Privacy Policy

Contrivox ("Contrivox", "we", "us", "our") operates the website contrivox.com and provides an AI-powered contract analysis service. For privacy inquiries, contact us at legal@contrivox.com.

• To analyse your contract using Claude (Anthropic's AI) and return results to you
• To process your payment and deliver your full report by email
• To prevent abuse via rate limiting (hashed IP only)
• To improve the product through aggregated, anonymized analytics
• To respond to legal obligations and support requests

We do not sell your personal data to third parties. We do not use your data for targeted advertising.

The following sub-processors handle data on our behalf:

• Uploaded contract files: deleted within 30 days of upload
• Analysis results (JSON): retained for 12 months for support purposes, then deleted
• Payment records: retained for 7 years as required by tax law
• Hashed IP addresses: purged after 90 days
• Account data: retained until you request deletion
• Email delivery logs: retained for 90 days

Depending on your location, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you
• Correction: request that inaccurate data be corrected
• Deletion: request deletion of your personal data ("right to be forgotten")
• Portability: receive your data in a machine-readable format
• Objection: object to certain processing activities
• Opt-out of sale (California / CCPA): we do not sell personal data, so this right is inherently satisfied

To exercise any of these rights, email legal@contrivox.com. We will respond within 30 days. We may ask you to verify your identity before acting on a request.

Contrivox uses only essential cookies required for authentication (Supabase session) and security (CSRF protection). We do not serve advertising cookies or use fingerprinting. PostHog uses a first-party cookie to distinguish unique visitors; this is analytics-only and contains no personal identifiers.

To opt out of PostHog analytics, enable "Do Not Track" in your browser settings — PostHog respects this signal.

We implement industry-standard security measures including:

• HTTPS with HSTS enforced across all pages
• Content Security Policy to mitigate cross-site scripting
• Row-level security on all database tables (Supabase RLS)
• IP addresses stored only as irreversible SHA-256 hashes
• Stripe's PCI-DSS Level 1 infrastructure for all payment data
• Server-side-only access to all API keys — none exposed to the browser

Despite these measures, no system is 100% secure. If you discover a security vulnerability, please report it responsibly to legal@contrivox.com.

Contrivox is operated from the United States. By using our service, you acknowledge that your data may be transferred to and processed in the United States and other countries where our service providers operate. We ensure that such transfers comply with applicable data protection law through the use of Standard Contractual Clauses and other appropriate safeguards where required.

Contrivox is not directed at persons under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Material changes will be communicated via the website. Your continued use of Contrivox after changes become effective constitutes your acceptance of the revised policy.

For any privacy-related questions or to exercise your rights:

You can also reach us via the contact form.