stripe. We do not store your full card number, CVV, or billing address. We only receive a tokenised reference and the last 4 digits.
- Documents: Contracts you upload for analysis — processed by our AI and stored temporarily as described in Section 4.
- Communications: Any messages you send to our support team
1.2 Information Collected Automatically
- Usage Data: Features used, analysis requests, timestamps
- Device Information: Browser type, operating system, device type
- Log Data: IP address, access times, pages viewed
- Cookies: Essential cookies for authentication and session management
3. How We Use Your Information
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide and maintain our Service | Contract performance |
| Process your contract analyses | Contract performance |
| Process payments and manage subscriptions | Contract performance |
| Send service-related communications | Legitimate interest |
| Respond to support requests | Contract performance |
| Improve our Service and develop new features | Legitimate interest |
| Detect, prevent, and address fraud | Legitimate interest |
| Comply with legal obligations | Legal obligation |
✅ We do NOT sell your personal information, use your documents to train AI models, share your documents with other users, or send marketing emails without your explicit consent.
4. Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Anthropic (Claude AI) | Contract analysis | Document text (temporarily, for analysis only) |
| Stripe | Payment processing | Payment details (directly to Stripe) |
| Vercel | Frontend hosting | Access logs |
| Render | Backend hosting | Server logs |
Important Note on AI Processing
- Document text is sent to Anthropic's Claude AI via encrypted API connection
- Claude analyses the document and returns results
- Anthropic does not store your documents after processing
- Anthropic does not train models on your data
- Analysis results are stored in your SafeToSign account for your reference
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Until you delete your account |
| Analysis results | Until you delete them or your account |
| Uploaded documents | Deleted within 24 hours after analysis |
| Payment records | 7 years (legal/tax requirements) |
| Server logs | 90 days |
| Support communications | 2 years |
Deleting Your Data
- Delete individual analysis results from your dashboard
- Delete your entire account (Settings → Delete Account)
- Request complete data deletion by emailing privacy@safetosign.io
Upon account deletion, we will delete or anonymise your data within 30 days, except where retention is required by law.
6. Data Security
- Encryption in Transit: All data transmitted via TLS/HTTPS
- Encryption at Rest: Database encryption via AES-256
- Access Controls: Strict internal access policies
- Secure Payments: PCI DSS Level 1 compliant via Stripe
- Regular Audits: Ongoing security reviews and updates
7. Your Rights (GDPR & UK GDPR)
If you are located in the EEA or United Kingdom, you have the following rights:
| Right | Description |
|---|---|
| Access | Request a copy of your personal data |
| Rectification | Request correction of inaccurate data |
| Erasure | Request deletion of your data ("right to be forgotten") |
| Restriction | Request limited processing of your data |
| Portability | Receive your data in a portable format |
| Objection | Object to certain processing activities |
To exercise any of these rights, contact us at: privacy@safetosign.io. We will respond within 30 days.
8. Cookies
| Cookie | Purpose | Duration |
|---|---|---|
| Session cookie | Authentication | Session |
| Auth token | Keep you logged in | 7 days |
We do NOT use advertising cookies, third-party tracking cookies, or analytics cookies that identify individuals.
9. International Data Transfers
Your data may be processed in countries outside your residence, including the United States. We ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Processing Agreements with all third-party providers
- Selection of providers with adequate security certifications
10. Contact Us
For privacy-related questions or requests:
- Email: privacy@safetosign.io
- Data Controller: SafeToSign
- Location: Warsaw, Poland (EU)
Done reading? Head back to SafeToSign.
← Back to Home