ContractSummaryAI is operated by Middletech Limited, registered in Ireland, EU (“we”, “us”, “our”).

This privacy policy explains how we collect, use, and protect personal data when you use our website and contract review service.

If you have questions about this policy or your data, contact us at the address on our Contact page.

We may collect the following categories of personal data:

• Account details — name, email address, and password when you register.
• Contract content — files or text you upload for review, and questions you ask about a review.
• Usage data — pages visited, features used, IP address, browser type, and approximate location derived from IP.
• Security data — Cloudflare Turnstile tokens and rate-limit identifiers to prevent abuse.
• Payment data — if you subscribe to a paid plan, billing details are processed by our payment provider; we do not store full card numbers.
• Support messages — information you send through our contact form or email.

We use personal data to:

• Provide contract summaries, benchmark comparisons, and follow-up Q&A.
• Create and manage your account and subscription.
• Send service emails such as verification, password reset, and billing notices.
• Improve our product, fix errors, and develop new features.
• Protect the service against fraud, abuse, and security incidents.
• Comply with legal obligations.

Under the General Data Protection Regulation (GDPR), we rely on the following legal bases:

• Contract — to deliver the service you signed up for.
• Legitimate interests — to secure our platform, prevent abuse, and improve the product in ways that do not override your rights.
• Consent — where required, for example optional marketing emails or non-essential cookies.
• Legal obligation — where we must retain or disclose data to comply with law.

We retain account data while your account is active and for a reasonable period after closure to meet legal, tax, and dispute requirements.

Uploaded contracts and review results are kept only as long as needed to provide the service or as stated in your plan. Free-trial uploads may be deleted sooner.

Server logs and security records are typically retained for up to 90 days unless a longer period is required for an investigation.

We do not sell your personal data. We share data only with trusted processors who help us run the service, such as:

Processors may be located in the EU, UK, or other countries with appropriate safeguards (such as Standard Contractual Clauses) where required.

• Cloudflare — hosting, CDN, and Turnstile bot protection.
• AI and infrastructure providers — to process contract text and generate summaries (under strict data-processing terms).
• Payment provider — to handle subscriptions when you upgrade.
• Email provider — to send account and support messages.

If you are in the EU/EEA or UK, you have the right to:

• Access a copy of your personal data.
• Correct inaccurate data.
• Request deletion in certain circumstances.
• Restrict or object to certain processing.
• Data portability where applicable.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with the Data Protection Commission (Ireland) or your local supervisory authority.

We use essential cookies for security, session management, and free-trial rate limits.

If we add analytics or marketing cookies in future, we will ask for consent where required and update this policy.

You can control cookies through your browser settings, though some features may not work without essential cookies.

All traffic to our site is served over HTTPS. Access to production systems is restricted and monitored.

No online service is completely secure. Please use a strong password and do not upload contracts you are not authorised to share.

We may update this privacy policy from time to time. We will post the revised version on this page and update the “Last updated” date.

For material changes, we will notify registered users by email or an in-app notice where appropriate.