New to ContractLens? Use code WELCOME10 for $10 off your first scan
ContractLens

Privacy Policy

Last updated: April 2025

1. Introduction

ContractLens ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered property contract analysis service. This policy applies to our website at contractlens.au and all related services.

2. Information We Collect

2.1 Personal Information

We may collect personal information that you voluntarily provide when:

  • Creating an account (name, email address)
  • Uploading property contracts for analysis
  • Making payments (processed by Stripe; we do not store card details)
  • Subscribing to a monthly plan (managed via Stripe Billing)
  • Applying voucher or promotional codes
  • Contacting us for support

2.2 Contract Documents

When you upload a property contract for analysis, we temporarily store the document to process it using our AI system. The document content is used solely for analysis and generating your report. Contract files are stored in encrypted cloud storage and are not shared with other users.

2.3 Payment Information

All payment processing is handled by Stripe, Inc. (PCI-DSS compliant). We do not collect, store, or have access to your full credit card number. We retain only a record of the transaction amount, date, and Stripe payment ID for billing and support purposes. Subscription billing is also managed by Stripe. You can manage your subscription and payment methods through your account settings.

2.4 Automatically Collected Information

When you access our Service, we may automatically collect:

  • Device information (browser type, operating system)
  • Usage data (pages visited, features used, analysis interactions)
  • IP address and approximate location
  • Referral source and search terms

2.5 Analytics Data

We use Google Analytics (GA4) to collect anonymous usage data such as page views, session duration, and traffic sources. This data is aggregated and does not personally identify you. You can opt out by using browser extensions such as the Google Analytics opt-out browser add-on.

3. How We Use Your Information

We use the information we collect to:

  • Provide and improve our contract analysis service
  • Process payments, manage subscriptions, and apply voucher discounts
  • Generate and deliver analysis reports
  • Communicate with you about your analyses, account, and billing
  • Detect and prevent fraud or abuse
  • Comply with legal obligations
  • Analyze usage patterns to improve our service (via Google Analytics)

4. Data Storage and Security

Your data is stored securely using industry-standard practices:

  • Contract files are stored in encrypted cloud storage (Vercel Blob)
  • User accounts, analysis results, and billing records are stored in Supabase with row-level security (RLS)
  • All data transfers use TLS encryption (HTTPS)
  • Payment data is processed exclusively by Stripe (PCI-DSS compliant)
  • Access to personal data is restricted to authorized personnel on a need-to-know basis

5. Data Retention

We retain your data for the following periods:

  • Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
  • Contract documents: Retained while your account is active or until you delete them. Deleted within 30 days of request.
  • Analysis results: Retained while your account is active. Deleted within 30 days of account deletion.
  • Payment records: Retained for 7 years as required by Australian tax law.
  • Analytics data: Google Analytics data is retained for 26 months per Google's default retention settings.

6. Sharing Your Information

We do not sell, trade, or rent your personal information or contract documents to third parties. We may share information with the following service providers solely to operate our service:

  • Stripe: Payment processing and subscription management
  • Google (Analytics): Anonymous website usage analytics (GA4)
  • Vercel: Application hosting and file storage
  • Supabase: Database and authentication services
  • AI Provider: Contract content is sent to an AI API for analysis only. Content is not stored or used for training by the AI provider.

We may also disclose information when required by law or to protect our legal rights.

7. AI Data Usage

Contract content is sent to a third-party AI API for analysis. Your contract content is processed for the sole purpose of generating your analysis report. The AI provider does not retain your contract content beyond the processing period, and it is not used to train AI models.

8. Your Rights

Under the Australian Privacy Act 1988, you have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal data (see Data Deletion Policy below)
  • Opt out: Unsubscribe from marketing communications at any time
  • Complaint: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

To exercise any of these rights, contact us at privacy@contractlens.au.

9. Cookies and Tracking

We use the following types of cookies and tracking technologies:

  • Essential cookies: Required for authentication and session management (Supabase auth tokens)
  • Analytics cookies: Google Analytics cookies (_ga, _ga_* ) used to collect anonymous usage data
  • Stripe cookies: Used by Stripe.js for fraud prevention and payment security

We do not use third-party advertising cookies or retargeting pixels.

10. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

11. International Data Transfers

Your data may be transferred to and processed in countries outside Australia, including the United States (Google Analytics, Stripe, Vercel). These transfers are protected by appropriate safeguards including standard contractual clauses and the privacy frameworks of our service providers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us at:

14. Complaints

If you believe we have breached the Australian Privacy Principles, you may complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au. We request that you first contact us to allow us to address your concerns.

Data Deletion Policy

Last updated: April 2025

1. Overview

At ContractLens, we respect your right to control your personal data. This Data Deletion Policy outlines what data you can delete, how to request deletion, and what happens when data is deleted.

2. What You Can Delete

2.1 Account and Profile Data

You can request full deletion of your account, which includes:

  • Your profile information (name, email)
  • Authentication credentials
  • Subscription and billing status
  • Credit balance and transaction history
  • Voucher usage history

2.2 Contract Documents and Analysis Data

You can request deletion of specific contracts and their associated data, including:

  • Uploaded contract PDF files
  • Extracted contract text
  • Analysis results (risk scores, red flags, recommendations, etc.)
  • Associated payment records

2.3 Data We Must Retain

Certain data cannot be deleted due to legal and operational requirements:

  • Tax records: Payment transaction records (amount, date, Stripe ID) are retained for 7 years as required by the Australian Taxation Office
  • Fraud prevention: Anonymized records may be retained to prevent abuse
  • Analytics: Aggregated, anonymous usage data in Google Analytics cannot be attributed to individual users and is not covered by deletion requests

3. How to Request Data Deletion

Option A: Self-Service (Contract Documents Only)

You can delete individual contract analyses from your dashboard at contractlens.au/dashboard. This removes the contract file and analysis results immediately.

Option B: Full Account Deletion

To delete your entire account and all associated data:

  1. Visit contractlens.au/settings
  2. Scroll to the "Danger Zone" section
  3. Click "Delete Account" and confirm

Alternatively, email us at privacy@contractlens.au with the subject line "Account Deletion Request" from your registered email address.

Option C: Email Request

For any data deletion request, you can email privacy@contractlens.au with:

  • Your registered email address
  • Specific data you want deleted (or "all data" for complete deletion)
  • Reason for deletion (optional, helps us improve)

4. Deletion Timeline

Data TypeDeletion Timeline
Contract filesImmediate (within 24 hours)
Analysis resultsWithin 30 days
Account and profileWithin 30 days
Auth credentialsWithin 30 days
Subscription dataImmediately canceled; records deleted within 30 days
Payment recordsRetained for 7 years (tax law requirement)

5. What Happens After Deletion

  • Your account will be immediately deactivated and you will be logged out
  • You will lose access to all analysis reports and contract data
  • Any active subscription will be canceled immediately
  • Data will be permanently removed from our primary database within 30 days
  • Data may persist in encrypted backups for up to 90 days, after which it is permanently purged
  • Anonymized data that cannot identify you may be retained for analytics purposes

6. Data Portability

Before requesting deletion, you may request a copy of your data in a machine-readable format. Email privacy@contractlens.au with the subject line "Data Export Request". We will provide your data within 30 days.

7. Contact

For any questions about data deletion, contact our privacy team: