Privacy Policy
Last updated: May 19, 2026
This Privacy Policy explains how Unclause (“we”, “us”, “our”) collects, uses, and protects your information when you use the Unclause web application at unclause.app.
Who we are
Unclause is a web service operated by Veniamin Polienko ([email protected]), a solo founder. We are the data controller for the personal information described in this policy.
Questions about this policy? Email us at [email protected].
What we collect and why
We collect only what is necessary to operate the service.
Account information
When you create an account, we collect:
- Email address — used to sign you in and send service-related communications
- Name — optionally provided during sign-up; displayed in your account
- Account identifier — a unique user ID assigned by our authentication provider (Supabase) and a session token stored in a secure cookie to keep you signed in
If you sign in with Google, we receive your email address and name from Google. We do not receive your Google password.
Documents you upload
When you upload a document for analysis, we store:
- The file itself — PDF, DOCX, JPG, or PNG, stored encrypted at rest in private cloud storage
- File metadata — file name, size, upload date, and detected document type
- Extracted text — the plain text extracted from your document, used to perform the analysis and stored to allow future re-analysis without re-uploading
Files are stored in a private bucket. They are never accessible via public URLs — access is granted only through short-lived signed URLs (valid for 5 minutes) generated server-side and never sent to your browser.
Analysis results
When a document is analyzed, we store the resulting analysis, including:
- Verdict (safe / review / do not sign)
- Plain-language summary
- Identified red flags with severity and negotiation messages
- Extracted key dates
- Suggested questions
This data is associated with your account and accessible only to you.
Usage data
We record when you perform a document analysis (timestamp and user ID only) to track credit consumption and prevent abuse.
Billing information
If you purchase a credit package (Single, Pack, or Bundle), billing is handled entirely by our payment provider. These are one-time purchases — there are no subscriptions. We receive from our payment provider:
- A customer ID linked to your account
- Transaction confirmation used to credit your account with the purchased credits
We never receive or store your payment card details. Those are collected and held by our payment provider directly.
What we do not collect
- We do not run advertising SDKs or sell data to advertisers
- We do not collect your IP address into our own database (though it is visible to our infrastructure providers during normal HTTP traffic, which they use for security)
- We do not access your device's camera, microphone, contacts, or location
- We do not build behavioral profiles or use your data for advertising
How we use your information
| Purpose | Legal basis (GDPR) |
|---|---|
| Creating your account, authenticating you, and managing your session | Performance of contract (Art. 6(1)(b)) |
| Storing, processing, and displaying your documents and analyses | Performance of contract (Art. 6(1)(b)) |
| Enforcing usage limits and detecting abuse | Legitimate interest (Art. 6(1)(f)) |
| Processing one-time credit package purchases | Performance of contract + legal obligation (Art. 6(1)(b)(c)) |
| Sending essential service emails (e.g. password reset, billing) | Performance of contract (Art. 6(1)(b)) |
AI processing and your documents
When you submit a document for analysis, the extracted text is sent to Anthropic (the provider of the Claude AI model) for processing. Anthropic processes this text solely to return an analysis response.
We have configured our Anthropic API account with data retention disabled. This means Anthropic does not store your document text and does not use it to train AI models. See Anthropic's Privacy Policy for more detail.
We do not use your documents or analysis results to train any AI model
Who we share your data with
We share data only with the service providers required to operate Unclause:
| Provider | Purpose |
|---|---|
| Supabase | Authentication, database storage, and file storage |
| Anthropic | AI-powered document analysis (text only, no retention) |
| Payment processor | Payment processing for one-time credit package purchases |
| PostHog | Product analytics — we track feature usage and events to improve the service. Only authenticated users are tracked. No advertising use. |
| Railway | Application hosting and infrastructure |
We do not sell your personal data. We do not share it with advertisers, data brokers, or any third party for purposes unrelated to operating the service.
How long we keep your data
| Data type | Retention |
|---|---|
| Account and profile data | Until you delete your account |
| Uploaded documents and analyses | Until you delete them or close your account |
| Usage logs | 12 months from creation |
| Billing records | As required by applicable tax law (typically 5–7 years) |
| Security and server logs | Up to 90 days |
When you delete your account, your documents, analyses, and personal data are permanently removed from our systems within 30 days, except where we are required by law to retain billing records.
Security
We take the following measures to protect your data:
- All traffic between your browser and our servers uses TLS encryption
- Files are stored encrypted at rest
- Files are never served via public URLs — only via short-lived (5-minute) signed URLs generated server-side
- Row-level security (RLS) in our database ensures you can only access your own data
- Our backend uses a service role key that never reaches the browser
- Authentication is handled by Supabase with secure, HttpOnly session cookies
No system is perfectly secure. In the event of a data breach that may result in harm to you, we will notify you and any relevant regulatory authorities as required by law.
Your rights
Depending on where you live, you may have the right to:
- Access the personal data we hold about you
- Correct data that is inaccurate
- Delete your account and all associated data
- Export a copy of your data in a portable format
- Object to or restrict certain processing
- Withdraw consent where we rely on it
To exercise any of these rights, email [email protected]. We will respond within 30 days.
You can delete your account directly from your account settings at any time. Deleting your account will trigger deletion of all your documents and analyses from our systems within 30 days.
Notice for EEA, UK, and Switzerland residents (GDPR)
We rely on the legal bases described in "How we use your information" above. You have the right to lodge a complaint with the data protection authority in your country. For EU-related privacy enquiries, contact us at [email protected].
If your personal data is transferred outside the European Economic Area, we rely on the standard contractual clauses and data processing agreements provided by our service providers (Supabase, Anthropic, Railway, PostHog) as transfer safeguards.
Notice for California residents (CCPA / CPRA)
In the past 12 months, we have collected the following categories of personal information, as defined under California law:
- Identifiers — email address, account ID
- Commercial information — credit purchase history, credit balance
- Other user-provided content — documents you upload and their analysis results
We do not sell your personal information. We do not share it for cross-context behavioral advertising. You have the right to know, access, correct, delete, and opt out. To exercise these rights, email [email protected].
Children's privacy
Unclause is not directed to children under the age of 13 (or under 16 in the EEA/UK). We do not knowingly collect personal information from children. If you believe a child has created an account, please contact us at [email protected]. and we will delete it promptly.
Changes to this policy
We may update this policy from time to time. When we make material changes, we will update the "Last updated" date at the top and notify you by email or through the app before the changes take effect.
Contact
For any privacy-related questions or requests, contact us at [email protected].