Privacy Policy

Last updated: January 2025

We take your privacy seriously. This policy explains how we collect, use, and protect your personal information when you use Explain The Terms.

Overview

Explain The Terms ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service to analyze contracts and legal documents.

By using our service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

Information We Collect

Account Information

  • Email address (required for account creation)
  • User ID (automatically generated)
  • Authentication tokens (stored securely in cookies)
  • Session data

Document Information

  • Document files (PDF, Word, or image files) that you upload
  • File metadata (name, size, type)
  • Document type (automatically inferred)
  • Any concerns or notes you provide about the document
  • Extracted text and analysis results

Subscription Information

  • Subscription status and tier
  • Billing period information
  • Payment provider customer ID (handled by Stripe)

Note: Full payment details are processed and stored by Stripe, not by us. We only store subscription metadata.

Usage Information

  • Free usage counters
  • Event logs (contract creation, analysis requests)
  • Document processing statistics

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our service
  • Process and analyze your uploaded documents
  • Manage your account and subscription
  • Send you service-related communications
  • Enforce our terms of service and prevent abuse
  • Comply with legal obligations

We do not sell your personal information to third parties. We do not use your documents or analysis results for advertising purposes.

Third-Party Services

We use the following third-party services to operate our platform:

OpenAI

We use OpenAI's API to analyze your documents and generate embeddings. Your document content is sent to OpenAI for processing. OpenAI acts as a data processor on our behalf, and we have a Data Processing Agreement (DPA) in place with OpenAI to ensure your data is handled in compliance with GDPR and other privacy laws. OpenAI is certified under the EU-U.S. Data Privacy Framework and uses Standard Contractual Clauses for international data transfers. Please review OpenAI's Privacy Policy to understand how they handle your data.

Supabase

We use Supabase for database storage and authentication. Your account information and analysis data are stored in Supabase's secure infrastructure. We have executed a Data Processing Agreement (DPA) with Supabase to ensure GDPR compliance. Our Supabase project is configured to store data in the European Union, so your personal data resides in European data centers. Supabase uses Standard Contractual Clauses for any data transfers and is SOC 2 Type II certified. Please review Supabase's Privacy Policy for more information.

Cloudflare R2

We use Cloudflare R2 to store your uploaded document files. Files are stored securely and are only accessible to you. We have a Data Processing Agreement (DPA) in place with Cloudflare, which is automatically included in our service agreement. Our R2 storage is configured with EU-only jurisdiction, ensuring your files are stored and processed exclusively within the European Union. Cloudflare is certified under the EU-U.S. Data Privacy Framework and uses Standard Contractual Clauses for any data transfers. Please review Cloudflare's Privacy Policy for more information.

Stripe

We use Stripe to process payments. Payment information is handled directly by Stripe and is subject to Stripe's Privacy Policy and PCI compliance standards. We do not store credit card details on our servers. Stripe acts as our data processor for payment data, and we have a Data Processing Agreement (DPA) in place with Stripe, which is automatically included in our Stripe Services Agreement. Stripe is PCI-DSS Level 1 certified and is certified under the EU-U.S. Data Privacy Framework. Stripe Payments Europe (based in Ireland) handles European customer data, and any transfers are protected by Standard Contractual Clauses.

Data Processing Agreements

All third-party processors we use are vetted for strong security and privacy practices. We have signed Data Processing Agreements (DPAs) with each of them to ensure they only process personal data for our purposes and in line with GDPR Article 28 requirements. Each processor has committed to GDPR compliance and uses appropriate safeguards (such as Standard Contractual Clauses or the EU-U.S. Data Privacy Framework) for any international data transfers.

Data Security

We implement industry-standard security measures to protect your information:

Secure Processing

Documents are processed using industry-standard encryption.

Access Control

Row-level security ensures only you can access your data.

No Third-Party Sharing

We don't share your documents with third parties except as necessary to provide the service.

You Control Your Data

You can delete your data at any time through your account settings.

Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

Right to Access

You have the right to request a copy of all personal information we hold about you. You can export your data through your account settings.

Right to Deletion

You have the right to request deletion of your personal information. You can delete your account and all associated data through your account settings. This action is irreversible.

When you delete your account, we permanently delete all personal information including:

  • Your email address and account information
  • Your uploaded documents and files
  • All analysis results
  • Your usage history and preferences
  • Your subscription information
  • All event logs associated with your account

All data is permanently deleted and cannot be recovered. This is a hard delete - no data is retained or anonymized.

Right to Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format. You can export your data at any time.

Right to Rectification

You have the right to correct inaccurate personal information. You can update your email address and other account information through your account settings.

Right to Object

You have the right to object to certain types of processing. If you have concerns about how we process your data, please contact us.

Exercise Your Rights

You can exercise these rights by:

  • Using the data export feature in your account settings
  • Using the account deletion feature in your account settings
  • Contacting us directly at the email address below

Cookies and Tracking

We use cookies and similar technologies to:

  • Authenticate your session (essential cookies)
  • Remember your preferences
  • Analyze how you use our service (with your consent)

Essential cookies are required for the service to function and cannot be disabled. Non-essential cookies (such as analytics) require your consent. You can manage your cookie preferences through your browser settings or our cookie consent banner.

Data Retention

We retain your personal information for as long as necessary to provide our service and comply with legal obligations:

  • Active accounts: Data is retained while your account is active
  • Deleted accounts: All data is permanently deleted immediately upon account deletion
  • Event logs: Retained for 1 year for security and compliance purposes, then deleted
  • Inactive accounts: Data may be deleted after 2 years of inactivity

When you delete your account, all personal data including documents, analyses, and account information will be permanently deleted and cannot be recovered. No data is retained or anonymized.

Children's Privacy

Our service is not intended for children under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will delete that information.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Privacy Inquiries

Email: privacy@explaintheterms.com

We will respond to your inquiry within 30 days.

Related Policies

Please also review our Terms of Service to understand the rules and regulations for using our Service.

View Terms of Service
Manage Your Account