Privacy Policy

Last updated: 1 April 2026

1. Introduction

ShieldSign (“we”, “us”, or “our”) operates the website getshieldsign.com and provides AI-powered contract analysis services. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

By using ShieldSign, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our services.

2. Information We Collect

2.1 Account Information

If you create an account, we collect your email address. This is used solely for authentication (magic link login) and account-related communications. We do not require a password.

2.2 Payment Information

All payment processing is handled by Stripe. We do not store, process, or have access to your full credit card number or bank details. Stripe may share with us a transaction reference, your name, and the last four digits of your card for record-keeping purposes.

2.3 Contract Data

When you upload or paste a contract for analysis, the following process occurs:

  • Text extraction: Contract text is extracted in server memory and sent to Anthropic's Claude API for analysis.
  • No storage of raw text: Your raw contract text is never stored in our database. It is processed in memory and discarded immediately after analysis.
  • Browser session storage: Contract text may be temporarily held in your browser's sessionStorage to enable the amendments feature. This data exists only in your browser and is automatically cleared when you close the tab.
  • Analysis results: The outputs of the analysis—such as the Fairness Score, red flags, key terms, summaries, and suggested amendments—are stored in our database to enable share links and report access.
  • Auto-deletion: All stored analysis results are automatically deleted after 30 days.

2.4 Analytics Data

We use Vercel Analytics to collect anonymous, aggregated usage data such as page views and general performance metrics. This data does not include any personally identifiable information (PII) and cannot be used to identify individual users.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide and maintain our contract analysis service
  • To authenticate your account and manage your subscription
  • To process payments through Stripe
  • To generate and store analysis results for your access
  • To enable shareable analysis links at your request
  • To improve our service through anonymous, aggregated analytics

4. Cookies

ShieldSign uses two categories of cookies. Essential cookies are set automatically because the site cannot function without them. Advertising and analytics cookies only fire after you accept on the cookie banner. Until you accept, the relevant scripts run in a denied-by-default mode under Google Consent Mode v2.

Essential (always on):

  • Session cookie: Used for authentication if you are signed in.
  • Analysis counter cookie: An anonymous cookie that tracks the number of analyses performed, used to enforce free-tier limits.
  • Consent cookie: Stores your accept or decline choice on the cookie banner so we do not show it again on every visit.

Advertising and analytics (only after consent):

  • Google Ads conversion tracking: Measures whether ad clicks led to a free check or a £7 unlock.
  • Vercel Analytics and Speed Insights:Aggregate page-view and performance metrics. No personal identifiers are stored.

You can change your choice at any time by clearing this site's storage in your browser, which will trigger the banner to reappear.

5. Third-Party Services

We share data with the following third parties only as necessary to operate our service:

  • Anthropic — Contract text is sent to Anthropic's Claude API for AI-powered analysis. Anthropic processes this data according to their privacy policy and does not use API inputs to train their models.
  • Stripe — Handles all payment processing. We never see or store your full card details.
  • Supabase — Provides our database and authentication infrastructure.
  • Vercel — Hosts our website and provides anonymous analytics.

We do not sell, rent, or trade your personal information to any third party. We do not use any advertising networks or data brokers.

6. Share Links

Analysis results can be shared via unique links. Anyone with the link can view the analysis results (Fairness Score, red flags, summaries, and amendments). The raw contract text is not included in share links. If your analysis results contain sensitive information, do not share the link publicly.

7. Data Retention

  • Contract text: Never stored. Processed in memory and discarded immediately.
  • Analysis results: Retained for 30 days, then automatically deleted.
  • Account data: Retained for as long as your account is active. You may request deletion at any time.
  • Payment records: Retained by Stripe in accordance with their data retention policies and applicable financial regulations.

8. Data Security

We take reasonable measures to protect your data, including:

  • All data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
  • Database access is protected by Row Level Security (RLS) policies, ensuring users can only access their own data.
  • Authentication uses secure, passwordless magic links—no passwords are stored.
  • API keys and secrets are stored as encrypted environment variables, never in source code.

9. Your Rights

Under the General Data Protection Regulation (GDPR) and other applicable data protection laws, you have the following rights:

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may request correction of any inaccurate personal data.
  • Right to erasure: You may request deletion of your personal data and account.
  • Right to data portability: You may request your data in a portable format.
  • Right to object: You may object to the processing of your personal data.

To exercise any of these rights, please contact us at shieldsign@getshieldsign.com. We will respond to your request within 30 days.

10. Children's Privacy

ShieldSign is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last updated” date. Your continued use of ShieldSign after any changes constitutes acceptance of the revised policy.

12. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us at:

Email: shieldsign@getshieldsign.com

Website: getshieldsign.com