Privacy Policy

1. Who We Are

Contract Scanner ("we," "us," or "our") is a Chrome browser extension that uses artificial intelligence to help users identify potentially risky clauses in contracts and Terms of Service documents. Our website is contractscanner.app and our extension is available on the Chrome Web Store.

For privacy questions, contact us at: [email protected]

2. What Data We Collect

2.1 Data You Provide

• Email address — if you create an account. Used for authentication and transactional emails only (e.g., password reset).
• Password — stored as a secure hash; we never store or transmit plaintext passwords. Authentication is powered by Supabase Auth.

2.2 Data Processed During Analysis

• Contract text — when you click "Analyze," the visible text of the current web page is extracted and sent to our backend server, which forwards it to an AI language model (DeepSeek) for analysis. The original contract text is not stored after analysis is complete. It is held in memory only for the duration of the API request (typically under 30 seconds).
• Page URL — sent alongside the contract text so we can include it in your history record. It is stored only if you are signed in.

2.3 Analysis Results (History)

• If you are signed in, the analysis output (risk score, risk level, and extracted risk clause summaries) is saved to your account history. This is a summary derived from the contract — not the original full text.
• If you are not signed in, results are stored only in your browser's chrome.storage.local and never leave your device.

2.4 Usage Data

• Monthly usage count — we track how many analyses you have run in the current month to enforce free-tier quotas. This counter is stored in our database associated with your account.
• Subscription status — whether your account is on the free tier or a paid plan.

2.5 Data We Do NOT Collect

• We do not track which websites you visit.
• We do not read any page unless you explicitly click "Analyze."
• We do not collect browser history, cookies from other sites, or any personal data beyond what is listed above.
• We do not use advertising trackers or sell your data to third parties.

3. How We Use Your Data

• To provide the Service — analyzing contracts requires sending text to our AI provider.
• To enforce usage limits — free accounts are limited to 5 analyses per month.
• To maintain your history — so you can revisit past analyses.
• To process payments — handled by LemonSqueezy; we do not store payment card details.
• To send transactional emails — account confirmation, password reset. No marketing emails without your consent.

4. Third-Party Services

We rely on the following sub-processors:

• DeepSeek (Privacy Policy) — AI model used to analyze contract text. Contract text is sent to DeepSeek's API for each analysis request. DeepSeek processes this data according to their API data usage policy.
• Supabase (Privacy Policy) — authentication and database. Stores your email, hashed password, usage counter, and analysis history.
• Cloudflare Workers (Privacy Policy) — our API backend runs on Cloudflare's edge network. Cloudflare may log request metadata (IP addresses, timestamps) for security and abuse prevention.
• LemonSqueezy (Privacy Policy) — payment processing for paid subscriptions. We do not receive or store your full card number.

5. Chrome Extension Permissions

The Chrome extension requests the following permissions, and here is why each is needed (this section applies to the Chrome extension only; the desktop and mobile apps do not require browser permissions):

• activeTab — to read the text of the page you are currently viewing when you click Analyze. We only access the active tab on demand, never in the background.
• scripting — to inject a content script that extracts contract text and highlights clauses in the page.
• storage — to save your settings, usage quota, auth token, and local history in chrome.storage.local.
• sidePanel — to display the extension UI in Chrome's built-in side panel.
• <all_urls> host permission — required to inject the content script on any page that may contain a contract. We only read page text when you click Analyze; we do not monitor, track, or otherwise access pages automatically.

6. Data Retention

• Contract text — not retained; discarded after each analysis response.
• Analysis history — retained until you delete individual records or delete your account.
• Usage counters — reset monthly; historical counts older than 13 months are purged.
• Account data (email) — retained until you delete your account.

7. Your Rights and Choices

• Access — you can view your analysis history in the extension at any time.
• Deletion — you can delete individual history records from the extension, or delete your entire account (and all associated data) by emailing [email protected]. We will process deletion requests within 30 days.
• Data portability — email us to request an export of your data in JSON format.
• Opt-out of history — use the extension in guest mode (without signing in) and no data is ever sent to our servers beyond the analysis request itself.

8. Children's Privacy

Contract Scanner is not directed at children under 13 years of age, and we do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us to have it removed.

9. Security

We implement industry-standard security measures including encrypted transit (HTTPS/TLS), hashed passwords, and row-level security on our database. However, no transmission over the internet is 100% secure, and we cannot guarantee absolute security.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we will notify signed-in users via email. Continued use of the extension after changes constitutes acceptance of the updated policy.

11. Contact

For any privacy-related questions, requests, or concerns, please contact us at:
[email protected]