Privacy Policy

Last updated: February 20, 2026

1. Overview

APTCI ("we", "our", "us") is a B2B SaaS platform for AI-powered contract and document analysis. This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have over your data. By using APTCI, you agree to the practices described in this policy.

2. Information We Collect

Account information

Full name, email address, company name, and password (stored as a secure hash). Collected at registration.

Documents and project data

Files you upload (PDF, DOCX, images), extracted text, events, obligations, risks, claims, and chat messages. This data is stored in your account and is never shared with other users or organizations.

Usage data

Authentication logs, API request timestamps, and error logs. We do not track individual page views or user behavior with analytics tools.

3. How We Use Your Information

  • To provide the APTCI service: process documents, extract events, generate AI analysis, and store your project data.
  • To send deadline alert emails when you have approaching or overdue contract deadlines.
  • To communicate with you about your account, product updates, and support requests.
  • To improve and debug the platform (using anonymized technical logs only).

4. Third-Party Services

APTCI uses the following third-party infrastructure providers. Each has their own security certifications and privacy policies:

ProviderPurposeData sent
Supabase (AWS)Database, file storage, authenticationAll user and document data
AnthropicAI analysis, OCR, chat responsesDocument text, questions
OpenAIAI fallback (embeddings, analysis)Document text (if Anthropic unavailable)
VercelApplication hostingHTTP requests only
ResendEmail notificationsEmail address, deadline data

Anthropic and OpenAI explicitly state that data sent via API is not used to train their models.

5. Data Security

  • All data is encrypted at rest (AES-256) and in transit (TLS 1.2+).
  • Row-Level Security (RLS) ensures each user can only access their own data at the database level.
  • Passwords are never stored in plain text — only bcrypt hashes.
  • File storage uses access-controlled buckets; files are not publicly accessible.
  • Supabase is SOC 2 Type II certified and GDPR compliant.

6. Data Retention

Your data is retained for as long as your account is active. If you delete your account, all your data — including documents, projects, events, and chat history — is permanently deleted within 30 days. You may also request deletion at any time by contacting us.

7. Your Rights

Depending on your location, you may have the following rights:

  • Access — request a copy of all data we hold about you.
  • Correction — update incorrect or incomplete information.
  • Deletion — request permanent deletion of your account and all associated data.
  • Portability — export your project data in JSON or CSV format.
  • Objection — opt out of any non-essential processing.

8. Cookies

APTCI uses only essential session cookies required for authentication. We do not use advertising, tracking, or analytics cookies.

9. Contact

For any privacy-related questions or requests, please contact us at privacy@aptci.app. We respond to all requests within 5 business days.