Privacy
Last updated: April 2026
The short version
We don't store the documents or briefs you submit. When you upload a contract, policy, or submit a proposal brief, we extract the content, send it to our AI provider for analysis or generation, save the resulting output, and discard the original. You own your data, you can delete it at any time, and we don't train AI models on it.
What we store
- • Your account info (email, hashed password via Supabase Auth)
- • Your subscription status and plan tier
- • The analysis or generated output produced by our AI tools — contract reviews, policy analyses, and generated proposals
- • The file name or working title you provided
What we don't store
- • The raw text of your contracts.It exists in memory only for the ~30 seconds it takes to analyze it, then it's discarded.
- • The raw text of your insurance policies. Same principle — analyzed and discarded.
- • The project briefs you write for Proposals. Processed into a proposal, then discarded.
- • The original PDF or DOCX files you upload. We extract the text, analyze it, and throw the file away.
- • Your payment info — that lives with Stripe, not us.
PII redaction before AI processing
Before any document text is sent to our AI provider, we run a server-side redaction pass that replaces high-sensitivity personal information with placeholder tokens. The AI works on the redacted version; we restore the original values in the output so the analysis you see looks unchanged. This means our AI provider never sees:
- • Social Security numbers
- • Credit card numbers (Luhn-validated)
- • Phone numbers
- • Email addresses
- • Account, policy, member, claim, or MRN numbers
Names, addresses, and dates of birth are notcurrently redacted — they're often needed for the analysis to be useful (e.g. the policy analyzer naming the insured party) and regex detection of those produces too many false matches. This is a known limitation documented here for transparency.
Third parties that see your data
Anthropic— The redacted document text is sent to Anthropic's Claude API for analysis or generation. Per their commercial terms: your data is not used to train AI models, and is retained for up to 30 days solely for abuse monitoring, then deleted. We have also requested zero-data-retention processing where available.
Supabase — We use Supabase for authentication and to store the analysis output. Data is encrypted at rest.
Vercel — Hosts our application. Requests pass through their infrastructure but are not stored beyond standard server logs (~7 days).
Stripe — Handles all payment processing. We never see your card details.
Your rights
- • Delete any analysis or proposal from your dashboard at any time
- • Delete your entire account from your Account page — everything is removed and any active subscription is canceled
- • Export your analyses as PDF reports from the detail page
- • Request a full copy of your data by emailing us
Cookies
We use only essential cookies needed for authentication (keeping you logged in). We don't use analytics cookies, tracking pixels, or advertising cookies.
Disclaimer
PrimeDeck provides AI-powered analysis and generation for informational purposes only. PrimeDeck Contracts does not provide legal advice. PrimeDeck Policies does not provide insurance advice. PrimeDeck Proposals produces draft content you should review before sending to clients. For important decisions, always consult the appropriate professional (attorney, insurance broker, etc.).
Contact
Questions about privacy? Email us at privacy@primedeck.ai.