Privacy Policy

This Privacy Policy describes how Contractdiff (“we”, “us”) collects, uses, and shares personal data when you use our website and services (the “Service”).

Account and identity: When you sign in, our authentication provider may process your email address, name, and similar profile details.

Documents and usage: We process files and text you upload for comparison, metadata needed to run the Service (such as file names and sizes), and technical data such as IP address, device and browser type, and logs for security and reliability.

Payments: Our payment processor handles card and billing details; we typically receive limited billing status from them, not full card numbers.

Support: If you contact us, we keep the information you provide to respond.

We use data to provide and improve the Service, authenticate users, process payments, prevent abuse and fraud, comply with law, and communicate with you about the Service (including important notices).

We may use service providers (for example hosting, email, analytics, and AI inference) who process data on our instructions and under appropriate agreements.

Where GDPR or similar laws apply, we rely on: performance of a contract; legitimate interests (such as securing the Service and understanding aggregate usage), balanced against your rights; consent where required; and legal obligations.

We retain personal data only as long as needed for the purposes above, including legal, accounting, and security requirements. Document content may be deleted or anonymized according to product settings, account closure, or our retention schedule described in the Service.

We implement technical and organizational measures designed to protect personal data, including encryption in transit and protections for storage. No method of transmission or storage is completely secure.

We do not sell your personal data. We share data with processors who help us run the Service (such as cloud hosting, authentication, payments, and AI providers), when required by law, or to protect rights and safety.

We and our processors may process data in countries other than your own. Where required, we use appropriate safeguards such as standard contractual clauses.

Depending on your location, you may have rights to access, correct, delete, or port your personal data, or to object to or restrict certain processing. You may also have the right to lodge a complaint with a supervisory authority.

To exercise rights, contact us using the details on our website. We may need to verify your request.

The Service is not directed at children under 16 (or the age required in your jurisdiction). We do not knowingly collect personal data from children.

We may update this Privacy Policy from time to time. We will post the new version here and adjust the “Last updated” date.

For privacy questions or requests, contact us through the options provided on our website.