LegalDraft Privacy Policy

LegalDraft (“we”, “us”) is an AI contract risk scanning app for iOS. This policy explains what information we process, why, and the controls you have. In one sentence: your contract text stays on your device; AI analysis runs only after your explicit consent; we embed no advertising or behavioral-tracking SDKs and never sell your personal information.

1. Private by Design (Device-First)

• The original contract text and PDF are never uploaded to our servers. Optical character recognition (OCR) runs entirely on your device.
• Our servers keep only the minimum data needed to run the service:
  • Account information: the email address you sign up with, or the identifier produced by Sign in with Apple;
  • Preferences: your persona (e.g. freelancer / small business), interface language, default jurisdiction, and the timestamps of your disclaimer and AI-consent confirmations;
  • Contract metadata: a one-way content hash (which does not contain the text), contract type, jurisdiction, clause count, and upload time;
  • Analysis results: risk flags (clause id, risk category, severity, explanation text), score-card data, and standard-clause citation ids;
  • Subscription and quota state: your current tier and scans used this month.

2. Sign-Up and Sign-In

Creating an account is optional — the core analysis flow works without one. If you do sign in, we support Sign in with Apple and email magic links; we never see or store a password.

3. AI Data Processing (Third-Party Sharing)

AI explanations are provided by the third-party AI providers OpenAI and Anthropic. Before your first AI analysis, the app presents an explicit consent sheet:

• What is sent: only the contract clause text being analyzed and its risk category, relayed through our server gateway — no more than the explanation requires;
• What is not sent: your name, email, Apple ID, or location;
• No training: your content is never used to train AI models;
• Log retention: related request logs are kept no longer than 30 days;
• Revocable anytime: withdraw consent in Account → Privacy; the next AI analysis will ask again.

4. Data Storage and Security

Server-side data is stored in a Supabase-hosted database. All user-owned tables enforce Row Level Security so only your own session can access your data, and all transport is TLS-encrypted.

5. Data Retention and Deletion

You can delete your account anytime in-app via Account → Delete account. Deletion takes effect immediately: all server-side data tied to your account (profile, contract metadata, risk flags, quota records) is cascade-deleted permanently and cannot be recovered. On-device data is removed by deleting the app.

6. Analytics and Tracking

We embed no third-party advertising SDKs and no behavioral-tracking or analytics SDKs. We do not track you across apps, and we never sell your personal information.

7. Third-Party Services

• Supabase — account authentication and server-side data storage
• RevenueCat — subscription state management
• Apple App Store — subscription payment processing
• OpenAI / Anthropic — AI analysis (only after your explicit consent, see Section 3)

8. Children’s Privacy

LegalDraft is not directed at children under 13, and we do not knowingly collect personal information from children under 13.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be announced in-app; continued use constitutes acceptance. The “last updated” date at the top of this page reflects the current version.

10. Contact Us

For privacy-related questions: privacy@sanva.tk