TermLift
Legal

Privacy Policy

Last updated: March 5, 2026

Quick Summary

  • Uploaded files deleted after processing. We don't store raw files.
  • Only AI outputs saved if you choose to keep them.
  • Data sent to OpenAI for analysis.
  • We don't sell your data or use it for ads.
  • You can delete your account and data anytime.

1. Who We Are

TermLift is operated by its founding team. Company registration is in progress.

Contact: privacy@termlift.com

2. What We Collect

Account Info:

  • • Email address (for login)
  • • Password (hashed, never plaintext)
  • • Usage count & subscription status

Deal Data (only if you save):

  • • Extracted text from documents
  • • AI-generated analysis
  • • Deal metadata (title, vendor, etc.)

Payment Info:

  • • Processed by Stripe (we don't store card details)
  • • We see transaction IDs and subscription status

Automatically:

  • • IP address, browser type, device info
  • • Usage patterns and error logs

3. How We Use Your Data

  • • Provide the AI analysis service
  • • Manage your account and subscription
  • • Process payments
  • • Send service updates (not marketing unless you opt in)
  • • Improve the service
  • • Prevent fraud and abuse

4. Who We Share Data With

OpenAI

Extracted text sent for AI analysis. They don't use API data to train models.

Supabase

Database hosting. SOC 2 certified, data encrypted at rest.

Stripe

Payment processing. They handle all card data securely.

Vercel

Application hosting. Sees request metadata.

We don't share data with advertisers, brokers, or social media platforms.

5. Your Rights

  • Access: Request a copy of your data
  • Delete: Request account deletion anytime
  • Correct: Update inaccurate information
  • Export: Get your data in portable format
  • Object: Object to certain processing

To exercise these rights: privacy@termlift.com

6. Data Retention

  • Uploaded files: Deleted immediately after processing
  • Saved deals: Until you delete them or close your account
  • Account data: Until you request deletion
  • Logs: Up to 90 days

7. Security

We use standard security practices:

  • • TLS encryption in transit
  • • Password hashing (bcrypt)
  • • Database access controls (RLS)
  • • Immediate file deletion after processing

See our Security page for details.

8. International Transfers

Your data may be processed in the US and other countries where our service providers operate. We rely on Standard Contractual Clauses (SCCs) for transfers outside the EEA/UK.

9. Children

TermLift is not for users under 18. We don't knowingly collect data from children.

10. Changes to This Policy

We may update this policy. Material changes will be communicated via email at least 14 days before taking effect.

11. Contact

Privacy questions: privacy@termlift.com

General support: support@termlift.com