Pacta
  • Compliance Suite
  • Contract Review
  • Pricing
    Compliance Suite Contract Review (CLM)
  • FAQ
  • Log in
    Pacta Core
Book a demo

Legal

Privacy Policy

Effective date: January 1, 2026 · Last updated: May 26, 2026

Overview

Pacta LLC ("Pacta," "we," "us," or "our") operates the Pacta Legal AI platform. This Privacy Policy explains what information we collect, how we use it, and your rights with respect to that information.

If you have questions, contact us at pacta@pactalegal.ai.

1. Information We Collect

Account information: When you create an account or make a purchase, we collect your name, email address, and organization name. Payment card details are collected and processed by our payment provider, Stripe. Pacta does not receive or store full payment card numbers.

Customer Data: The materials you submit to the Service for processing ("Customer Data"). Depending on the product you use, this may include: contracts, counterparty information, negotiation history, and attachments (Contract Review); and the employer profile you provide to generate or review documents, such as company name, the states you operate in, headcount, and employer type, along with any handbooks, policies, or workforce documents you upload for generation, review, or a compliance audit (Compliance Suite).

Usage data: Log data, feature usage, session metadata, and performance metrics collected automatically when you use the Service. This includes IP addresses, browser type, pages visited, and timestamps.

Support requests: If you contact us through our support form, by email, or through the Service, we collect and retain the information you provide, such as your name, email address, and the contents of your message, to respond and keep a record of the request.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Service
  • Process contracts and generate AI-assisted output on your behalf
  • Authenticate users and manage accounts
  • Send transactional communications (receipts, system alerts, approval notifications)
  • Respond to support requests
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

We do not use Customer Data to train AI models. We do not sell Customer Data to third parties.

3. AI Processing and PII Handling

The Service uses Anthropic's Claude API to generate AI-assisted output: redlines and legal memos in Contract Review, and handbooks, workforce documents, and compliance-audit findings in the Compliance Suite. In Contract Review, before any contract text is transmitted to the Anthropic API, Pacta applies a PII-scrubbing layer that identifies and redacts personally identifiable information (names, addresses, email addresses, phone numbers, Social Security numbers, and similar identifiers) from the contract text; redacted values are restored in the final output returned to you. In the Compliance Suite, we transmit the employer profile and the documents you submit as needed to generate or review your documents.

Anthropic processes API inputs under its own privacy policy and terms. Anthropic's commercial API does not use inputs to train models by default. You can review Anthropic's privacy practices at anthropic.com/privacy.

4. Google Workspace Integration

The Service integrates with Google Workspace (Gmail) via a service account and domain-wide delegation, impersonating a designated contracts inbox. This integration is used solely to:

  • Read incoming contract emails from whitelisted senders
  • Create and stage draft reply emails
  • Identify sent messages to advance negotiation state

We do not read, store, or process any Gmail content outside the designated contracts inbox. We do not access your personal Gmail account. Google's privacy practices are described at policies.google.com/privacy.

5. DocuSign Integration

If you connect a DocuSign account, we store the OAuth credentials necessary to send envelopes on your behalf. We do not store the contents of DocuSign envelopes beyond what is necessary to confirm delivery status. DocuSign's privacy policy is available at docusign.com/company/privacy-policy.

6. Data Storage and Security

Customer Data is stored on Render (render.com) infrastructure within the United States. We implement reasonable technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS 1.2+) for all data moving between your browser and our servers
  • Encryption at rest for stored Customer Data
  • Access controls limiting data access to authorized personnel
  • Atomic file writes to prevent data corruption
  • Audit logging of all material system events

No security measure is perfect. If you become aware of a security issue, contact us immediately at pacta@pactalegal.ai.

7. Data Retention

We retain Customer Data for as long as your account is active. Upon cancellation:

  • Customer Data is retained for 30 days during which you may request an export
  • After 30 days, Customer Data is permanently deleted from our systems
  • Billing records and account metadata may be retained longer as required by law

You may request deletion of your data at any time by contacting pacta@pactalegal.ai.

8. Data Sharing

We share Customer Data only in the following circumstances:

  • Service providers: Anthropic (AI processing), Render (hosting), Google (email integration), DocuSign (e-signature), Stripe (payment processing) — each under contractual data protection obligations
  • Legal requirements: If required by law, court order, or governmental authority
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to you
  • Your direction: When you explicitly instruct us to share data (e.g., sending a document to a counterparty)

We do not share Customer Data with advertisers, data brokers, or any third party for commercial purposes.

9. Cookies and Tracking

Our marketing website (pactalegal.ai) and public product pages (such as the Risk Map and Pacta Insights) use Plausible, a privacy-friendly analytics tool that does not use cookies and does not track you across other websites. We do not use third-party advertising cookies or cross-site tracking.

The signed-in applications (including handbook.pactalegal.ai, compliance.pactalegal.ai, app.pactalegal.ai, and core.pactalegal.ai) use a session cookie for authentication. We do not load advertising pixels in the applications.

10. Your Rights

You have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate personal information
  • Deletion: Request deletion of your personal information and Customer Data
  • Portability: Request an export of your Customer Data in a machine-readable format
  • Objection: Object to processing of your personal information in certain circumstances

To exercise any of these rights, contact us at pacta@pactalegal.ai. We will respond within 30 days.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, gives you additional rights regarding your personal information:

  • Right to know the categories and specific pieces of personal information we have collected, the sources, the business purposes for collecting it, and the categories of third parties with whom we share it.
  • Right to delete personal information we have collected, subject to legal exceptions.
  • Right to correct inaccurate personal information.
  • Right to opt out of the sale or sharing of personal information. Pacta does not sell or share your personal information as those terms are defined under the CPRA.
  • Right to limit the use and disclosure of sensitive personal information.
  • Right to non-discrimination for exercising any of these rights.

To exercise these rights, contact us at pacta@pactalegal.ai. We will verify your request and respond within the timeframes required by law. You may use an authorized agent to submit a request on your behalf.

12. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such information, contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the Service. Your continued use of the Service after the effective date constitutes acceptance of the revised policy.

14. Contact

For privacy questions, data requests, or to report a concern:

pacta@pactalegal.ai
Pacta LLC · c/o JPG Law · Indiana

Pacta

Compliance and contracts, built for staffing.

Product

  • Compliance Suite
  • Contract Review
  • Pricing
  • FAQ

Company

  • Contact
  • Book a demo
  • LinkedIn

Legal

  • Terms of Service
  • Privacy Policy
© 2026 Pacta LLC. All rights reserved.