Privacy Policy

Effective: December 19th, 2025

This Privacy Policy (the "Privacy Policy") serves to inform you of our policies and procedures regarding the collection, use and disclosure of the information we receive when you access and use the website at tools.allcaps.ai (the "Site"), services, software, mobile applications, content, and all other products and services (all of the foregoing collectively, the "Services") owned, controlled or offered, directly or indirectly, by AllCaps Technologies Inc. (together with its subsidiaries and affiliates, "AllCaps", "Company", "we," "our" or "us"). Company believes that the privacy of its users is paramount and strives to use Personal Information (as defined below) only in ways outlined in this Privacy Policy. The Privacy Policy is incorporated by reference into our Terms of Service, currently available at https://tools.allcaps.ai/terms (the "Terms of Service"). By using the Services, you hereby warrant and represent that you have read, understand and agree to this Privacy Policy and the Terms of Service, that you are a resident of the United States and that you are over 18 years of age. PLEASE DO NOT USE, INSTALL OR ACCESS THE SERVICES IF YOU DO NOT AGREE TO THIS PRIVACY POLICY.

What We Mean by Personal Information

For purposes of this Privacy Policy, "Personal Information" means any information from or about a person that either identifies that person directly or that makes that person identifiable when it is combined with other information from or about that person from any source.

Information We Collect

Information You Provide To Us

When you use the Services or otherwise communicate with us, we collect information that you provide to us directly. For example, we collect information in the following circumstances: you (i) use our mobile apps or visit the Site, (ii) create an account or log in, (iii) upload contracts, documents, or other files for analysis, (iv) subscribe to newsletters; (v) "share" the Services on social networking sites or perform other similar actions; (vi) request technical support; (vii) otherwise use our online Services where Personal Information is required for such use and/or participation, and (viii) when you contact us via the Site or when you otherwise communicate with us. You can choose not to provide information that is requested of you by us; however, this may limit your ability to use or access the Services.

The information you provide to us directly may include, without limitation, the following information that may, alone or in combination with other data, constitute Personal Information:

Account Information:

Your email address (required for account creation)
Your first name and last name (required)
Your company name (optional)
Your job title (optional)
Password (encrypted and never stored in plain text)

Contract and File Data:

Contracts, documents, and files you upload for analysis ("User Content")
Original filenames of uploaded documents
File metadata (size, type, upload date)
Contract information extracted from your uploaded files, which may include:
- Vendor and customer names
- Contract values, dates, and terms
- Pricing information
- Service level commitments
- Data processing terms
- Other contract provisions

Tool Usage Data:

Which tools you use and when
Input parameters you provide (e.g., contract categories, annual values, renewal dates)
Analysis results generated by our AI systems
Downloads of results
Files and results you delete

Communications:

Information you provide via email, through the "Contact" section on the Site or by using the contact details listed on various parts of the Site, including your name, company name, e-mail, phone number, inquiry, and any other information you decide to provide
Information you provide in order to subscribe to our newsletters and updates, including your email address, the topic for which you wish to receive updates, or any other information you decide to provide us with. You may always unsubscribe from these emails by following the instructions included
If you are one of our customers, suppliers or prospects, we may process limited Personal Information in the course of our business relation with you, for example when you request a demo or vice versa. Such Personal Information may include your name, company, title, e-mail address, and telephone number
Any other information you may want to share with us, such as Personal Information related to recruitment or job applications

Moreover, if you contact us, a record of such correspondence may be kept.

Additionally, if another user refers you to us by providing us with your e-mail address, we may send you a message. However, we will use your e-mail address only to send such other user's message unless you otherwise affirmatively provide your information to us.

Automatically Collected Information

Most of the data we collect in and through the Site and the Services is technical in nature and is collected and processed automatically through so-called application programming interfaces, software development kits, cookies and similar software-based technologies. Alone or in combination with other data, such automatically collected data may constitute Personal Information. The data we may collect by automated means may include, without limitation:

Usage Information:

Pages visited and features used
Time spent on the Site
Tool requests initiated and completed
Processing times and completion status
Error messages and system logs

Technical Information:

Information we collect on the use of the Site via cookies: please see the "How We Use Cookies and Other Technologies" section below for more information
Internet Protocol (IP) address
Browser type and version
Operating system
Device type (desktop, mobile, tablet)
Screen resolution
Referral source (how you found us)

Analytics:

Google Analytics is an element of the Site. By using cookies, Google Analytics collects and stores data such as time of visit, pages visited, time spent on each page of the Site, the Internet Protocol address, and the type of operating system used in the devices used to access the Site. By using a browser plugin available at http://www.google.com/ads/preferences/plugin/ provided by Google, you can opt out of Google Analytics.

