ClausePilot Privacy Policy

    Last updated 23 April 2026.

    1. Introduction

    ClausePilot KorlĂĄtolt FelelƑssĂ©gƱ TĂĄrsasĂĄg (registration number: Cg.01-09-454891; registered seat: 1163 Budapest, KarĂĄt utca 33., Hungary) ("ClausePilot", "we", "us", or "our"), accessible via clausepilot.com and app.clausepilot.com, is committed to protecting and respecting your privacy. This Privacy Policy sets forth our firm commitment to safeguarding the Personal Data and User-Generated Content of all individuals and entities (collectively, "users" or "you") who access or use the ClausePilot AI-powered productivity platform, including any associated web services and features (collectively, the "Platform").

    For the purposes of applicable data protection legislation, including Regulation (EU) 2016/679 (the "General Data Protection Regulation" or "GDPR"), ClausePilot acts in different capacities depending on the type of data being processed:

    1. As a Data Controller for user account information and platform usage data;
    2. As a Data Processor for user-uploaded documents and user and client information contained within those documents.

    This differentiated approach recognizes that users and legal professionals using our Platform remain the Data Controllers for their own and their clients' information and the documents and information they upload or create.

    This Privacy Policy applies to all users who access, register for, or utilize the Platform and any related services provided by ClausePilot, including document upload, chat-based assistance, analysis and drafting, and cloud-based storage ("vaults"). Acceptance of the terms of this Privacy Policy is an express condition of your access to and use of the Platform and associated services.

    2. Roles and Responsibility

    2.1 Differentiated Controller and Processor Roles

    ClausePilot applies a differentiated approach to its data protection roles based on the type of data being processed:

    1. As a Data Controller: ClausePilot acts as the Data Controller (as defined in Article 4(7) GDPR) for:
      • Account information and personal data provided during registration
      • User account management data
      • Platform usage data and analytics
      • Technical data necessary for the operation of the Platform
      • Communications between users and ClausePilot
    2. As a Data Processor: ClausePilot acts as a Data Processor (as defined in Article 4(8) GDPR) for:
      • All User-Generated Content
      • Information contained within documents uploaded by the Users
      • Any output generated by the Platform based on User-provided content

    As a Data Processor for User-Generated Content, ClausePilot:

    • Processes such content strictly on behalf of and according to the instructions of the user
    • Implements appropriate technical and organizational measures to ensure the security of the processing
    • Assists the controller (the User) in ensuring compliance with their GDPR obligations
    • Does not determine the purposes or essential means of processing data contained in user uploads

    Users remain the Data Controllers for all information and documents they upload or create on the Platform and retain full control and responsibility for such content.

    2.2 Data Subjects

    The term "Data Subjects" under this Privacy Policy includes:

    1. Users of the Platform,
    2. For Personal Data for which ClausePilot acts as the Data Controller: individuals whose data is provided to ClausePilot directly by users for account management and service delivery;
    3. For User-Generated Content for which ClausePilot acts as the Data Processor: individuals whose information is contained within documents uploaded or created by the User while using the Platform. For this category, the User remains the Data Controller and maintains the direct relationship with these Data Subjects.

    3. Scope of Policy and Service Description

    This Privacy Policy applies to the full territorial, functional, and technical scope of ClausePilot's operations as Data Controller, and governs all Personal Data and User-Generated Content processed in connection with the Platform.

    3.1 Platform and Services Covered

    This Policy applies to and includes, without limitation, coverage of the following:

    1. AI-powered document drafting, review, and analysis functions made available through clausepilot.com and its associated subdomains or web properties;
    2. Upload, processing, and storage of user documents in electronic form;
    3. Chat-based document assistance functionality;
    4. Provision of secure personal document "vaults";
    5. The integrated third-party text editor functionality within the Platform;
    6. All direct user interactions, account registration, account management activities, and participation in features or functions available within the Platform.

    3.1.1 Third Party Text Editor Integration

    ClausePilot integrates with a third-party text editor to provide enhanced document editing capabilities. When you use the text editor within the Platform:

    1. The text editor operates as an integrated component of the ClausePilot Platform;
    2. Content created or edited in the editor is processed in accordance with the same data controller/processor relationships outlined in this Privacy Policy;
    3. ClausePilot acts as a Data Processor for content entered or modified through the text editor;
    4. All security measures, confidentiality protections described in this Policy apply equally to content processed through the text editor;
    5. No separate or additional data sharing occurs through the text editor beyond what is described in this Privacy Policy.

    3.1.2 Legal Data Considerations

    We specifically confirm that:

    1. All document processing is designed to preserve and protect business secrets and confidentiality;
    2. Our systems are engineered to maintain the confidentiality of sensitive legal documents and communications;
    3. Uploaded documents remain under the control of the User at all times.

    3.2 Third-Party API Integration

    ClausePilot integrates with and utilizes APIs from third-party artificial intelligence providers, as listed in Appendix 2 of the Data Processing Agreement.

    These integrations enable ClausePilot to provide AI-powered document analysis, document drafting, and analysis. When you use features that leverage these APIs, your queries and selected content may be processed by these third-party services under strict confidentiality and data protection measures as detailed in Section 7.

    3.3 Exclusions

    The following items are expressly excluded from the coverage and scope of this Policy:

    1. Any integration with, access to, data transfer to or from, or processing of user data through Google Docs, Google Workspace, or any external cloud-based document editing platform;
    2. ClausePilot does not train, tune, or enhance any AI model, machine learning system, or automated analysis tool by using or providing user-uploaded documents, chat content, document data, or personal information for such purposes.

    Certain personal-data flows are transferred to AI service providers located in the United States. Transfers rely on (i) the EU–U.S. Data Privacy Framework (‘DPF’) where the provider is certified, or (ii) the European Commission’s Standard Contractual Clauses (‘SCCs’) supplemented by transfer-impact assessments and encryption safeguards.

    4. Data Categories Collected

    ClausePilot collects and processes information strictly limited to data categories essential for the operation, security, and performance of the Platform in accordance with the GDPR and other applicable data protection laws.

    4.1 Personal Data

    Personal Data includes all information relating to an identified or identifiable natural person as defined under Article 4(1) GDPR. ClausePilot collects and processes the following categories of Personal Data:

    1. Names, including first name, last name, and username or similar account identifier;
    2. Email addresses and, if supplied, job title or function;
    3. Payment-related information strictly limited to billing address, payment confirmation tokens, subscription status;
    4. Authentication records, including login credentials (securely hashed and salted), session tokens.

    4.2 User-Generated Content

    User-Generated Content encompasses documents, document drafts, supporting documentation, and any other files or materials uploaded, input, generated, or stored by users in the course of utilizing the Platform, including content transmitted via chat interfaces.

    4.3 Usage Data

    Usage Data refers to information collected and generated by the Platform regarding how users interact with ClausePilot's services, including:

    1. Records of platform features used;
    2. Timestamps and logs of document uploads, downloads, edits, deletions;
    3. Interaction history and user workflow data;
    4. Non-content-based records of queries and AI request submissions;
    5. Aggregate metrics for user session duration and feature adoption rates.

    4.4 Technical Data

    Technical Data consists of information required to ensure the secure, stable, and efficient operation of the Platform and its related services, including but not limited to:

    1. Browser type, version, and browser-related configuration details;
    2. Operating system details;
    3. Device identifiers and characteristics;
    4. Internet Protocol (IP) address;
    5. Date and time of access, server logs, and request status codes.

    5. Purposes and Legal Bases for Data Processing

    ClausePilot processes Personal Data and User-Generated Content strictly for specified, explicit, and legitimate purposes in full compliance with Articles 5 and 6 of the GDPR.

    5.1 Processing as a Data Controller

    For Personal Data for which ClausePilot acts as the Data Controller, the processing is based on the following legal grounds:

    1. Performance of Contract (Article 6(1)(b) GDPR): Processing necessary for the performance of the contract between ClausePilot and the user, including account creation, authentication, and delivery of core platform functionality.
    2. Legitimate Interests (Article 6(1)(f) GDPR): Processing necessary for the legitimate interests pursued by ClausePilot, including platform security, service improvement, and technical support, provided these interests are not overridden by the fundamental rights and freedoms of the Data Subject. (summary of balancing test: we use pseudonymised usage statistics, no intrusive tracking, users reasonably expect such processing, and it is necessary to detect fraud and improve performance) Analysis of document content or client-specific data is explicitly excluded from processing under legitimate interests.
    3. Legal Obligation (Article 6(1)(c) GDPR): Processing necessary for compliance with legal obligations to which ClausePilot is subject, such as financial record-keeping.
    4. Consent (Article 6(1)(a) GDPR): Processing based on specific, informed, and unambiguous consent for particular purposes that are not covered by the other legal bases. This includes Marketing and Communications. We may process your contact information (such as your name and email address) to send you product updates, newsletters, and other marketing communications about our services. We will request your consent before sending you any marketing communications. For existing customers, we will offer you the opportunity to grant or reject your consent the next time you log in to the Platform. You are free to refuse consent without any negative impact on your access to or use of our core services. You can withdraw your consent at any time by clicking the "unsubscribe" link provided in every marketing email or by contacting us directly, as detailed in Section 8.1.1 of this Policy.

    5.2 Processing as a Data Processor

    For User-Generated Content for which ClausePilot acts as a Data Processor, ClausePilot processes such data:

    1. Solely on documented instructions from the user (the Data Controller);
    2. Under the terms of this Privacy Policy and the Data Processing Agreement;
    3. For the purpose of providing the contracted services;
    4. In accordance with Article 28 of the GDPR.

    The legal basis for this processing is determined by the User (as Data Controller) in relation to the Data Subjects. ClausePilot enables Users to fulfill their own controller obligations by providing appropriate technical and organizational measures for security, confidentiality, and data subject rights management.

    6. AI Processing, Data Storage, and Retention

    6.1 AI Processing Restrictions and Confidentiality Safeguards

    ClausePilot, acting as a Data Processor for User-Generated Content, strictly restricts all automated processing by artificial intelligence to session-limited operations required to deliver document review, document analysis, documents drafting, or related platform features expressly requested by the user. This includes processing via third-party APIs from the providers listed in Appendix 2 of the Data Processing Agreement.

    ClausePilot does not use documents uploaded, documents reviewed, queries submitted, or any other user input for the training, tuning, testing, validation, or refinement of AI systems, or for any form of machine learning model improvement or dataset creation.

    For legal professionals using our Platform:

    1. Preservation of Privilege: All AI processing is designed to preserve legal professional privilege and client confidentiality. Our system architecture ensures that documents retain their privileged status throughout processing.
    2. Confidentiality Assurance: All third-party API providers are contractually bound to maintain the confidentiality of legal documents and are prohibited from storing, retaining, or using content for any purpose other than providing the immediate requested service.
    3. Data Isolation: Each legal professional's documents are processed in isolated environments to prevent any cross-contamination of client information or breach of confidentiality barriers.
    4. Processing Transparency: Legal professionals can access logs detailing which documents have been processed through which AI systems to maintain complete records for compliance with professional requirements.
    5. Data Processor Safeguards: As a Data Processor for User-Generated Content, ClausePilot processes such content strictly in accordance with the documented instructions of the legal professional (as Data Controller) and implements appropriate security measures in line with Article 32 GDPR.

    6.2 User Vaults and Personal Storage

    Users may upload, store, and manage documents and other User-Generated Content in secure personal vaults. ClausePilot, acting as a Data Processor for this content, grants users exclusive, full, and continuous control over their vault contents, including the irrevocable right to delete, download, or remove any or all stored content at the user's sole discretion at any time.

    As a Data Processor, ClausePilot:

    • Processes vault contents only on instructions from the user (Data Controller);
    • Ensures that technical and organizational measures are in place to secure the content;
    • Does not access vault contents except where strictly necessary for technical support or maintenance, and only with appropriate safeguards;
    • Enables users to exercise complete control over their data, including fulfillment of their own obligations toward their clients.

    6.3 Data Retention Policy

    ClausePilot implements a strict data retention policy that ensures no user data, User-Generated Content, or Personal Data is retained beyond user-controlled storage and session-limited processing. Upon user deletion of content from vaults or closure of their account, ClausePilot shall promptly and irrevocably expunge the relevant data from all primary systems, live environments, and backups, subject only to any compulsory retention strictly required under applicable EU laws and as described below.

