Privacy Policy

Last updated: May 19, 2026

This Privacy Policy explains how Unclause (“we”, “us”, “our”) collects, uses, and protects your information when you use the Unclause web application at unclause.app.

Who we are

Unclause is a web service operated by Veniamin Polienko ([email protected]), a solo founder. We are the data controller for the personal information described in this policy.

Questions about this policy? Email us at [email protected].

What we collect and why

We collect only what is necessary to operate the service.

Account information

When you create an account, we collect:

  • Email address — used to sign you in and send service-related communications
  • Name — optionally provided during sign-up; displayed in your account
  • Account identifier — a unique user ID assigned by our authentication provider (Supabase) and a session token stored in a secure cookie to keep you signed in

If you sign in with Google, we receive your email address and name from Google. We do not receive your Google password.

Documents you upload

When you upload a document for analysis, we store:

  • The file itself — PDF, DOCX, JPG, or PNG, stored encrypted at rest in private cloud storage
  • File metadata — file name, size, upload date, and detected document type
  • Extracted text — the plain text extracted from your document, used to perform the analysis and stored to allow future re-analysis without re-uploading

Files are stored in a private bucket. They are never accessible via public URLs — access is granted only through short-lived signed URLs (valid for 5 minutes) generated server-side and never sent to your browser.

Analysis results

When a document is analyzed, we store the resulting analysis, including:

  • Verdict (safe / review / do not sign)
  • Plain-language summary
  • Identified red flags with severity and negotiation messages
  • Extracted key dates
  • Suggested questions

This data is associated with your account and accessible only to you.

Usage data

We record when you perform a document analysis (timestamp and user ID only) to track credit consumption and prevent abuse.

Billing information

If you purchase a credit package (Single, Pack, or Bundle), billing is handled entirely by our payment provider. These are one-time purchases — there are no subscriptions. We receive from our payment provider:

  • A customer ID linked to your account
  • Transaction confirmation used to credit your account with the purchased credits

We never receive or store your payment card details. Those are collected and held by our payment provider directly.

What we do not collect

  • We do not run advertising SDKs or sell data to advertisers
  • We do not collect your IP address into our own database (though it is visible to our infrastructure providers during normal HTTP traffic, which they use for security)
  • We do not access your device's camera, microphone, contacts, or location
  • We do not build behavioral profiles or use your data for advertising

How we use your information

PurposeLegal basis (GDPR)
Creating your account, authenticating you, and managing your sessionPerformance of contract (Art. 6(1)(b))
Storing, processing, and displaying your documents and analysesPerformance of contract (Art. 6(1)(b))
Enforcing usage limits and detecting abuseLegitimate interest (Art. 6(1)(f))
Processing one-time credit package purchasesPerformance of contract + legal obligation (Art. 6(1)(b)(c))
Sending essential service emails (e.g. password reset, billing)Performance of contract (Art. 6(1)(b))

AI processing and your documents

When you submit a document for analysis, the extracted text is sent to Anthropic (the provider of the Claude AI model) for processing. Anthropic processes this text solely to return an analysis response.

We have configured our Anthropic API account with data retention disabled. This means Anthropic does not store your document text and does not use it to train AI models. See Anthropic's Privacy Policy for more detail.

We do not use your documents or analysis results to train any AI model

Who we share your data with

We share data only with the service providers required to operate Unclause:

ProviderPurpose
SupabaseAuthentication, database storage, and file storage
AnthropicAI-powered document analysis (text only, no retention)
Payment processorPayment processing for one-time credit package purchases
PostHogProduct analytics — we track feature usage and events to improve the service. Only authenticated users are tracked. No advertising use.
RailwayApplication hosting and infrastructure

We do not sell your personal data. We do not share it with advertisers, data brokers, or any third party for purposes unrelated to operating the service.

How long we keep your data

Data typeRetention
Account and profile dataUntil you delete your account
Uploaded documents and analysesUntil you delete them or close your account
Usage logs12 months from creation
Billing recordsAs required by applicable tax law (typically 5–7 years)
Security and server logsUp to 90 days

When you delete your account, your documents, analyses, and personal data are permanently removed from our systems within 30 days, except where we are required by law to retain billing records.

Security

We take the following measures to protect your data:

  • All traffic between your browser and our servers uses TLS encryption
  • Files are stored encrypted at rest
  • Files are never served via public URLs — only via short-lived (5-minute) signed URLs generated server-side
  • Row-level security (RLS) in our database ensures you can only access your own data
  • Our backend uses a service role key that never reaches the browser
  • Authentication is handled by Supabase with secure, HttpOnly session cookies

No system is perfectly secure. In the event of a data breach that may result in harm to you, we will notify you and any relevant regulatory authorities as required by law.

Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you
  • Correct data that is inaccurate
  • Delete your account and all associated data
  • Export a copy of your data in a portable format
  • Object to or restrict certain processing
  • Withdraw consent where we rely on it

To exercise any of these rights, email [email protected]. We will respond within 30 days.

You can delete your account directly from your account settings at any time. Deleting your account will trigger deletion of all your documents and analyses from our systems within 30 days.

Notice for EEA, UK, and Switzerland residents (GDPR)

We rely on the legal bases described in "How we use your information" above. You have the right to lodge a complaint with the data protection authority in your country. For EU-related privacy enquiries, contact us at [email protected].

If your personal data is transferred outside the European Economic Area, we rely on the standard contractual clauses and data processing agreements provided by our service providers (Supabase, Anthropic, Railway, PostHog) as transfer safeguards.

Notice for California residents (CCPA / CPRA)

In the past 12 months, we have collected the following categories of personal information, as defined under California law:

  • Identifiers — email address, account ID
  • Commercial information — credit purchase history, credit balance
  • Other user-provided content — documents you upload and their analysis results

We do not sell your personal information. We do not share it for cross-context behavioral advertising. You have the right to know, access, correct, delete, and opt out. To exercise these rights, email [email protected].

Children's privacy

Unclause is not directed to children under the age of 13 (or under 16 in the EEA/UK). We do not knowingly collect personal information from children. If you believe a child has created an account, please contact us at [email protected]. and we will delete it promptly.

Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the "Last updated" date at the top and notify you by email or through the app before the changes take effect.

Contact

For any privacy-related questions or requests, contact us at [email protected].