TermLift
TermLift
Legal

Privacy Policy

Last updated: March 13, 2026

Quick Summary

  • Uploaded files are deleted immediately after processing — we never store your raw documents.
  • Only the AI-generated analysis is saved, and only if you choose to keep it.
  • Extracted text is sent to Anthropic (Claude AI) for analysis — they don't train on API data.
  • We don't sell, share, or use your data for advertising.
  • You can delete your account and all associated data anytime.

1. Who We Are

TermLift is a deal analysis platform operated by its founding team. We help procurement and finance teams analyze supplier quotes and contracts using AI to surface negotiation leverage and identify risks.

Contact: hello@termlift.com

2. What We Collect

Account Info:

  • Email address (for login and service communications)
  • Password (hashed — we never store or see your plaintext password)
  • Usage count and plan/subscription status

Deal Data (only if you choose to save):

  • Extracted text from your uploaded documents
  • AI-generated analysis output (negotiation insights, risk flags, benchmarks)
  • Deal metadata (title, vendor name, deal type, etc.)

Payment Info:

  • Processed by Stripe (coming soon) — we never store your card details
  • We only see transaction IDs and subscription status

Automatically Collected:

  • IP address, browser type, and device information
  • Usage patterns and feature interaction via PostHog analytics

3. How We Use Your Data

  • Provide the AI-powered deal analysis service
  • Manage your account and subscription
  • Process payments
  • Send service updates and important notifications (not marketing unless you opt in)
  • Improve the service based on aggregated, anonymized usage patterns
  • Prevent fraud, abuse, and unauthorized access

4. Who We Share Data With

We only share data with the service providers necessary to run TermLift. We do not sell, rent, or share your data with advertisers, data brokers, or social media platforms.

Anthropic

Extracted text from your documents is sent to Anthropic's Claude AI for analysis. Anthropic does not use API data to train their models. privacy policy

Supabase

Database and authentication hosting. SOC 2 Type II certified. All data encrypted at rest and in transit.

Vercel

Application hosting and deployment. SOC 2 certified with enterprise-grade infrastructure.

PostHog

Anonymized product analytics to understand how features are used and improve the service. No personally identifiable information is shared for analytics purposes.

Stripe (coming soon)

Payment processing. Stripe handles all card data securely under PCI DSS Level 1 compliance. We never see or store your full card number.

5. Data Retention

  • Uploaded files: Deleted immediately after text extraction — we never store your raw documents
  • Saved deals: Kept until you delete them or close your account
  • Account data: Kept until you request deletion
  • Analytics logs: Retained for up to 90 days, then automatically purged

We do not sell or share your data with advertisers. When you delete data, it is permanently removed from our systems.

6. Cookies

We use minimal cookies, strictly for functionality and analytics. We do not use advertising or tracking cookies.

Session Authentication:

  • Supabase auth cookies to keep you logged in securely
  • These are essential for the service to function

Analytics:

  • PostHog cookies for anonymized product analytics
  • Used to understand usage patterns and improve the service

What we don't use:

  • No advertising cookies
  • No third-party tracking cookies
  • No social media cookies

7. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR) and similar data protection laws, you have the following rights:

  • Access: Request a copy of all personal data we hold about you
  • Delete: Request deletion of your account and all associated data at any time — this is also available directly in your profile settings
  • Correct: Update or correct any inaccurate personal information
  • Export: Receive your data in a portable, machine-readable format
  • Object: Object to certain types of data processing

To exercise any of these rights, contact us at hello@termlift.com. We will respond to your request within 30 days.

8. International Transfers

Your data may be processed in the United States and other countries where our service providers (Anthropic, Supabase, Vercel, Stripe) operate. For transfers of personal data outside the European Economic Area (EEA) and the United Kingdom, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection of your data.

9. Children

TermLift is not intended for users under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

10. Changes to This Policy

We may update this privacy policy from time to time. If we make material changes, we will notify you via email at least 14 days before the changes take effect. Continued use of TermLift after changes take effect constitutes acceptance of the updated policy.

11. Contact

Privacy questions: hello@termlift.com

Data requests: hello@termlift.com

General support: hello@termlift.com