    Retention Schedule (Art. 5(1)(e) GDPR)

    Data setRetention periodDeletion trigger / business rationale
    Account master data related to accountingLife of account + 6 yearsHungarian Accounting Act
    Billing & VAT records6 yearsHungarian Accounting Act
    Audit logs (security)12 monthsSecurity investigation window
    Support tickets24 monthsQuality review & dispute defence
    Vault contentsUser-controlledImmediate deletion on user request, without back-up

    6.4 Is the Provision of Personal Data Mandatory?

    Except for the basic account data we require to open and maintain your user account (name, e-mail, billing address, payment confirmation tokens, subscription status), you are under no statutory or contractual obligation to provide any personal data. Failure to provide the mandatory account data will prevent us from setting up your account but will have no other consequences.

    7. Data Sharing and Third-Party Access

    ClausePilot restricts all sharing of User-Generated Content and Personal Data to a strictly limited set of trusted third parties, and solely for the legitimate provision, operation, security, and legal compliance of the Platform.

    7.1 Sub-processing of User-Generated Content

    As a Data Processor for User-Generated Content, ClausePilot may engage sub-processors listed in Appendix 2 of the Data Processing Agreement (including the third-party API providers listed therein) strictly for the purpose of delivering the contracted services. In accordance with Article 28(2) GDPR, ClausePilot:

    1. Obtains general written authorization from users for the engagement of sub-processors through this Privacy Policy;
    2. Imposes the same data protection obligations on all sub-processors through written contracts;
    3. Remains fully liable to users for the performance of sub-processors' obligations;
    4. Will inform users of any intended changes concerning the addition or replacement of sub-processors, giving users the opportunity to object to such changes.

    When you use AI-powered features of the Platform, ClausePilot (as a Data Processor) may transmit your queries and selected content to our third-party API providers (as listed in Appendix 2 of the Data Processing Agreement) under the following conditions:

    • Only content specifically submitted for AI processing is shared with these providers;
    • Sharing occurs solely for the purpose of delivering the requested AI-powered service;
    • All data is transmitted securely using encryption;
    • Our agreements with these providers prohibit them from using your data to train their models;
    • All providers are subject to strict contractual obligations regarding data protection and confidentiality;
    • Documents are processed with additional confidentiality headers that explicitly inform the API provider of the confidential and potentially privileged nature of the content;
    • We implement technical measures to ensure that API providers do not retain your documents or queries beyond the processing necessary to generate the requested response.

    For legal professionals concerned about specific jurisdiction requirements or professional ethics rules, we can provide, upon request, detailed documentation about our API provider agreements and the specific technical and contractual safeguards in place for handling legal documents.

    7.2 User Authentication

    To manage user sign-up, login, and session authentication securely, we use Google Firebase Authentication, a service provided by Google Ireland Ltd. and its affiliates. When you create an account or log in, your authentication credentials (such as your email address and a securely hashed password or social login token) are processed by Google.

    We do not store plaintext passwords on our servers. This processing is essential for us to provide you with secure access to the Platform. The legal basis for this processing is the performance of our contract with you (Art. 6(1)(b) GDPR). Google processes this data in accordance with its privacy policy.

    7.3 Payment Processing

    We use Stripe, Inc. and its affiliates (“Stripe”) as our payment service provider to process payments made through our Platform. When you make a payment, your payment information (such as credit card number, billing address, and related details) is collected and processed directly by Stripe. We do not store or have access to your complete payment card details.

    Stripe processes your payment information in accordance with its own privacy policy, which is available at: https://stripe.com/privacy.

    The legal basis for this processing is the performance of our contract with you (Art. 6(1)(b) GDPR) and our legitimate interest in securing and processing payments (Art. 6(1)(f) GDPR).

    Data Shared with Stripe

    To enable payment processing, we share with Stripe the following categories of data:

    • Identifiers (e.g., name, email address, billing address)
    • Transaction details (e.g., order number, amount, currency, payment method)
    • Technical data necessary for payment authentication and fraud prevention

    International Data Transfers

    Stripe may process payment data outside the European Economic Area (EEA). Where such transfers occur, Stripe ensures appropriate safeguards in accordance with applicable data protection laws, including the use of Standard Contractual Clauses approved by the European Commission.

    Retention

    We retain records of transactions for as long as necessary to comply with our legal and accounting obligations. Stripe retains payment data in accordance with its own retention policies.

