Privacy Policy

Effective: 31 May 2026

We collect only the data needed to run the Service. Below we describe processing purposes and your rights.

1. Data controller

Synclex OÜ (registry code 17476899) is the controller. Contact: hello@estoniancontract.review.

2. Processing principles

We process personal data under GDPR: lawfully, fairly, transparently, for specified purposes, with data minimisation, accuracy, limited retention, integrity, and confidentiality.

3. Data we process

On upload: contract file content for extraction and analysis (not stored permanently).

Session data: analysis result, contract type, payment status, temporary token.

Payments: processed by Stripe; we do not store card details.

Technical data: IP address, browser, timestamps (abuse prevention and service reliability).

4. Legal basis

Contract performance (GDPR Art. 6(1)(b)): delivering analysis and processing payment.

Legitimate interests (Art. 6(1)(f)): security, abuse prevention, service improvement.

Legal obligation: accounting and tax requirements where applicable.

5. Purposes

Perform contract analysis and display results; process payments; manage expiring sessions; customer support; security and development.

6. Sharing

We do not sell personal data. Processors include Anthropic (AI analysis), Stripe (payments), Upstash (temporary storage), and hosting providers. Appropriate safeguards apply.

We disclose data only when required by law.

7. Retention

Contract content: not kept after processing. Results: up to 1 hour (free) or 24 hours (paid), then deleted. Server logs: up to 12 months. Accounting records: as required by law.

8. Your rights

You may request access, rectification, erasure, restriction, objection, and portability where applicable. Contact hello@estoniancontract.review. We respond within 30 days. Supervisory authority: Estonian DPA (www.aki.ee).

9. Security

We use TLS encryption, access controls, ephemeral tokens, and data minimisation. No method is perfectly secure; we apply reasonable safeguards.

10. Cookies

Minimal cookies or local storage (e.g. theme preference). No advertising cookies.

11. Automated decisions

The Service uses AI for analysis. It does not produce legal effects without human review; it is informational, not a court decision.

12. Children

The Service is not directed at children under 16. We do not knowingly collect children’s data.

13. Changes

We may update this policy. Changes are posted on this page with a new effective date.

14. Contact and ODR

Synclex OÜ, registry code 17476899, hello@estoniancontract.review. EU ODR: https://ec.europa.eu/consumers/odr/