Legal

Privacy Policy

Effective date: January 1, 2026 · Last updated: May 21, 2026

Overview

Pacta LLC ("Pacta," "we," "us," or "our") operates the Pacta Legal AI platform. This Privacy Policy explains what information we collect, how we use it, and your rights with respect to that information.

If you have questions, contact us at pacta@pactalegal.ai.

1. Information We Collect

Account information: When you create an account, we collect your name, email address, organization name, and billing information.

Customer Data: Contracts, documents, emails, and related materials you submit to the Service for processing ("Customer Data"). This includes contract text, counterparty information, negotiation history, and any attachments you upload.

Usage data: Log data, feature usage, session metadata, and performance metrics collected automatically when you use the Service. This includes IP addresses, browser type, pages visited, and timestamps.

Communications: If you contact us by email or through the Service, we retain those communications.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Service
  • Process contracts and generate AI-assisted output on your behalf
  • Authenticate users and manage accounts
  • Send transactional communications (receipts, system alerts, approval notifications)
  • Respond to support requests
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

We do not use Customer Data to train AI models. We do not sell Customer Data to third parties.

3. AI Processing and PII Handling

The Service uses Anthropic's Claude API to process contract text and generate legal output. Before any Customer Data is transmitted to the Anthropic API, Pacta applies a PII scrubbing layer that identifies and redacts personally identifiable information (names, addresses, email addresses, phone numbers, Social Security numbers, and similar identifiers) from contract text. Redacted values are restored in the final output returned to you.

Anthropic processes API inputs under its own privacy policy and terms. Anthropic's commercial API does not use inputs to train models by default. You can review Anthropic's privacy practices at anthropic.com/privacy.

4. Google Workspace Integration

The Service integrates with Google Workspace (Gmail) via a service account and domain-wide delegation, impersonating a designated contracts inbox. This integration is used solely to:

  • Read incoming contract emails from whitelisted senders
  • Create and stage draft reply emails
  • Identify sent messages to advance negotiation state

We do not read, store, or process any Gmail content outside the designated contracts inbox. We do not access your personal Gmail account. Google's privacy practices are described at policies.google.com/privacy.

5. DocuSign Integration

If you connect a DocuSign account, we store the OAuth credentials necessary to send envelopes on your behalf. We do not store the contents of DocuSign envelopes beyond what is necessary to confirm delivery status. DocuSign's privacy policy is available at docusign.com/company/privacy-policy.

6. Data Storage and Security

Customer Data is stored on Render (render.com) infrastructure within the United States. We implement reasonable technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS 1.2+) for all data moving between your browser and our servers
  • Encryption at rest for stored Customer Data
  • Access controls limiting data access to authorized personnel
  • Atomic file writes to prevent data corruption
  • Audit logging of all material system events

No security measure is perfect. If you become aware of a security issue, contact us immediately at pacta@pactalegal.ai.

7. Data Retention

We retain Customer Data for as long as your account is active. Upon cancellation:

  • Customer Data is retained for 30 days during which you may request an export
  • After 30 days, Customer Data is permanently deleted from our systems
  • Billing records and account metadata may be retained longer as required by law

You may request deletion of your data at any time by contacting pacta@pactalegal.ai.

8. Data Sharing

We share Customer Data only in the following circumstances:

  • Service providers: Anthropic (AI processing), Render (hosting), Google (email integration), DocuSign (e-signature), Stripe (payment processing) — each under contractual data protection obligations
  • Legal requirements: If required by law, court order, or governmental authority
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to you
  • Your direction: When you explicitly instruct us to share data (e.g., sending a document to a counterparty)

We do not share Customer Data with advertisers, data brokers, or any third party for commercial purposes.

9. Cookies and Tracking

The marketing website (pactalegal.ai) uses minimal cookies — only what is necessary for session authentication and basic analytics. We do not use third-party advertising cookies or cross-site tracking.

The application (app.pactalegal.ai) uses session cookies for authentication. No third-party analytics or advertising pixels are loaded in the application.

10. Your Rights

You have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate personal information
  • Deletion: Request deletion of your personal information and Customer Data
  • Portability: Request an export of your Customer Data in a machine-readable format
  • Objection: Object to processing of your personal information in certain circumstances

To exercise any of these rights, contact us at pacta@pactalegal.ai. We will respond within 30 days.

11. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such information, contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the Service. Your continued use of the Service after the effective date constitutes acceptance of the revised policy.

13. Contact

For privacy questions, data requests, or to report a concern:

pacta@pactalegal.ai
Pacta LLC · c/o JPG Law · Indiana