Privacy Policy

Last updated: 23 January 2026

Summary

We respect your privacy. We do not build profiles on you, sell your data, or use your information for marketing or advertising. Here's the key points:

  • Uploaded files are sent securely to our server for text extraction
  • You can review, redact, and anonymise before prepared text is sent to our AI provider
  • Names and identifiers can be replaced with tokens before AI processing
  • Checkout may create a short-lived recovery draft for paid sessions
  • Browser session data can be cleared anytime
  • Session auto-clears after inactivity or when you close your browser

How your data is processed

Here's the step-by-step flow of how your contract is handled:

  1. 1

    Upload or paste

    You upload a file or paste contract text. If you upload a file, it is sent securely to our server so text can be extracted.

  2. 2

    Review & redact

    You can review the pasted or extracted text and manually redact any sections you don't want sent for AI processing.

  3. 3

    Anonymise (optional)

    You can replace names, companies, and other identifiers with anonymous tokens (e.g., ⟦PERSON_1⟧).

  4. 4

    Send to AI provider

    Your prepared text (with any redactions and tokens applied) is sent securely over HTTPS to our AI provider.

  5. 5

    Explanation generated

    Our AI provider processes the text and returns a plain-English explanation.

  6. 6

    Results displayed

    The explanation is shown in your browser and can be cached in browser session storage. Tokenised names remain anonymised in the output.

Third-party processors

We use the following third-party services to provide this product:

OpenAI

AI text processing

Your prepared contract text (after any redaction/tokenisation you apply) is sent to generate the explanation.

We aim to send only the text needed to provide the service. We encourage you to redact or tokenise sensitive information before processing.

Stripe

Payment processing

Payment details are handled directly by Stripe. We do not receive or store your card information.

See Stripe's privacy policy for details on their data handling.

Vercel

Hosting and infrastructure

Basic technical data (IP address, browser type) may be logged for operational and security purposes.

Contract content is not logged or stored on our hosting infrastructure.

Data retention

Explain My Contract servers

Uploaded files are processed to extract text, and we may keep a short-lived checkout draft for up to 24 hours for paid-session recovery. Generated explanations are not stored on our servers.

Your browser session

Contract text, selected options, payment session details, and results are stored temporarily in your browser session while you use the service. This data is cleared when you close your browser, manually clear your session, or after 15 minutes of inactivity.

AI provider

Our AI provider processes your text according to their API data handling terms. We do not control their retention policies. Refer to their documentation for specifics.

Payment records

Stripe retains payment records as required for financial and legal compliance. These records do not include your contract content.

Your choices

You have control over your data at every step:

  • Clear your session

    Use the clear button in the navigation to delete all contract data from your browser at any time.

  • Redact before processing

    Manually select and redact any text you don't want sent to the AI provider. Redacted content is never transmitted.

  • Anonymise identifiers

    Replace names, companies, emails, and other identifiers with anonymous tokens before processing.

  • Output stays anonymised

    If you tokenised names before processing, your explanation will use those same tokens—keeping identities protected.

  • Export or discard

    Save your explanation as a PDF, or simply close your browser to discard everything.

Security

Encryption in transit

All data transmitted between your browser and our servers, and to third-party providers, is encrypted using HTTPS/TLS.

No content logging

We do not log your contract content or explanations on our servers. Only basic operational data (like error rates) is logged.

Minimal data transmission

We transmit only the text needed to generate your explanation. You control what is sent through redaction and tokenisation.

Session isolation

Your session data is isolated in your browser and is not accessible to other users or sessions.

Cookies & analytics

  • We use basic analytics to understand how the site is used and identify problems.
  • We do not use invasive tracking, retargeting, or third-party advertising cookies.
  • Analytics data is anonymous and does not identify you personally.

Your rights

  • Questions. You can contact us with privacy questions at any time.
  • Deletions. Since we don't store your contract content, there's nothing to delete. For other data queries, contact support.
  • UK Data Protection. Your data is protected under UK data protection laws.

Contact us

If you have privacy concerns or questions, please contact:

support@explainmycontract.co.uk

HomeTerms of Use