Privacy Policy
Last updated: February 28, 2026
This Privacy Policy describes how Citron AI LLC collects, uses, and protects information when you use our contract review platform.
1. Introduction
This Privacy Policy describes how Citron AI LLC ("AgreedPro," "we," "us," or "our") collects, uses, and protects information when you use our contract review platform, including our web application and Microsoft Word add-in (collectively, the "Service").
By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
2. Information We Collect
Account Information
When you create an account, we collect your name, email address, and organization details through our authentication provider, Clerk. We do not store passwords directly; authentication is managed entirely by Clerk.
Documents You Upload
You may upload contracts and playbook documents (PDF, DOCX, or image formats) for analysis. These documents are securely stored within our systems and processed by our proprietary analysis engine.
To enable advanced analysis, relevant contract data is transmitted to third-party large language models exclusively through their respective enterprise-grade API endpoints, and is not used for model training per respective API access policies.
Analysis Results
We securely retain the results generated from the analysis of your documents—including compliance assessments, risk evaluations, and redline recommendations—solely to enable user access, review, and ongoing contract management.
This information is stored within our protected systems and maintained exclusively for the purpose of delivering and improving your experience on the platform.
Usage Data
We collect metadata about how you use the Service, including document IDs, processing times, and feature usage. We do not log the full content of your documents in our application logs; logging is limited to metadata such as text length and abbreviated previews for debugging purposes.
3. How We Use Your Data
- Contract analysis: Your documents are processed by AI models to provide clause-by-clause review, risk analysis, and redline suggestions.
- Service reliability: Usage metadata is used to monitor performance, debug issues, and improve system reliability.
- Account management: Your account information is used to authenticate you, manage your organization, and enforce role-based access controls.
- Billing: Payment processing is handled by Stripe. We do not store your payment card details.
We do not use your documents or data to train AI models.
4. Third-Party Processors
To provide the Service, your data is processed by the following third-party services:
| Provider | Purpose | Data Shared |
|---|---|---|
| OpenAI | Contract analysis (LLM) | Document data |
| Google (Gemini API) | Contract analysis (LLM), document OCR | Document data, document images |
| Clerk | Authentication | Name, email, organization info |
| Supabase | Database and file storage | All application data and uploaded files |
| Cloudflare | Infrastructure, storage | Preprocessed documents |
| AWS | Infrastructure, monitoring | Metadata only (not document content) |
| Stripe | Payment processing | Billing information |
5. Data Storage and Security
- All data is encrypted in transit via HTTPS/TLS for every connection, including connections to LLM providers.
- Uploaded files and database records are encrypted at rest by our infrastructure providers (Supabase, Cloudflare, and AWS).
- Authentication uses industry-standard JWT tokens (RS256 with JWKS rotation) provided by Clerk.
- Organization-level data isolation ensures that users can only access data belonging to their organization.
- Role-based access control (owner, admin, member, viewer) restricts actions within organizations.
6. Data Retention
Uploaded documents and analysis results are retained for as long as your account is active and until you choose to delete them. You may delete individual documents and their associated analysis results at any time through the Service.
Account information is retained for the duration of your account. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law.
Application logs containing metadata (not document content) are retained according to our logging provider retention policies (typically 30-90 days).
7. Your Rights
You have the right to:
- Access the personal data we hold about you.
- Delete your documents, analysis results, and account.
- Export your data in a portable format.
- Correct inaccurate personal data.
To exercise any of these rights, contact us at [email protected].
9. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the revised policy.
11. Contact
For questions about this Privacy Policy or our data practices, contact us at:
Citron AI LLC
Email: [email protected]