Privacy

• • Your account info (email, hashed password via Supabase Auth)
• • Your subscription status and plan tier
• • The analysis or generated output produced by our AI tools — contract reviews, policy analyses, and generated proposals
• • The file name or working title you provided

30-day retention. Generated outputs are automatically hard-deleted 30 days after they're created. Export or download anything you want to keep before then — once purged, it's gone from our database and not recoverable. Account info, subscription status, and API key metadata are kept as long as your account is active.

• • The raw text of your contracts. It exists in memory only for the ~30 seconds it takes to analyze it, then it's discarded.
• • The raw text of your insurance policies. Same principle — analyzed and discarded.
• • The project briefs you write for Proposals. Processed into a proposal, then discarded.
• • The original PDF or DOCX files you upload. We extract the text, analyze it, and throw the file away.
• • Your payment info — that lives with Stripe, not us.

Before any document text is sent to our AI provider, we run a server-side redaction pass that replaces high-sensitivity personal information with placeholder tokens. The AI works on the redacted version; we restore the original values in the output so the analysis you see looks unchanged. This means our AI provider never sees:

• • Social Security numbers
• • Credit card numbers (Luhn-validated)
• • Phone numbers
• • Email addresses
• • Account, policy, member, claim, or MRN numbers

Names, addresses, and dates of birth are notcurrently redacted — they're often needed for the analysis to be useful (e.g. the policy analyzer naming the insured party) and regex detection of those produces too many false matches. This is a known limitation documented here for transparency.

Anthropic— The redacted document text is sent to Anthropic's Claude API for analysis or generation. Per their commercial terms: your data is not used to train AI models, and inputs/outputs are automatically deleted after 7 days (Anthropic's current default retention). Combined with our PII redaction above, this means high-sensitivity PII (SSN, CC, account numbers) never reaches them at all, and the redacted text they do see is purged within a week.

Supabase — We use Supabase for authentication and to store the analysis output. Data is encrypted at rest.

Vercel — Hosts our application. Requests pass through their infrastructure but are not stored beyond standard server logs (~7 days).

Stripe — Handles all payment processing. We never see your card details.

• • Delete any analysis or proposal from your dashboard at any time
• • Delete your entire account from your Account page — everything is removed and any active subscription is canceled
• • Export your analyses as PDF reports from the detail page
• • Request a full copy of your data by emailing us

We use only essential cookies needed for authentication (keeping you logged in). We don't use analytics cookies, tracking pixels, or advertising cookies.

PrimeDeck provides AI-powered analysis and generation for informational purposes only. PrimeDeck Contracts does not provide legal advice. PrimeDeck Policies does not provide insurance advice. PrimeDeck Proposals produces draft content you should review before sending to clients. For important decisions, always consult the appropriate professional (attorney, insurance broker, etc.). See our Terms of Service for full terms of use.

Questions about privacy? Email us at privacy@primedeck.ai.