Security & AI Governance
Last updated: February 28, 2026
This page describes how AgreedPro handles your data from a security and AI governance perspective. It is written for security teams, procurement reviewers, and anyone evaluating our platform for enterprise use.
Data Privacy & Security Controls
Encryption
- All data in transit is encrypted via HTTPS/TLS. This applies to every connection: client to API, API to LLM providers, API to database, and API to storage.
- All data at rest is encrypted by our infrastructure providers (Supabase, Cloudflare, and AWS). Encryption at rest is enabled by default across all platforms.
Authentication
- User authentication is handled by Clerk using JWT tokens signed with RS256 and verified via JWKS endpoint rotation.
- All client applications, including the Microsoft Word plugin, authenticate via secure tokens validated by our backend on every request.
- All API endpoints require valid authentication. There are no unauthenticated data access paths.
Access Control
- Role-based access control with four roles: owner, admin, member, and viewer. Each role has distinct permissions governing what data and actions are accessible.
- Organization-scoped multi-tenancy ensures strict data isolation. Users can only access documents, playbooks, and analysis results belonging to their organization.
- Organization identity mapping translates between authentication provider IDs and internal database IDs, preventing cross-tenant data leakage.
Network Security
- All LLM provider connections use HTTPS, enforced at the SDK level. There is no option to connect over unencrypted channels.
- Rate limiting is applied on LLM API calls to prevent abuse and control costs.
LLM Models Used
AgreedPro uses the following large language models for contract analysis:
| Provider | Model | Access Method | Use Case |
|---|---|---|---|
| OpenAI | gpt-4.1-mini | Enterprise API | Contract analysis |
| Gemini 2.5 Flash | Enterprise API | Contract analysis, document OCR |
Both models are accessed exclusively through their respective enterprise API endpoints.
Model Training Policy
Your data is not used to train AI models.
Neither AgreedPro nor our LLM providers use your contract data for model training.
- AgreedPro: We do not train, fine-tune, or develop any machine learning models using customer data.
- OpenAI API: Per OpenAI's API data usage policy (effective since March 2023), data submitted through their API is not used to train their models by default.
- Google Gemini API: Per Google Cloud's terms for paid API access, data submitted through the Gemini API is not used for model training.
These are the provider policies as of February 2026. We recommend enterprise customers independently verify these policies with OpenAI and Google if required by their compliance processes.
Data Governance
What is Stored and Where
| Provider | What's Stored | Encrypted at Rest |
|---|---|---|
| Supabase | User data, documents, analysis results, playbooks | Yes |
| Clerk | Authentication & identity | Yes |
| Cloudflare | Document processing cache | Yes |
| AWS | Application logs | Yes |
Data Retention
- Documents and analysis results are retained until the user deletes them.
- Users can delete individual documents and all associated analysis results through the application.
- Application logs (metadata only) follow provider retention policies, typically 30-90 days.
Data Isolation
All data is scoped to the organization level. Database queries are filtered by organization ID, ensuring that one organization's data is never accessible to another. This isolation is enforced at the API layer on every request.
AI Governance
No Autonomous Actions
The AI does not take autonomous actions on your behalf. It does not modify documents, send emails, contact third parties, or execute any operations beyond generating analysis results. Applying redline suggestions to a document requires explicit user action.
Human Oversight
AgreedPro is designed as a review assistant, not a decision maker. All analysis results are presented as suggestions for human review. The system explicitly flags risk levels and compliance gaps so that professionals can make informed decisions.
Third-Party Services
The following is a complete list of third-party services that receive data from AgreedPro:
| Provider | Purpose | Data Shared |
|---|---|---|
| OpenAI | AI analysis | Document data |
| AI analysis, document OCR | Document data, document images | |
| Supabase | Database, file storage | Documents, analysis results, user data |
| Cloudflare | Infrastructure, storage | Preprocessed document cache |
| AWS | Infrastructure, monitoring | Application metadata and logs (no contract content) |
| Clerk | Authentication | User identity and session data |
| Stripe | Payments | Billing information (no contract content) |
Logging Practices
- Application logs contain structured metadata: user IDs, document IDs, processing durations, and error codes.
- Contract content is not included in production logs. In debug mode, only text length and a 200-character preview are logged for troubleshooting.
- Logs are stored on AWS infrastructure with encryption at rest enabled.
Contact
For security inquiries, data processing questions, or to request our vendor security questionnaire responses, contact:
Citron AI LLC
Email: [email protected]