🚀 Exciting news, Contracts.ai is now free to sign up for everyone.
Sign up for free
cross icon

GDPR Compliance Statement

CONTRACTS.AI, Inc. ("Contracts.ai", "ContractsAI", "we", "us", or "our") is committed to protecting the privacy and security of your personal information. This page describes how Contracts.ai supports compliance with the EU General Data Protection Regulation (GDPR). It is intended to provide transparency into our data protection practices for customers, prospects, and partners.
last updated
January 29th, 2026
1. Overview

Contracts.ai is committed to protecting personal data and complying with the European Union General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). This statement summarizes the technical, organizational, and procedural measures implemented by Contracts.ai to support GDPR compliance.

2. Scope

This statement applies to all personal data processed by Contracts.ai in the course of providing its Services, including:

  • Customer account and user data
  • End-user data
  • Personal data contained within documents (e.g., contracts) processed by the platform
3. Roles and Responsibilities
  • Data Controller: Customers of Contracts.ai, with respect to personal data they upload or submit
  • Data Processor: Contracts.ai, acting on documented customer instructions
  • Data Protection Oversight: CTO / Engineering Leadership
4. Lawful Basis for Processing

Contracts.ai processes personal data on behalf of its customers in accordance with documented instructions. Customers are responsible for determining the appropriate lawful basis under GDPR.

Contracts.ai relies on the following lawful bases where applicable:

  • Performance of a contract (Article 6(1)(b))
  • Legitimate interests (Article 6(1)(f))
  • Compliance with legal obligations (Article 6(1)(c))
5. Data Minimization and Purpose Limitation
  • Personal data is processed solely to provide contracted Services
  • Processing is limited to data necessary to perform requested functionality
  • Systems and workflows are designed to minimize unnecessary access to personal data
  • AI-based processing is scoped to extract relevant insights from documents without excessive data use
6. AI and Automated Processing

Contracts.ai uses machine learning models to analyze documents and generate structured outputs, summaries, and risk insights.

  • Customer data is processed solely to provide the Services
  • Customer data is not used to train or improve generalized models unless explicitly agreed
  • Processing is limited to customer-specific contexts and instructions
7. Data Security and Confidentiality

Contracts.ai implements appropriate technical and organizational measures, including:

  • Encryption of data in transit (TLS 1.2 or higher)
  • Encryption of data at rest
  • Role-based access controls and least-privilege principles
  • Secure authentication and authorization mechanisms
  • Continuous monitoring and logging
  • Regular security assessments, including third-party penetration testing
  • Secure software development lifecycle (Secure SDLC) practices
8. Subprocessors and Third Parties

Contracts.ai engages vetted subprocessors to support service delivery, including infrastructure and hosting providers such as Google Cloud and Vercel.

All subprocessors are subject to contractual data protection obligations consistent with GDPR requirements.

A current list of subprocessors is available upon request.

9. Data Processing Locations and International Transfers

Contracts.ai processes personal data in accordance with customer-specific data residency requirements:

  • For customers requiring European data residency, personal data is stored and processed within the European Economic Area (EEA)
  • For other customers, data may be processed in the United States or other jurisdictions

Where personal data is transferred outside the EEA, Contracts.ai implements appropriate safeguards, including Standard Contractual Clauses (SCCs), where applicable.

10. Data Subject Rights

Contracts.ai supports its customers in fulfilling data subject rights under GDPR, including:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to object

Requests are handled in accordance with customer instructions and applicable law.

11. Data Retention and Deletion
  • Personal data is retained only as long as necessary to provide the Services or comply with legal obligations
  • Customers may request deletion of their data in accordance with contractual agreements
  • Data deletion processes are designed to ensure secure and complete removal where applicable
12. Incident Response and Breach Notification

Contracts.ai maintains a formal incident response program to detect, investigate, and remediate security incidents.

In the event of a personal data breach, Contracts.ai will:

  • Notify affected customers without undue delay
  • Provide relevant information to support regulatory reporting obligations
  • Take appropriate steps to mitigate and remediate the impact
13. Governance and Review

This GDPR Compliance Statement is reviewed periodically and updated as necessary to reflect changes in regulatory requirements or internal practices.

Detailed data processing obligations are governed by the Contracts.ai Data Processing Addendum (DPA), which is incorporated into customer agreements or available upon request.

14. Contact and Data Protection Inquiries

Questions regarding this GDPR Compliance Statement or Contracts.ai data protection practices may be directed to:

Email: hello@contracts.ai

Data subject rights requests should be submitted through the relevant customer organization acting as the data controller.

Built with love and care in Silicon Valley, USA
SOC 2 and SOC 3 certified
Company
AboutContactPrivacyTerms
Legal
GDPRCCPAHIPAA
Support
hello@contracts.ai
© 2026 Contracts AI, Inc. All rights reserved.
Contracts.ai provides technology, not legal services, and its AI generated output is not legal advice, and may contain errors and misstatements or may be incomplete.  Use of Contracts.ai platform does not create an attorney-client relationship. You should consult a qualified attorney for legal advice regarding your specific situation.

DISCLAIMER: All logos and trademarks appearing on this website are the property of their respective owners. Their use is for informational purposes only and does not constitute an endorsement, sponsorship, or affiliation.