Legal

Privacy Policy.

How we collect, use, and protect your information when you use ContractsIQ®.

Overview

Incluud Inc. (“ContractsIQ,” “we,” “us,” or “our”) operates ContractsIQ® (the “Service”), an AI-powered contract intelligence platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access or use the Service.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with any part of this policy, please discontinue use of the Service.

Plain English: We collect the information needed to provide you with a great product. We don’t sell your data. We don’t use your contract content to train AI models without your explicit consent. We protect your data with enterprise-grade security.

Information We Collect

Information You Provide Directly

  • Account information: Name, email address, password, job title, and company name when you register for an account.
  • Payment information: Billing address and payment card details, processed securely through our third-party payment processor. We do not store full card numbers.
  • Contract content: Documents, files, and data you upload to or create within the Service.
  • Communications: Messages you send us via contact forms, email, or support channels.
  • Profile and preferences: Settings, notification preferences, and configurations you establish within your account.

Information Collected Automatically

  • Usage data: Pages visited, features used, search queries entered, clicks, and interactions within the Service.
  • Device information: Browser type and version, operating system, device identifiers, screen resolution, and language settings.
  • Log data: IP address, access timestamps, referring URLs, and error logs.
  • Cookies and similar technologies: Session identifiers, authentication tokens, and preference cookies as described in our Cookies section below.

Information from Third Parties

  • Integrations: When you connect third-party services (such as Google Drive, Dropbox, or SharePoint), we receive data necessary to provide the integration, subject to those services’ own privacy policies.
  • Single Sign-On (SSO): If you log in through a third-party identity provider, we receive basic profile information such as your name and email address.

How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service: Processing and analyzing your contracts, generating insights, delivering alerts, and maintaining your account.
  • Improving the Service: Understanding how users interact with ContractsIQ® to fix bugs, develop new features, and optimize performance.
  • Communications: Sending transactional emails (account confirmations, password resets, billing receipts), product updates, and — where you have opted in — marketing communications.
  • Security and fraud prevention: Detecting and preventing unauthorized access, abuse, and other harmful or illegal activity.
  • Legal compliance: Meeting our obligations under applicable laws and regulations, including responding to lawful requests from public authorities.
  • Aggregated analytics: Creating de-identified, aggregated statistics about Service usage that cannot reasonably be used to identify you.

Important: We will never use the content of your contracts to train AI or machine learning models without your explicit, written consent. Your contract data is yours.

Sharing & Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following circumstances:

Service Providers

We engage trusted third-party companies to perform services on our behalf — including cloud hosting, payment processing, email delivery, analytics, and customer support tooling. These providers access your information only as necessary to perform their functions and are contractually bound to protect it.

Business Transfers

In the event of a merger, acquisition, financing, or sale of all or a portion of our business, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on the Service before your information becomes subject to a different privacy policy.

Legal Requirements

We may disclose your information if required to do so by law or in the good-faith belief that such action is necessary to: (a) comply with a legal obligation; (b) protect and defend our rights or property; (c) prevent fraud or address security issues; or (d) protect the personal safety of users of the Service or the public.

With Your Consent

We may share your information with third parties when you explicitly consent to us doing so.

Data Security

We implement and maintain industry-standard technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data at rest using AES-256
  • Encryption of data in transit using TLS 1.3
  • SOC 2 Type II certification
  • Regular penetration testing and vulnerability assessments
  • Role-based access controls and least-privilege principles
  • Multi-factor authentication for all internal systems
  • Comprehensive audit logging

While we take these precautions, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security, and you use the Service at your own risk.

Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data: Retained for the duration of your account, plus up to 90 days after termination to allow for account recovery.
  • Contract content: Retained for the duration of your subscription. Upon cancellation, you may export your data within 30 days, after which it will be deleted from our systems within 90 days.
  • Usage logs: Retained for up to 12 months for security and analytics purposes.
  • Billing records: Retained for 7 years as required by applicable tax and accounting regulations.

You may request earlier deletion of your data as described in the Your Rights section below.

Your Rights

Depending on your location, you may have certain rights with respect to your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information, subject to certain exceptions.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to certain processing of your information, including direct marketing.
  • Restriction: Request that we restrict processing of your information in certain circumstances.
  • Withdraw consent: Where we rely on consent as a legal basis for processing, you may withdraw that consent at any time.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know about and opt out of the “sale” of personal information. We do not sell personal information as defined under the CCPA.

EEA, UK, and Swiss residents have rights under GDPR and equivalent legislation. Our legal basis for processing your personal information includes: performance of a contract (to provide the Service), legitimate interests (to improve the Service, prevent fraud, and ensure security), compliance with legal obligations, and consent (for marketing communications).

Cookies & Tracking

We use cookies and similar tracking technologies to operate and improve the Service. The types of cookies we use include:

  • Strictly necessary cookies: Required for the Service to function, including session management and authentication. These cannot be disabled.
  • Functional cookies: Remember your preferences and settings (e.g., language, timezone) to personalize your experience.
  • Analytics cookies: Help us understand how users interact with the Service so we can improve it. We use de-identified data for this purpose.

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Service. We do not use third-party advertising cookies or sell cookie-derived data.

International Data Transfers

ContractsIQ® is headquartered in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

For transfers from the European Economic Area, United Kingdom, or Switzerland, we rely on appropriate safeguards including Standard Contractual Clauses approved by the European Commission, and equivalent mechanisms as applicable.

Children’s Privacy

The Service is not directed to children under the age of 16, and we do not knowingly collect personal information from children. If we become aware that a child under 16 has provided us with personal information without parental consent, we will take steps to delete that information. If you believe a child has provided us with personal information, please contact us at [email protected].

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (at the address associated with your account) and/or by posting a prominent notice on the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes your acceptance of the updated policy.

We encourage you to review this policy periodically to stay informed about how we protect your information.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to all legitimate inquiries within 30 days.