    7.4 Analytics Services

    ClausePilot may use reputable analytics service providers, under GDPR-compliant data processing agreements, for the purpose of monitoring the performance, stability, and usage of the Platform based on anonymized or pseudonymized data.

    7.5 Customer Relationship Management

    We use HubSpot, Inc. as our Customer Relationship Management (CRM) platform to organize, manage, and communicate with our users and prospective customers. To facilitate this, we may share certain Personal Data with HubSpot, including:

    • Names, email addresses, and job titles.
    • Records of communications between you and ClausePilot, such as support requests.
    • Information about your subscription and platform usage to provide better support and service updates.

    The legal basis for this processing is our legitimate interest in maintaining effective customer relationships and providing efficient user support (Art. 6(1)(f) GDPR). Data is transferred to HubSpot in the United States under appropriate safeguards, such as the EU-U.S. Data Privacy Framework or Standard Contractual Clauses.

    7.6 Strict Prohibition on External AI Training and Model Sharing

    ClausePilot expressly prohibits the contribution, provision, transfer, or disclosure of any User-Generated Content, document uploads, chat transcripts, query content, or Personal Data to any external AI vendor, technology supplier, modeling consortium, or commercial or academic dataset for the purposes of AI model training, tuning, validation, or enhancement.

    7.7 Legal Disclosures

    ClausePilot may disclose Personal Data or User-Generated Content only where required by binding legal obligation, valid court order, subpoena, or other enforceable official request made by a competent authority within the European Economic Area, where the respective order cannot be appealed or already enforceable.

    8. User Rights and Controls

    ClausePilot is fully committed to respecting and protecting the rights of all data subjects under the GDPR and applicable EU data protection laws.

    8.1 Your Rights Under GDPR

    8.1.1 Rights Where ClausePilot is the Data Controller

    For Personal Data for which ClausePilot acts as the Data Controller (your account information, usage data, etc.), you have the following rights:

    1. Right of Access: The right to obtain confirmation of processing and access to your Personal Data.
    2. Right of Rectification: The right to have inaccurate Personal Data corrected and incomplete data completed.
    3. Right of Erasure: The right to obtain the erasure of your Personal Data under certain conditions.
    4. Right to Data Portability: The right to receive your Personal Data in a structured, commonly used, and machine-readable format.
    5. Right to Restrict Processing: The right to obtain restriction of processing under certain circumstances.
    6. Right to Object: The right to object to processing based on legitimate interests, including profiling.
    7. Right to Withdraw Consent: The right to withdraw consent at any time when processing is based on consent.

    You can exercise these rights by contacting ClausePilot directly using the contact information provided in Section 13.

    8.1.2 Rights Where ClausePilot is the Data Processor

    For User-Generated Content for which ClausePilot acts as a Data Processor (documents, contracts, etc. that you upload or create), your rights should primarily be exercised through the legal professional who acts as the Data Controller for this content. However, ClausePilot provides the following direct controls:

    • Direct Access: You have direct access to all your uploaded content through the Platform interface.
    • Self-Service Deletion: You can delete any document or content at any time through the Platform.
    • Data Export: You can export all your content in common file formats.
    • Processing Logs: You can access logs of how your content has been processed.

    For User-Generated Content, data subjects may: (a) contact the User directly, or (b) submit requests to ClausePilot at privacy@clausepilot.com, which will be forwarded to the relevant Controller within 48 hours with our assistance in fulfilling the request.

    8.2 Control Over Vault Contents

    ClausePilot provides users with comprehensive, direct, and exclusive control over all documents, contracts, and other User-Generated Content stored in their personal vaults on the Platform, including immediate deletion rights.

    8.3 Procedures for Exercising Rights

    To exercise any of your rights under this Privacy Policy, you may contact ClausePilot at the address or contact details set out in Section 13 (Contact and Enquiries). ClausePilot will respond to all data subject requests in accordance with the requirements and timelines established under the GDPR, in any case not later than 30 days.

    8.4 Right to Lodge a Complaint

    If you believe that the processing of your personal data infringes the GDPR, you may lodge a complaint with the competent supervisory authority.