Information You Share on Third Party Websites or through Social Media Services

The Services may include links to third party websites and social media services where you will be able to post comments, stories, reviews or other information. Your use of these third party websites and social media services may result in the collection or sharing of information about you by these third party websites and social media services. We encourage you to review the privacy policies and settings on the third party websites and social media services with which you interact to make sure you understand the information that may be collected, used, and shared by those third party websites and social media services.

How We Process and Use Your Information

Primary Uses of Personal Information

We use the information you provide to us for the following purposes:

Account Management: To create and manage your user account, authenticate your identity, and enable you to access the Services
Tool Processing: To process your uploaded contracts and files through our AI analysis tools and generate results
Service Delivery: To provide the Services, including storing your files, processing requests, and delivering analysis results
Communications: To send you Service announcements, tool results notifications, quota status updates, and respond to your inquiries
Marketing: To provide you with further information and offers from us that we believe you may find useful or interesting, such as newsletters, marketing or promotional materials (you may opt out at any time)
Customer Support: To provide technical support and respond to your questions
Enforcement: To enforce our Terms of Service and resolve disputes between users
Legal Compliance: To comply with legal requirements or processes, including civil and criminal subpoenas, court orders or other compulsory disclosures
Protection: To protect our rights, property, or safety and the rights, property and safety of the Services, our users, or the public
Improvement: To improve the Site and Services, including monitoring and analyzing usage patterns

Uses of Automatically Collected Information

In addition to the purposes described above, we use information collected automatically to:

Monitor and analyze the use of the Services
Provide technical administration of the Site
Improve the Site and the Services
Generate and derive useful data and information concerning the interests, characteristics and website use behavior of our users
Verify that users of the Services meet the criteria required to process their requests
Detect and prevent fraud, abuse, and security issues

AI Processing and Analysis

How We Use AI: We use artificial intelligence and machine learning models, including Google Gemini API, to:

Extract text and data from your uploaded contracts and documents
Analyze contract terms, risks, fees, and negotiation opportunities
Generate insights, recommendations, and reports
Identify patterns and trends across contracts

What We Do With AI Results:

Store analysis results in your account for your access
Use results to calculate lead scores and service recommendations (for our internal business purposes)
Create anonymized, aggregated insights to improve our tools (see "Anonymized Data" below)

What We Don't Do:

We do not use your contracts or User Content to train AI models
We do not share your specific contract details with other users
We do not sell or license your User Content to third parties
We do not use your data for purposes beyond providing the Services to you, except as explicitly stated in this Privacy Policy

Anonymized and Aggregated Data

We may create anonymized and aggregated data from User Content and analysis results. This process involves:

Removing all identifying information (names, companies, specific values)
Combining data across many users to identify trends and patterns
Using statistical methods to ensure individual users cannot be re-identified

Examples of anonymized data uses:

"Contracts in the SaaS category have price increases averaging X% at renewal"
"Y% of professional services contracts lack termination for convenience clauses"
"Contracts with auto-renewal clauses are Z times more likely to have hidden fees"

Anonymized, aggregated data is not Personal Information and may be retained indefinitely to improve our Services.

How We Share Your Information

Third Parties We Share Personal Information With

We may disclose Personal Information you provide to us or that we collect automatically on the Site and in and through the Services with the following categories of third parties:

Service Providers:

Google Gemini API: AI processing and analysis of your uploaded contracts
Supabase: Secure database and file storage services
Cloud Storage Providers: File storage and retrieval (AWS S3 or similar)
Email Services: Transactional and marketing email delivery (e.g., Resend, SendGrid)
Analytics Providers: Usage analytics and performance monitoring (e.g., Google Analytics, PostHog)
Marketing Tools: CRM and lead management (e.g., HubSpot, Salesforce)

All service providers are contractually bound to protect your information and use it only for the purposes we specify.

Public Authorities:

Law enforcement, government agencies, or regulatory bodies if we are legally required to do so
When necessary to protect our rights or the rights of third parties
To comply with legal processes, court orders, or government requests

Corporate Transactions:

Our subsidiaries and affiliates
A subsequent owner, co-owner or operator of the Site and/or the Services and their advisors in connection with a corporate merger, consolidation, restructuring, the sale of substantially all of our stock and/or assets, or in connection with bankruptcy proceedings, or other corporate reorganization, in accordance with this Privacy Policy

With Your Consent:

Other parties when you explicitly consent to such sharing

What We Do Not Share

We do not:

