My Contract X-Ray

Privacy Policy

Last updated: May 15, 2026

1. Overview

This Privacy Policy describes how My Contract X-Ray (“we”, “us”) collects, uses, and protects information when you use the Service. We aim to collect the minimum data needed to operate the Service.

2. Information We Collect

  • Account data: email address, hashed password, account timestamps.
  • Contract content: PDF files and pasted text you submit for analysis, and the AI-generated analysis returned to you.
  • Billing data: handled by Stripe; we store only customer ID, subscription status, and plan. We never see or store your card details.
  • Usage data: IP address (used to enforce free-plan limits), basic logs, and error reports.

3. How We Use Information

  • To operate, maintain, and improve the Service.
  • To process your contracts through our AI provider and return results to you.
  • To enforce free-plan limits and prevent abuse.
  • To process payments and manage subscriptions (via Stripe).
  • To send transactional emails (verification, password reset, billing notices).

4. AI Processing

Contracts you submit are sent to our AI provider strictly to generate your analysis. We do not use Your Content to train third-party AI models, and we have configured providers to disallow training on submitted data where supported.

5. Sub-processors

We rely on the following processors to operate the Service:
  • Lovable Cloud / Supabase: hosting, database, authentication, file storage.
  • Stripe: payment processing and subscription management.
  • AI providers (Google / OpenAI): contract analysis.
  • Email provider: transactional email delivery.

6. Data Retention

We keep contracts and analyses for as long as your account is active so you can revisit them. You can delete individual analyses at any time. Account deletion removes associated content within 30 days, except where retention is required by law (e.g., billing records).

7. Security

We use Row Level Security in our database, encrypted connections (HTTPS), encrypted storage at rest, and least-privilege access controls. No system is 100% secure; please use a strong, unique password for your account.

8. Your Rights

Depending on your jurisdiction (e.g., GDPR, CCPA), you may have the right to access, correct, export, or delete your personal data, and to object to certain processing. You can exercise most of these rights directly from Settings, or contact us through in-app support.

9. Cookies & Tracking

We use only essential cookies needed for authentication and session management. We do not use third-party advertising or cross-site tracking.

10. Children

The Service is not intended for individuals under 18. We do not knowingly collect data from children.

11. International Transfers

Your data may be processed in countries outside your own. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Service or by email.

13. Contact

Questions about this Privacy Policy or your data? Contact us through the in-app support channel.
Terms of Service·Home