Privacy Policy
Effective: 31 May 2026
We collect only the data needed to run the Service. Below we describe processing purposes and your rights.
1. Data controller
Synclex OÜ (registry code 17476899) is the controller. Contact: hello@estoniancontract.review.
2. Processing principles
We process personal data under GDPR: lawfully, fairly, transparently, for specified purposes, with data minimisation, accuracy, limited retention, integrity, and confidentiality.
3. Data we process
On upload: contract file content for extraction and analysis (not stored permanently).
Session data: analysis result, contract type, payment status, temporary token.
Payments: processed by Stripe; we do not store card details.
Technical data: IP address, browser, timestamps (abuse prevention and service reliability).
4. Legal basis
Contract performance (GDPR Art. 6(1)(b)): delivering analysis and processing payment.
Legitimate interests (Art. 6(1)(f)): security, abuse prevention, service improvement.
Legal obligation: accounting and tax requirements where applicable.
5. Purposes
Perform contract analysis and display results; process payments; manage expiring sessions; customer support; security and development.
6. Sharing
We do not sell personal data. Processors include Anthropic (AI analysis), Stripe (payments), Upstash (temporary storage), and hosting providers. Appropriate safeguards apply.
We disclose data only when required by law.
7. Retention
Contract content: not kept after processing. Results: up to 1 hour (free) or 24 hours (paid), then deleted. Server logs: up to 12 months. Accounting records: as required by law.
8. Your rights
You may request access, rectification, erasure, restriction, objection, and portability where applicable. Contact hello@estoniancontract.review. We respond within 30 days. Supervisory authority: Estonian DPA (www.aki.ee).
9. Security
We use TLS encryption, access controls, ephemeral tokens, and data minimisation. No method is perfectly secure; we apply reasonable safeguards.
10. Cookies
Minimal cookies or local storage (e.g. theme preference). No advertising cookies.
11. Automated decisions
The Service uses AI for analysis. It does not produce legal effects without human review; it is informational, not a court decision.
12. Children
The Service is not directed at children under 16. We do not knowingly collect children’s data.
13. Changes
We may update this policy. Changes are posted on this page with a new effective date.
14. Contact and ODR
Synclex OÜ, registry code 17476899, hello@estoniancontract.review. EU ODR: https://ec.europa.eu/consumers/odr/