Sell or rent your Personal Information to third parties for their marketing purposes
Share your specific contract details with other users or the public
Share your User Content with vendors or companies mentioned in your contracts
Use your contracts to train AI models or provide data to AI training datasets
Share identifiable information for advertising targeting (we do not run ads)

Data Retention and Deletion

How Long We Keep Your Data

Uploaded Files (User Content):

Automatically deleted 30 days after upload
You may delete files immediately at any time from your account dashboard
Upon deletion (automatic or user-initiated), files are permanently removed from our systems within 7 days

Analysis Results:

Stored in your account indefinitely unless you delete them
You may delete any results at any time from your account dashboard
Upon account deletion, all results are permanently removed within 30 days

Account Information:

Retained as long as your account is active
Upon account deletion, Personal Information is permanently deleted within 30 days
Exception: We may retain limited information as required by law or for legitimate business purposes (e.g., fraud prevention, legal compliance)

Anonymized Data:

May be retained indefinitely as it does not identify you

Legal Holds:

If your information is subject to a legal hold (e.g., litigation, investigation), we will retain it until the hold is lifted

Your Data Deletion Rights

You have the right to:

Delete any uploaded file immediately from your account
Delete any analysis result immediately from your account
Request complete account deletion, which removes all Personal Information within 30 days
Export your data before deletion (available for 30 days after account deletion request)

See "Managing Your Privacy" and "California Residents" sections below for how to exercise these rights.

Data Security

How We Protect Your Information

We understand the importance of privacy and security of Personal Information to our users and have made them a priority. Company uses a variety of industry-standard security technologies and procedures to help protect Personal Information about you from unauthorized access, use, or disclosure, including:

Technical Safeguards:

Encryption in transit (HTTPS/TLS) for all data transmitted between your browser and our servers
Encryption at rest for stored files and database records
Secure authentication with password hashing (bcrypt or similar)
Regular security updates and patches to our systems
Automated malware and virus scanning of uploaded files

Organizational Safeguards:

SOC 2 Type II certification demonstrating our security controls
Access controls limiting employee access to your data on a need-to-know basis
Background checks for employees with access to user data
Training for Company employees on privacy and security issues
Incident response procedures for security breaches

Infrastructure Safeguards:

Secure cloud infrastructure with industry-leading providers (Supabase, AWS, or similar)
Regular backups with encryption
Network security monitoring and intrusion detection
Distributed architecture to prevent single points of failure

Limitations

However, we cannot guarantee that unauthorized third parties will never be able to overcome those measures or use your Personal Information for improper purposes. We do not promise that Personal Information about you or private communications will be protected from unauthorized disclosure or use. You use the Services at your own risk regarding the security of your information.

Your Responsibilities

You are responsible for:

Maintaining the confidentiality of your account password
Restricting access to your computer or device
Logging out after using the Services on shared devices
Notifying us immediately if you suspect unauthorized access to your account

Your Rights and Choices

Managing Your Privacy

We keep your data on your behalf and for your benefit. You can exercise the following rights:

Access: View all your uploaded files and analysis results from your account dashboard

Correction: Update your account information (name, email, company) in account settings

Deletion: Delete uploaded files, analysis results, or your entire account

Export: Download your analysis results in standard formats (Markdown, JSON)

Opt-Out: Unsubscribe from marketing emails using the link in any email or by contacting us

To exercise these rights, you may:

Use the controls in your account dashboard
Email us at connect@allcaps.ai
Mail us at AllCaps Technologies Inc, PO Box 1143 Frisco, TX, 75035

If you request us to delete your information, Company will limit its access to Personal Information to perform what is requested by you and will delete information accessible to Company within seven business days for immediate deletions, or within 30 days for full account deletion.

How We Use Cookies and Other Technologies

Some of the features on the Site and the Services require the use of "cookies" - small text files that are stored on your device's hard drive. We use cookies to measure which pages are being accessed, and which features are most frequently used. This enables us to continuously improve the Site to meet the needs of our visitors.

The following sets out how we may use different categories of cookies and your options for managing cookie settings:

