Privacy Policy
Last updated: March 2026
Introduction
Pactar (“we”, “us”, “our”) is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights regarding that data. We built Pactar to handle sensitive business documents, so we take this seriously.
1. What We Collect
Account data
When you sign up, we collect your email address, name, and (if you use Google OAuth) your Google profile information.
Contract data
Documents and text you upload or paste into Pactar are stored in our database and file storage. This includes original files, parsed sections, comments, AI summaries, and signatures.
Usage data
We collect basic usage analytics: pages visited, actions taken, session duration. This helps us understand how the product is used and where to improve it. We do not sell this data.
Payment data
Payments are processed by Stripe. We store only your Stripe customer ID — we never see or store your full card details.
Communications
If you contact us by email, we retain that correspondence to help resolve your issue.
2. How We Use Your Data
We use your data to:
- Provide and operate the Pactar service
- Send you transactional emails (contract invitations, signing notifications, receipts)
- Process payments via Stripe
- Generate AI summaries and flags via the Anthropic Claude API
- Respond to support requests
- Improve the product based on aggregated, anonymized usage patterns
We do not use your contract content to train AI models. We do not sell your data to third parties. We do not send marketing emails without your explicit consent.
3. AI Processing
When you upload a contract, section text is sent to the Anthropic Claude API to generate plain-language summaries and flags. This transmission is encrypted in transit. Anthropic’s API is used under their commercial terms, which prohibit them from training models on API inputs. For details, see Anthropic’s privacy policy at anthropic.com.
No personally identifiable information is included in these AI requests beyond what appears in the contract text itself.
4. Data Storage
Your data is stored using Supabase, which runs on AWS infrastructure in the United States. Files are stored in encrypted object storage. Database data is encrypted at rest.
We retain your data for as long as your account is active. If you delete your account, your data is permanently deleted within 30 days.
5. Counterparty Data
When you invite a counterparty to review a contract, we collect their email address and name (as you enter them). We send them a single invitation email containing a magic link. We do not create a Pactar account for them unless they choose to sign up. Their interaction data (comments, agreed sections, signature) is stored as part of the contract record and accessible to you as the contract owner.
6. Cookies
Pactar uses cookies for authentication (session management) and basic analytics. We do not use third-party advertising cookies. You can disable cookies in your browser, but the Service will not function correctly without session cookies.
7. Third-Party Services
We use the following third-party services to operate Pactar:
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Database and file storage | All user and contract data |
| Anthropic | AI summaries and flags | Contract section text |
| Docuseal | E-signature processing | Signer names and emails |
| Stripe | Payment processing | Email, billing info |
| Vercel | Hosting and edge functions | Request metadata |
| Resend | Transactional email | Recipient email, name |
8. Your Rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your data (right to erasure)
- Export your data in a portable format
- Object to certain types of processing
- Withdraw consent at any time
To exercise any of these rights, email us at privacy@pactar.app. We will respond within 30 days.
GDPR: If you are located in the European Economic Area, you have additional rights under GDPR. Pactar acts as the data controller for your personal data. Our legal basis for processing is contract performance (for operating the service) and legitimate interests (for analytics and product improvement).
CCPA: If you are a California resident, you have the right to know what personal information we collect, request deletion, and opt out of sale. We do not sell personal information.
9. Data Security
We implement reasonable technical and organizational measures to protect your data, including:
- Encrypted connections (TLS) for all data in transit
- Encrypted storage for files and database
- Row-level security policies on all database tables
- Limited internal access to production data
No system is completely secure. If you believe your account has been compromised, contact us immediately at security@pactar.app.
10. Children
Pactar is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with their data, contact us and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you by email or in-app notice before material changes take effect. The “Last updated” date at the top of this page reflects the most recent revision.
12. Contact
For privacy-related questions or requests: privacy@pactar.app