AllCapsAllCaps

Data Privacy

We take your privacy seriously. Here's exactly what data we collect, how we use it, and how we keep it safe.

Last updated: January 16, 2025

What Data You Share With Us

When you use AllCaps tools, we collect only the minimum data necessary to provide our services:

  • Account Information: Your name, email address, and company details when you create an account
  • Contract Data: Documents and files you upload to our tools for analysis (e.g., contracts, proposals, agreements)
  • Usage Data: How you interact with our platform (features used, time spent, actions taken)
  • Technical Data: IP address, browser type, device information, and cookies for security and performance

Important: We never sell your data to third parties. Your contract data is yours alone.

What We Do With Your Data

Your data is used exclusively to deliver and improve our services:

Service Delivery

Process your contracts through our AI tools to extract metadata, identify risks, and generate insights

Product Improvement

Analyze aggregated, anonymized usage patterns to improve tool accuracy and user experience

Security & Compliance

Monitor for suspicious activity, prevent fraud, and maintain SOC2 Type II compliance standards

Communication

Send important updates about your account, new features, and service announcements (you can opt out)

AI Model Training: We do not use your contract data to train third-party AI models. Your documents remain private and are processed in isolated environments.

How It's Protected

We implement enterprise-grade security measures to protect your data:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based permissions ensure only authorized personnel can access specific data
  • Infrastructure: Hosted on SOC2-compliant cloud providers (AWS, Vercel) with 99.9% uptime SLA
  • Monitoring: 24/7 security monitoring with automated threat detection and incident response
  • Regular Audits: Annual third-party security audits and penetration testing

We are SOC2 Type II certified, meaning independent auditors verify our security controls annually.

Your Control

You have complete control over your data. Here's what you can do:

Access Your Data

View all data we have about you through your account dashboard or by emailing privacy@allcaps.ai

Export Your Data

Download all your contracts and analysis results in standard formats (PDF, JSON, CSV)

Delete Your Data

Request complete deletion of your account and all associated data within 30 days

Correct Your Data

Update or correct any inaccurate information directly in your account settings

To exercise any of these rights, contact us at privacy@allcaps.ai or use the data controls in your account settings.

Third-Party Services

We work with select third-party providers to deliver our services. Each is vetted for security:

ServicePurposeData Shared
AWSCloud infrastructure and storageAll application data (encrypted)
VercelApplication hosting and deploymentUsage logs and analytics
OpenAI / AnthropicAI-powered contract analysisContract text (not used for training)
StripePayment processingBilling information (PCI-compliant)
PostHogProduct analyticsAnonymized usage patterns

All third-party providers sign Data Processing Agreements (DPAs) and maintain SOC2 or equivalent certifications. We never share your data with marketing or advertising platforms.

Data Retention

We retain your data only as long as necessary:

Active Accounts: Your contract data is retained as long as your account is active

Deleted Accounts: All data is permanently deleted within 30 days of account deletion, except where legally required

Usage Logs: Anonymized analytics are retained for up to 2 years for product improvement

Backups: Encrypted backups are retained for 90 days for disaster recovery purposes

You can request early deletion of specific files or your entire account at any time by contacting privacy@allcaps.ai.

Compliance

We comply with major data protection regulations:

  • GDPR (EU): Full compliance with General Data Protection Regulation for European users
  • CCPA (California): California Consumer Privacy Act rights fully honored for CA residents
  • SOC2 Type II: Annual audits verify our security, availability, and confidentiality controls
  • HIPAA-Ready: Additional safeguards available for healthcare customers handling PHI

If you have questions about our compliance status or need specific documentation (DPA, BAA, etc.), contact our compliance team at compliance@allcaps.ai.

Still Have Questions?

Our privacy team is here to help. Reach out anytime with concerns or requests.

Contact Privacy Team