Privacy Policy
Effective Date: January 2, 2026
At Paralegent AI, we take your privacy seriously. This Privacy Policy explains how we collect, use, and protect your information when you use our AI contract intelligence platform.
Contact Information
Data Controller: Cognilium AI (Paralegent AI)
Email: privacy@paralegent.ai
Contact: For privacy-related questions, please use our contact form
Table of Contents
1. Information We Collect
Account Information
- Email address and password (via Clerk authentication)
- Name and profile information
- Organization details
- Authentication preferences (SSO settings, MFA configuration)
Contract & Playbook Data
- Contract documents uploaded for analysis (PDF, DOCX)
- Legal playbook documents and extracted terms
- Analysis results and risk assessments
- Generated redlines and suggestions
- User preferences and playbook configurations
Usage Data
- API requests and response times
- Feature usage patterns
- Error logs and system diagnostics
- Microsoft Word add-in interactions
- Session duration and frequency
Technical Information
- IP address and location data
- Browser type and version
- Operating system information
- Device identifiers
- Microsoft Word version and configuration
2. How We Use Your Data
Service Provision
- Analyze contracts against your uploaded playbooks
- Generate AI-powered risk assessments and redline suggestions
- Provide real-time highlighting in Microsoft Word
- Process and store playbook configurations
- Enable contract version control and audit trails
Platform Improvement
- Improve AI model accuracy and performance
- Enhance user experience and interface design
- Develop new features and capabilities
- Optimize system performance and reliability
Security & Compliance
- Detect and prevent unauthorized access
- Monitor for security threats and vulnerabilities
- Maintain audit logs for compliance purposes
- Ensure data isolation between organizations
Communication
- Send service updates and security notifications
- Provide customer support and technical assistance
- Share product announcements and new features
- Respond to inquiries and feedback
3. Data Sharing & Disclosure
๐ No Data Sharing: We do not sell, rent, or share your contract data or analysis results with third parties for commercial purposes.
Service Providers
- Authentication: Clerk for secure user authentication and session management
- Cloud Infrastructure: AWS for data storage, processing, and hosting
- AI Processing: OpenAI, Anthropic, and Google for contract analysis (data is not used for model training)
- Monitoring: Error tracking and performance monitoring services
Legal Requirements
We may disclose information when required by law or to:
- Comply with legal process or government requests
- Protect against fraud or security threats
- Enforce our Terms of Service
- Protect the rights and safety of Paralegent AI and our users
Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice and ensure equivalent privacy protection continues.
4. Data Security
Encryption
- In Transit: TLS 1.2+ encryption for all data transmission
- At Rest: AES-256 encryption for all stored data
- Database: Encrypted storage in AWS DynamoDB and S3
Access Controls
- Complete data isolation per user account
- JWT token-based authentication with automatic refresh
- Multi-factor authentication (MFA) support
- Role-based access control for organizational features
Infrastructure Security
- SOC 2 Type II compliant infrastructure (AWS)
- Regular security audits and vulnerability assessments
- Automated backup and disaster recovery procedures
- Network security with firewalls and intrusion detection
Data Isolation
- Strict user ID filtering prevents cross-tenant data access
- Separate processing environments per analysis
- No shared data between different organizations
- Complete segregation of contract and playbook data
5. Data Retention
Automatic Deletion
All contract and analysis data is automatically deleted after 90 days using Time-To-Live (TTL) policies. This includes:
- Uploaded contract documents
- Analysis results and generated redlines
- Vector embeddings and processed data
- Temporary files and processing artifacts
Account Data
- Active Accounts: Playbook configurations and user settings retained while account is active
- Deleted Accounts: All data permanently deleted within 30 days of account closure
- Inactive Accounts: Data may be retained for up to 2 years for reactivation purposes
Logs and Analytics
- System logs retained for 30 days for security and debugging purposes
- Aggregated usage analytics (non-identifiable) may be retained longer
- Security incident logs retained as required for compliance
6. Your Rights
Data Access & Portability
- Request copies of your personal data and analysis results
- Export your playbook configurations and settings
- Download contracts and generated redlines
- Access audit logs of your account activity
Data Correction & Updates
- Update your account information and preferences
- Correct inaccurate personal data
- Modify playbook configurations
- Update communication preferences
Data Deletion
- Delete specific contracts or analysis results
- Remove playbook configurations
- Close your account and delete all associated data
- Request immediate deletion before automatic TTL
Processing Limitations
- Object to certain data processing activities
- Restrict processing during dispute resolution
- Withdraw consent for optional features
- Opt out of non-essential communications
How to Exercise Your Rights
To exercise any of these rights, please contact us using our contact formor email privacy@paralegent.ai. We will respond to your request within 30 days and may require identity verification for security purposes.
8. International Transfers
Your data is primarily stored and processed in the United States (AWS US-East-1 region). If you are located outside the US, your information may be transferred to and processed in the United States.
Data Protection Measures
- Standard Contractual Clauses (SCCs) with service providers
- SOC 2 Type II and ISO 27001 certified infrastructure
- Equivalent data protection standards in all jurisdictions
- Regular compliance audits and security assessments
GDPR Compliance
For users in the European Union, we comply with GDPR requirements including lawful basis for processing, data subject rights, and data protection impact assessments. We maintain detailed records of processing activities and have appointed data protection officers where required.
9. Policy Updates
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or service features. We will notify you of significant changes through:
- Email notification to your registered email address
- In-app notifications within the Paralegent AI platform
- Updates to this webpage with the new effective date
- Microsoft Word add-in notifications for important changes
Your continued use of Paralegent AI after the effective date of any changes constitutes acceptance of the updated Privacy Policy. If you disagree with the changes, you may close your account and cease using our services.
10. Contact Us
If you have questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us:
Email: privacy@paralegent.ai
Contact Form: https://paralegent.ai/contact
Data Protection Officer: Available upon request for enterprise customers
We will respond to your inquiry within 30 days and work with you to resolve any privacy concerns or requests.
Questions About Our Privacy Practices?
Our team is here to address any privacy concerns and help you understand how we protect your data.