Type of Cookies	Description	Managing Settings
Required cookies	Required cookies enable you to navigate the Site and use their features, such as accessing secure areas of the Site and using the Services. If you have chosen to identify yourself to us, we use cookies containing encrypted information to allow us to uniquely identify you. These cookies allow us to uniquely identify you when you are accessing the Site and to process your online transactions and requests.	Because required cookies are essential to operate the Site, there is no option to opt out of these cookies.
Performance cookies	These cookies collect information about how you use our Sites, including which pages you go to most often and if they receive error messages from certain pages. These cookies do not collect information that individually identifies you. Information is only used to improve how the Site function and perform. From time-to-time, we may engage third parties to track and analyze usage and volume statistical information relating to individuals who visit the Site. We may also utilize Flash cookies for these purposes.	To learn how to opt out of performance cookies using your browser settings, click here. To learn how to manage privacy and storage settings for Flash cookies, click here.
Functionality cookies	Functionality cookies allow our Sites to remember information you have entered or choices you make (such as your username, language, or your region) and provide enhanced, more personal features. These cookies also enable you to optimize your use of the Site after logging in. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize. We may use local shared objects, also known as Flash cookies, to store your preferences or display content based upon what you view on the Site to personalize your visit.	To learn how to opt out of functionality cookies using your browser settings, click here. To learn how to manage privacy and storage settings for Flash cookies, click here.

We and our service providers may also use "pixel tags," "web beacons," "clear GIFs," or similar means in connection with the Services and HTML-formatted email messages to, among other things, track the actions of users, to determine the success of marketing campaigns and to compile aggregate statistics about Site usage and response rates.

Links to Other Websites

We frequently make content or services from other websites available to you from links located on the Site. We may present links in a format that enables us to keep track of whether these links have been followed. This Privacy Policy applies only to the Site and the Services. We do not exercise control over third party services or other websites that provide information, or links from within the Site or the Services. Your interactions with these third party services are governed by the privacy policy of the company providing it. These other sites and services may place their own cookies or other files on your computer's browser, collect data or solicit Personal Information from you. Other websites and services follow different rules regarding the use or disclosure of the Personal Information that you submit, and the collection and use of such information and access of any third party websites are subject to such third party's privacy policy. We encourage you to read the privacy policies and other terms of such third parties before using their services.

Do Not Track Signals and Similar Mechanisms

Company does not track its customers over time and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (DNT) signals. However, some third party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you.

California Residents

California Civil Code Section 1798.83 requires certain businesses that share customer Personal Information with third parties for the third parties' direct marketing purposes to respond to requests from California customers asking about the businesses' practices related to such information-sharing. We currently do not share or disclose your Personal Information to third parties for the third parties' direct marketing purposes. If we change our practices in the future, we will implement an opt-out policy as required under California laws.

Furthermore, subject to certain exemptions, California residents have the following rights with respect to Personal Information we may have collected about them:

Requests to Know

You have the right to request that we disclose:

The categories of Personal Information we have collected about you
The categories of Personal Information about you we have sold or disclosed for a business purpose
The categories of sources from which we have collected Personal Information about you
The business or commercial purposes for selling or collecting Personal Information about you
The categories of Personal Information sold or shared, if any, about you, as well as the categories of third parties to whom the Personal Information was sold, by category of Personal Information for each party to whom Personal Information was sold
The specific pieces of Personal Information collected

You may submit a request to know using one of the methods described below in "Methods for Submitting Consumer Requests and Our Response to Requests". The delivery of our response may take place electronically or by mail. We are not required to respond to requests to know more than twice in a 12-month period.

Disclosure for Business Purposes: We disclose Personal Information for business purposes as described in the "Third Parties We Share Personal Information With" section above, including to service providers such as Google Gemini API (AI processing), Supabase (data storage), email service providers, and analytics providers.

We do not sell, and have not in the prior 12 months sold, Personal Information about California residents. Therefore, we have not included a "Do Not Sell My Personal Info" link on our Site. If our practices change, we will update this Privacy Policy and take any other necessary action to comply with applicable law.

Requests to Delete

You have the right to request that we delete any Personal Information about you that we have collected. Upon receiving a verified request to delete Personal Information, we will do so unless otherwise required or authorized by law. You may submit a request to delete Personal Information using one of the methods described below in "Methods for Submitting Consumer Requests and Our Response to Requests".

Important: Deletion of your Personal Information may result in:

Inability to access your account or use the Services
Loss of analysis results and saved data
Inability to recover data after deletion

Authorized Agents

You may designate an authorized agent to make requests on your behalf. You must provide an authorized agent written permission to submit a request on your behalf, and we may require that you verify your identity directly with us. Alternatively, an authorized agent that has been provided power of attorney pursuant to Probate Code sections 4000-4465 may submit a request on your behalf.

Methods for Submitting Consumer Requests and Our Response to Requests

You may submit a request for access and requests to delete Personal Information about you via:

Email at connect@allcaps.ai
Your account dashboard at tools.allcaps.ai
Mail at AllCaps Technologies Inc, PO Box 1143 Frisco, TX, 75035

Upon receipt of a request, we may ask you for additional information to verify your identity. Any additional information you provide will be used only to verify your identity and not for any other purpose.

