Privacy Policy

Last updated: April 2026

1. Who we are

Contracto.legal (“Contracto”, “we”, “us”) is an AI-powered legal document generator. This Privacy Policy explains what data we collect when you use our service, how we use it, and your rights.

2. What data we collect

  • Account data: your email address and hashed password, stored securely in Supabase (PostgreSQL).
  • Contract content: the contract text and form inputs you provide (party names, jurisdiction, contract type). This is stored in your account so you can access it later from your dashboard.
  • Usage data: number of contracts generated per month, timestamps. Used to enforce your plan limits.
  • Payment data: your subscription status and plan tier. We do not store card details — payments are processed by LemonSqueezy, who act as Merchant of Record.
  • Technical data: IP address, browser type, and basic analytics collected automatically when you use the service.

3. How we use your data

  • To generate contracts using OpenAI GPT-4o (your inputs are sent to OpenAI's API).
  • To authenticate you and enforce your plan limits.
  • To send account-related emails (email verification, password reset).
  • To improve the service.

4. Who we share data with

  • Supabase — database and authentication infrastructure (supabase.com, EU region where possible).
  • OpenAI— your contract inputs are sent to OpenAI to generate the contract text. OpenAI's data usage policy applies (openai.com/policies/api-data-usage).
  • LemonSqueezy — payment processing (lemonsqueezy.com). They handle billing and VAT as Merchant of Record.
  • We do not sell your data to any third party.

5. Cookies

We use essential cookies required for authentication. If you use our live chat support (Tawk.to), that widget may set additional cookies. You can manage cookie preferences via the cookie banner shown on your first visit.

6. Data retention

We retain your account data and contracts for as long as your account is active. You may request deletion of your account and all associated data at any time by emailing us (see contact below). We will action deletion requests within 30 days.

7. Your rights (UK/EU)

If you are in the UK or EU, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request erasure of your data (“right to be forgotten”).
  • Object to processing for direct marketing.
  • Lodge a complaint with the ICO (UK) or your local DPA (EU).

8. Contact

For privacy-related questions or data deletion requests, email us at privacy@contracto.legal.