Privacy Policy
Last updated: March 28, 2026 · Effective: March 28, 2026
PlainLaw is built on plain language — including how we talk about privacy. This policy explains exactly what data we collect, why we collect it, how AI processes it, and what rights you have. Each section starts with a plain-English summary; click “Show formal legal text” for the complete legal version.
1. What Information We Collect
We collect your email when you sign up, the contracts you upload for analysis, basic usage data, and payment information (processed by Stripe — we never see your card number).
2. How We Use Your Information
We use your data to provide and improve PlainLaw — running the analysis, billing, sending account updates, and detecting abuse. We do not sell your data.
3. How AI Processes Your Data
When you submit a contract, its text is sent to Anthropic's Claude API to perform the analysis. Anthropic's commercial API terms explicitly prohibit using customer data to train their models. Your contract file is processed and then immediately deleted from our servers — only the analysis results are retained.
4. How We Share Your Information
We share data only with the vendors who run the infrastructure behind PlainLaw. We never sell your data. Here's the full list of third-party processors and what they do.
5. Data Storage and Security
Your data is stored in the United States. We use encryption in transit (TLS) and at rest (AES-256), and access is restricted to personnel who need it to operate the service. Contract files are immediately deleted after analysis — only your results are retained.
6. Data Retention
Contract files are immediately deleted after analysis completes — we never store your original documents. Analysis results are retained while your account is active and deleted within 30 days of account closure. Billing records may be kept longer for legal and tax reasons.
7. Cookies and Tracking
We use essential cookies (required for login), analytics cookies (optional, with IP anonymization), and functional cookies (to remember your preferences). You can manage your preferences in the cookie banner.
8. Your Rights — GDPR (EU, UK, and EEA Residents)
If you are in the EU, UK, or EEA, you have specific rights under GDPR: access your data, correct it, delete it, restrict processing, receive a portable copy, and object to certain uses. Contact us to exercise any of these.
9. Your Rights — CCPA (California Residents)
If you are a California resident, you have the right to know what data we collect, request deletion, opt out of any sale (we don't sell data), and not be discriminated against for exercising these rights.
10. International Data Transfers
PlainLaw is based in the United States. If you are outside the US, your data is transferred here. For EU/UK users, we use Standard Contractual Clauses as the legal transfer mechanism.
11. Children's Privacy
PlainLaw is not intended for users under 13 (or under 16 in the EU). We do not knowingly collect data from children. If we learn we have, we delete it immediately.
12. Changes to This Policy
We may update this policy. Changes will be posted on the Service, and the updated date at the top of this page will reflect when they take effect.
12a. User Feedback Data
If you choose to provide feedback on analysis results (such as thumbs up/down ratings on flagged provisions), we collect your rating and an optional reason. We use this data to improve analysis accuracy. Feedback does not include your contract text. It is entirely voluntary.
13. Contact Us
Questions, requests, or concerns about your privacy? Email us and we'll respond within 30 days.
PlainLaw · privacy@getplainlaw.com · Last updated March 28, 2026