We will acknowledge the receipt of your request within 10 days of receipt. Subject to our ability to verify your identity, we will respond to your request within 45 days of receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. In order to protect your privacy and the security of Personal Information about you, we verify your request by:

Matching the email address in your request to the email address on file for your account
Requiring you to log in to your account
Asking for submission of identifying information, such as government-issued identification

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

The Right to Non-Discrimination

You have the right not to be discriminated against for the exercise of your California privacy rights described above. Unless permitted by the CCPA, we will not:

Deny you goods or services
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties
Provide you a different level or quality of goods or services
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services

Data Processing Addendum

This section describes our data processing practices in detail and serves as our Data Processing Addendum (DPA) for users who need contractual data processing terms.

Data Controller and Processor Relationship

You are the Data Controller: When you upload contracts and files to our Services, you remain the data controller of that information. You determine what files to upload and for what purposes.

We are the Data Processor: AllCaps processes your User Content on your behalf and according to your instructions (i.e., to analyze contracts and generate results).

Subprocessors

We use the following subprocessors to provide the Services:

Subprocessor	Purpose	Location	Security
Google (Gemini API)	AI processing and contract analysis	United States	SOC 2, ISO 27001
Supabase Inc.	Database and file storage	United States	SOC 2 Type II
Amazon Web Services (AWS)	Cloud infrastructure and storage	United States	SOC 2, ISO 27001, FedRAMP
Email Service Provider (e.g., Resend)	Transactional email delivery	United States	Industry-standard security

Subprocessor Changes: We will provide 30 days' advance notice before adding or replacing subprocessors. You may object to a new subprocessor within 30 days of notice. If we cannot accommodate your objection, you may terminate your account and export your data.

Data Subject Rights

We will assist you in responding to data subject requests (access, deletion, correction, portability) by:

Providing you with access to all your data through your account dashboard
Enabling you to delete any data at any time
Allowing you to export your data in standard formats
Responding to your requests for assistance within 10 business days

Data Breach Notification

In the event of a data breach that affects your Personal Information, we will:

Notify you via email within 72 hours of becoming aware of the breach
Provide details about the nature of the breach, data affected, and remediation steps
Cooperate with you to fulfill any legal breach notification obligations you may have

Data Security Measures

We implement and maintain appropriate technical and organizational measures to protect Personal Information, including:

Encryption (in transit and at rest)
Access controls and authentication
Regular security assessments and penetration testing
Employee training and background checks
Incident response procedures
SOC 2 Type II certification

Data Residency

All data is stored and processed in the United States. We do not transfer Personal Information outside the United States without appropriate safeguards (e.g., Standard Contractual Clauses, adequacy decisions).

Return and Deletion of Data

Upon your request or termination of Services:

You may export all your data in standard formats
We will delete all your Personal Information within 30 days
We will provide written certification of deletion upon request

Changes to the Privacy Policy

Our security and Privacy Policy are periodically reviewed and enhanced as necessary. This Privacy Policy might change as we update and expand the Services. You can tell when this Privacy Policy was last updated by reviewing the Last Updated legend on top of this page. We will endeavor to notify you of these changes by email, but will not be liable for any failure to do so. We also encourage you to review this Privacy Policy periodically. If you do not understand any of the terms or conditions of any of our policies, you may inquire regarding the same via email at connect@allcaps.ai. Your continued use of the Services after any change in this Privacy Policy will constitute your acceptance of such change.

Material Changes: For material changes that affect your rights or how we use your data, we will:

Provide at least 30 days' advance notice via email
Require re-acceptance of the Privacy Policy for continued use
Allow you to export your data and close your account if you disagree with changes

Children's Privacy

The Services are not intended for use by children under the age of 18. We do not knowingly collect Personal Information from children under 18. If you are under 18, do not use the Services or provide any information to us. If we learn we have collected Personal Information from a child under 18, we will delete that information immediately. If you believe we might have any information from a child under 18, please contact us at connect@allcaps.ai.

International Users

The Services are hosted in the United States and are intended for users located in the United States. If you are accessing the Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located and our central database is operated. The data protection and other laws of the United States and other countries might not be as comprehensive as those in your country. By using the Services, you consent to your information being transferred to our facilities and to the facilities of those third parties with whom we share it as described in this Privacy Policy.

Contacting Us

If you have any concerns or questions about this Privacy Policy, please contact us:

Email: connect@allcaps.ai

Mail: AllCaps Technologies Inc
PO Box 1143
Frisco, TX 75035

Data Protection Officer: For data protection inquiries, contact privacy@allcaps.ai

Last Updated: December 19th, 2025