Privacy policy
Anonymous by design
Three things you should know up front:
- No employer name field. ClauseLine never asks who your employer is. The analyzer is specifically forbidden from outputting employer names from your contract.
- 90-day auto-deletion. Your uploaded contract text is automatically deleted 90 days after analysis. You can also delete it immediately, one click, no support ticket.
- We keep the minimum, then discard it. We hash IPs with a daily salt that we discard after 24 hours. After that, the hash is unrecoverable.
What we collect
When you create an account: email, first name, last name, specialty, and a password (stored hashed). Optionally, a phone number for SMS tips — never required.
When you run an analysis: the contract text you upload, your intake responses (specialty, employer type, geography, contract type — never the employer’s name), and the analyzer’s output.
When you visit the site: standard server logs (IP, user agent, request path, timestamp). IPs are hashed with a salt that rotates daily and is discarded after 24 hours.
What we don’t collect
- Your employer’s name or any field that lets us reconstruct it.
- Your social security number, medical records, or patient information.
- Third-party cookies. We use PostHog for product analytics (configurable opt-out). No advertising trackers.
How long we keep things
- Contract text: 90 days, then automatically deleted. Delete sooner from your dashboard.
- Analysis output: Retained while your account is active. Deletable on request.
- Account info: Retained while your account is active. Deleted within 30 days of account closure.
- Server logs: 30 days, then purged. IP hashes become unrecoverable after 24 hours.
- Stripe receipts: Retained as required by Stripe and US tax law (7 years).
Who we share data with
Only the service providers we need to run ClauseLine, each bound by their own privacy commitments:
- • Stripe (payments) — receives card details directly; we never see your card number.
- • Document-analysis infrastructure — processes contract text solely to produce your analysis; contractually barred from retaining or reusing it.
- • Neon (Postgres database) — stores account info and analysis records.
- • Supabase (authentication) — manages sign-in, magic links, sessions.
- • Resend (transactional email) — delivers receipts, password resets, and the lead-magnet nurture sequence.
- • Cloudflare R2 (file storage) — hosts sample PDFs and analyzer-generated documents.
- • PostHog (product analytics) — aggregated usage; opt-out available.
- • Sentry (error monitoring) — receives stack traces and error context, scrubbed of personal identifiers.
- • Twilio (SMS delivery) — if you opt in to text messages, your mobile number and outbound message content pass through Twilio for carrier delivery.
We do not sell your data. We do not share it with employers, recruiters, contract management groups (CMGs), or health systems. We do not run advertising on ClauseLine.
SMS / text messaging
ClauseLine sends optional text messages only if you opt in — by entering your mobile number at checkout or in your dashboard and checking the “Yes, send me text updates” box. Opt-in is double-confirmed by an initial SMS that requires no action to keep, but reply STOP to that or any later message to opt out immediately. Reply HELP for support details.
What we may send: contract analysis ready, action-required reminders, occasional educational nudges tied to your analysis. Typical frequency is 1–4 messages per analysis. Message and data rates may apply from your mobile carrier. We never share your phone number with third parties for marketing.
Carrier delivery is handled by Twilio. Your phone number and message log are retained while your account is active and deleted within 30 days of account closure.
Your rights
- Access: Email support@clauseline.com and we will send you everything we have associated with your email, in JSON, within 30 days.
- Delete: Delete a single analysis from your dashboard, or email us to delete the entire account. Account deletion finalizes within 30 days.
- Correct: Update email, name, or specialty from your dashboard. Email us for anything else.
- Opt out of analytics: PostHog has a one-click opt-out in your account settings.
Children
ClauseLine is for licensed physicians and residents. We do not knowingly collect data from anyone under 18.
Social platforms
ClauseLine maintains accounts on LinkedIn, Instagram, TikTok, Threads, X, YouTube, and Bluesky. When you interact with those accounts (follow, comment, send a DM), the platform’s own privacy policy applies to that interaction. We do not import follower lists, scrape data, or contact you via DM unless you message us first.
Changes
If we change this policy in a material way, we will email registered users at least 14 days before the change takes effect. The current version always lives here. Earlier versions are kept in our public repository’s git history.
Contact
Privacy questions, data requests, or anything else: support@clauseline.com. We answer within one business day.
ClauseLine is operated by a Wyoming limited liability company with its principal place of business at 1603 Capitol Ave, Ste 415 #235101, Cheyenne, WY 82001. For formal service of process, email hello@clauseline.com first to confirm the current registered agent address.
Plain summary: ClauseLine collects what it needs to run, deletes contracts in 90 days, never asks for an employer name, never sells data, and lets you take everything out or delete it on request.
Last updated: May 28, 2026. Back to ClauseLine