Privacy Policy

Last updated: April 9, 2026

1. Introduction

Kontratai, operated by Morphic Labs ("we", "us", "our"), is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your information when you use our AI contract analysis platform.

2. Information We Collect

Account Information

• Email address (for authentication)
• Full name (provided at signup)
• Password (hashed, never stored in plaintext)

Contract Data

• PDF files you upload for analysis
• Contract text extracted from PDFs
• Party names, roles, and negotiation context you provide
• Comments, proposed changes, and approvals made during negotiation

Payment Information

• Subscription status and plan type
• Payment processing is handled entirely by Lemon Squeezy — we never see or store your credit card details

Usage Data

• Activity logs (contract views, analysis requests, invite usage)
• Device type and browser (via standard HTTP headers)

3. How We Use Your Information

• Contract Analysis: Your uploaded contracts are processed by OpenAI's GPT-4o-mini model to generate clause-by-clause analysis, risk detection, and negotiation recommendations.
• Authentication: Your email and password are used solely for account access via Supabase Auth.
• Notifications: We may send transactional emails (account confirmation, password reset) from info@kontratai.com.
• Service Improvement: Aggregated, anonymized usage patterns may be used to improve the platform.

4. AI Processing

When you upload a contract, the text is sent to OpenAI's API for analysis. Important:

• We do not use your contracts to train AI models. OpenAI's API data usage policy confirms that API inputs are not used for model training.
• Contract text is sent over encrypted connections (TLS)
• AI-generated analysis is stored in our database and associated only with your account

5. Data Storage and Security

• Database: Supabase (PostgreSQL) with Row Level Security (RLS) on every table — your data is isolated from other users at the database level
• File Storage: Supabase Storage with authenticated access only
• Encryption: All data in transit uses TLS. Data at rest is encrypted by Supabase
• Access Control: 54 RLS policies ensure strict data isolation between accounts
• Hosting: Vercel (US) with HTTPS and HSTS

6. Data Sharing

We do not sell your data. We share information only with:

• OpenAI: Contract text for AI analysis (API processing, not training)
• Supabase: Database and authentication infrastructure
• Lemon Squeezy: Payment processing
• Vercel: Application hosting
• Guest users: When you create an invite link, guests can see the contract analysis (excluding your negotiation strategy)

7. Guest Access Privacy

When a contract owner shares an invite link, the guest can view:

• Contract text and clause breakdown
• Risk analysis and implications
• Comments and version history

Guests cannot see:

• The owner's negotiation strategy
• AI-suggested changes or redlines prepared for the owner
• Other contracts in the owner's account

8. Data Retention

• Account data is retained as long as your account is active
• Upon account deletion, all your data (contracts, analysis, comments) is permanently deleted within 30 days
• Invite links are deactivated immediately upon account deletion

9. Your Rights

You have the right to:

• Access your data (available through the dashboard)
• Export your contracts (DOCX export feature)
• Delete individual contracts or your entire account
• Correct your profile information
• Object to data processing by contacting us

10. Cookies

We use essential cookies only for authentication (Supabase session tokens) and user preferences (language, theme). We do not use tracking cookies or third-party advertising cookies.

11. Children's Privacy

Kontratai is not intended for use by anyone under 18 years of age. We do not knowingly collect information from minors.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email. Continued use of the Service after changes constitutes acceptance.

13. Contact

For privacy-related questions or data requests, contact us at info@kontratai.com.