Privacy Policy

1. Introduction

Pact ("Company," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services.

Please read this Privacy Policy carefully. By using our Services, you consent to the practices described in this policy. If you do not agree with this policy, please do not use our Services.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, password, company name, and job title when you register
• Payment Information: Billing address and payment method details (processed securely by our payment processor)
• Documents and Content: Contracts, legal documents, and other content you upload for analysis
• Communications: Messages, feedback, and correspondence you send to us

2.2 Information Collected Automatically

• Usage Data: Features used, actions taken, time spent, and interaction patterns
• Device Information: Browser type, operating system, device identifiers, and IP address
• Log Data: Access times, pages viewed, referring URLs, and error reports
• Cookies and Tracking: Information collected through cookies and similar technologies (see Cookie Policy)

2.3 Information from Third Parties

• Authentication Providers: If you sign in using Google, Microsoft, or other providers
• Payment Processors: Transaction status and payment confirmation from Stripe

3. How We Use Your Information

We use your information to:

• Provide, maintain, and improve our Services
• Process your documents and provide AI-powered analysis
• Process payments and manage your subscription
• Send transactional emails (receipts, security alerts, service updates)
• Respond to your inquiries and provide customer support
• Analyze usage patterns to improve our Services
• Detect, prevent, and address fraud, abuse, and security issues
• Comply with legal obligations

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), we process your data based on:

• Contract Performance: Processing necessary to provide Services you requested
• Legitimate Interests: Improving our Services, security, and fraud prevention
• Legal Obligation: Compliance with applicable laws and regulations
• Consent: Where you have given explicit consent for specific processing

5. How We Share Your Information

We do not sell your personal information. We may share your information with:

• Service Providers: Third parties who help us operate our Services (hosting, payment processing, analytics)
• AI Providers: To process documents and generate analysis (with appropriate data protection agreements)
• Legal Requirements: When required by law, subpoena, or legal process
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: When you explicitly authorize sharing

6. Data Retention

We retain your information for as long as your account is active or as needed to provide Services. Specific retention periods:

• Account Data: Until account deletion plus 30 days for backup purposes
• Uploaded Documents: Until you delete them or close your account
• Payment Records: 7 years for tax and legal compliance
• Usage Logs: 90 days for operational purposes

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256)
• Regular security assessments and penetration testing
• Access controls and authentication requirements
• Employee security training and confidentiality agreements
• Incident response procedures

8. Your Rights

Depending on your location, you may have the right to:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data ("right to be forgotten")
• Portability: Request your data in a machine-readable format
• Restriction: Request restriction of processing
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, contact us at privacy@closepact.com. We will respond within 30 days.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, where applicable.

10. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA:

• Right to know what personal information is collected and how it's used
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising privacy rights

11. Children's Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.