Privacy Policy

Effective March 23, 2026. This page describes how ClauseMinds approaches these topics for transparency. It is not legal advice; have counsel review for your organization.

1. Who we are

ClauseMinds ("ClauseMinds," "we," "us") provides contract obligation intelligence software. This Privacy Policy explains how we handle personal data when you visit our websites, create an account, or use our services (collectively, the "Service").

2. Data we collect

We may collect:

  • Account and profile data: name, email, organization, role, and authentication identifiers from your identity provider (for example Supabase Auth).
  • Workspace and usage data: workspace membership, settings, in-product activity needed to operate features (such as review actions and notifications), and diagnostic or performance metrics.
  • Customer content: contracts and related files you upload, extracted text, structured obligation data, and metadata needed to provide traceability and workflows. This content may include personal data present in agreements (for example names or contact details in contract text).
  • Support and communications: messages you send us, including via contact forms or email.
  • Technical data: IP address, device and browser type, and cookies or similar technologies where used. See our Security page for related practices.

3. How we use data

We use personal data to:

  • Provide, operate, and improve the Service.
  • Authenticate users, enforce workspace boundaries, and protect accounts.
  • Process contracts and deliver extraction, review, notification, and analytics features.
  • Communicate about the Service, security, and billing.
  • Comply with law, respond to lawful requests, and enforce our terms.
  • Analyze aggregated or de-identified usage to improve reliability and product quality.

4. Legal bases (EEA, UK, and similar regions)

Where GDPR or similar laws apply, we rely on appropriate bases such as contract performance (providing the Service), legitimate interests (security, product improvement, and internal operations balanced against your rights), consent where required (for example certain cookies or marketing), and legal obligations.

5. Sharing and subprocessors

We use trusted service providers to host infrastructure, authenticate users, send email, process payments, and run analytics or error reporting. They process data only under our instructions and appropriate agreements. We may disclose information if required by law or to protect rights, safety, and security. Business transfers (such as a merger) may involve a successor assuming this Policy with notice as required.

6. Retention

We retain personal data for as long as your account is active or as needed to provide the Service, comply with law, resolve disputes, and enforce agreements. Customer content retention may be governed by your workspace settings, backups, and legal holds. You may request deletion subject to legitimate retention needs.

7. Security

We implement administrative, technical, and organizational measures designed to protect personal data, including encryption in transit, access controls, and workspace-scoped access patterns. No method of transmission or storage is completely secure; see Security for more detail.

8. International transfers

We may process data in the United States and other countries where we or our providers operate. Where required, we use appropriate safeguards such as standard contractual clauses.

9. Your rights

Depending on your location, you may have rights to access, correct, delete, or export personal data, object to or restrict certain processing, and withdraw consent where processing is consent-based. You may lodge a complaint with a supervisory authority. To exercise rights, contact us using the information below. Workspace administrators may need to act on requests that relate to organization-held data.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect their personal data.

11. Cookies and similar technologies

We use cookies and similar technologies where needed for session management, security, preferences, and product analytics. You can control cookies through browser settings; disabling some cookies may affect functionality. Where law requires consent for non-essential cookies, we will obtain it as implemented in the product.

12. Changes

We may update this Privacy Policy from time to time. We will post the revised version and update the effective date. Material changes may be communicated through the Service or by email where appropriate.

13. Contact

Privacy questions or requests: use our contact page.

    Privacy Policy