Privacy Policy

Overview

ClientCommit processes client contracts to extract obligations, deliverables, invoices, and renewal dates. Privacy is not an afterthought — it is built into the core architecture. Your contracts are anonymized before any text reaches an AI model.

Data We Collect

• Account information — email address, name, and organization name, collected during sign-up.
• Uploaded contract files — the PDF or document files you upload for processing.
• Extracted data — obligations, revenue commitments, deadlines, and related metadata produced by our extraction pipeline.

How We Process Contracts (Anonymization Pipeline)

This is the most important part of our privacy story. Here is exactly what happens when you upload a contract:

1. Text extraction — Text is extracted locally from your PDF using pdfplumber. The raw file never leaves our servers.
2. PII detection and replacement — We run the extracted text through Microsoft Presidio with a SpaCy NLP model. This runs entirely on our servers — no third-party service is involved. Every piece of personally identifiable information is replaced with a placeholder like [COMPANY_A] or [PERSON_1].
3. AI processing — Only the anonymized text is sent to our AI provider (Anthropic Claude API). The AI never sees real names, emails, phone numbers, or addresses.
4. Local restoration — After the AI returns structured data, we restore the real values locally using the entity mapping we kept on our servers.

AI Provider Data Handling

We use Anthropic's commercial Claude API. Under Anthropic's commercial API terms:

• Your data is not used to train their models.
• Inputs and outputs are not retained beyond the duration of processing.
• Data is processed and discarded — Anthropic does not store your prompts or completions.

Even so, the text Anthropic receives has already been stripped of all PII. There is nothing to misuse.

Data Storage & Encryption

• At rest: AES-256 encryption for all stored data.
• In transit: TLS 1.3 for all network communication.
• Entity mappings: The mapping between placeholders and real values is encrypted with column-level pgcrypto encryption — a separate layer on top of disk encryption.
• Database: Supabase Postgres with Row Level Security enforced at the database engine level.

Tenant Isolation

Every query to the database is scoped to your organization using Postgres Row Level Security (RLS). This is enforced by the database engine itself, not by application code. Even if there were a bug in our application layer, the database would still prevent cross-tenant data access.

Data Retention & Deletion

• You can delete any contract at any time. Deletion cascades to all related obligations, revenue commitments, and entity mappings.
• Account deletion removes all data associated with your organization — contracts, obligations, extracted data, and entity mappings.
• We do not retain contract data after you delete it. There is no soft-delete grace period.

Third-Party Services

We use a small number of third-party services. None of them receive raw contract text.

• Anthropic — AI extraction. Receives only anonymized text.
• Supabase — Database and file storage. Hosts encrypted data with RLS isolation.
• Auth0 — Authentication. Handles login only; does not receive contract data.

We do not use analytics or tracking services that receive contract data.

Your Rights

• Access — You can view all data we hold about your organization at any time through the dashboard.
• Export — You can export your obligations and contract data.
• Delete — You can delete individual contracts or your entire account and all associated data.

For any privacy-related requests, contact us at privacy@clientcommit.com.

Changes to This Policy

If we make material changes to this policy, we will notify you via email before the changes take effect. Minor clarifications or formatting updates may be made without notice.