    • Primary supervisory authority: Nemzeti AdatvĂ©delmi Ă©s InformĂĄciĂłszabadsĂĄg HatĂłsĂĄg (NAIH)
    • Postal address: 1363 Budapest, Pf.: 9., Hungary
    • Telephone: +36 (30) 683-5969; +36 (30) 549-6838; +36 (1) 391 1400
    • E-mail: ugyfelszolgalat@naih.hu
    • Website: naih.hu

    You may also complain to the data-protection authority in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement.

    9. Data Security Measures

    ClausePilot implements comprehensive technical, organizational, and administrative security measures designed to protect all Personal Data and User-Generated Content from unauthorized access, accidental loss, alteration, disclosure, or destruction.

    9.1 Technical Security Infrastructure

    ClausePilot employs robust technical safeguards, including:

    1. Encryption of all data in transit (TLS 1.3) and at rest (AES-256);
    2. Enterprise-grade cloud infrastructure in compliance with comprehensive security certifications;
    3. Regular security testing and code reviews;
    4. Continuous security monitoring;
    5. Data loss prevention systems specifically configured for legal document protection;
    6. Granular access controls to support ethical wall requirements for legal professionals.

    9.1.1 Legal Practice Security Enhancements

    For legal professionals, we implement additional security measures:

    1. Matter-Based Security: The ability to organize documents by matter with specific access controls for each matter;
    2. Client Confidentiality Protection: Technical measures to ensure content from different clients remains segregated;
    3. Audit Trails: Detailed logs of all document access and processing for compliance with legal professional regulatory requirements;
    4. Regulatory Compliance: Security controls specifically designed to meet legal profession regulatory requirements across EU jurisdictions;
    5. Enhanced Document Deletion: Secure deletion protocols that exceed industry standards to ensure client documents cannot be recovered after deletion.

    9.2 Organizational Security Measures

    ClausePilot implements organizational measures, including:

    1. Strict limitation of access to user data on a need-to-know basis;
    2. Comprehensive staff training on data protection and security;
    3. Confidentiality obligations for all staff and contractors;
    4. Background verification for personnel with access to sensitive systems;
    5. Documented security procedures and regular compliance audits;
    6. Rigorous vendor security assessment and monitoring.

    9.3 AI Security and Confidentiality

    ClausePilot implements specific security measures for AI processing:

    1. Secure, isolated environments for all AI processing;
    2. No training of AI models on user data;
    3. Strict security requirements for third-party API providers;
    4. Explicit instructions that user data must not be used for model training;
    5. Transparency about AI models used and security measures applied.

    10. Children's Privacy

    ClausePilot's Platform and services are not directed to, designed for, or intentionally targeted at children of any age. ClausePilot does not knowingly collect, process, store, or use Personal Data from children of any age.

    11. Cookie and Tracking Technology Policy

    ClausePilot uses cookies and similar tracking technologies solely for essential platform functionality, performance monitoring, and user experience enhancement in accordance with the e-Privacy Directive and GDPR. For comprehensive cookie information, see our dedicated Cookie Policy.

    12. Updates to this Privacy Policy

    ClausePilot reserves the right to modify, amend, or update this Privacy Policy at any time to reflect changes in our practices, services, legal requirements, or technological advancements.

    12.1 Notification of Changes

    • Direct email notifications at least 30 days before changes take effect if the changes affect your rights;
    • Prominent in-Platform notifications;
    • A summary of key changes.

    12.2 Continued Use and Acceptance

    Your continued use of the Platform after the effective date of an updated Privacy Policy constitutes your acceptance of the changes, subject to your rights to terminate your account if you disagree with material changes.

    13. Contact and Enquiries

    13.1 Privacy Contact Details

    13.2 Privacy lead

    ClausePilot does not meet any of the mandatory GDPR criteria to appoint a data protection officer. If you have any questions about this policy or in general in relation to privacy, the privacy lead of ClausePilot is available at the following email: privacy@clausepilot.com

    13.3 Response Timeframes

    • Acknowledgment within 72 hours;
    • Substantive response to general enquiries within 14 days;
    • Response to data subject rights requests within one month as required by the GDPR.

    14. Automated Decision-Making

    We do not perform any automated decision-making, including profiling, which produces legal effects or similarly significant effects within the meaning of Art. 22 GDPR.

    15. Definitions

    "Personal Data"
    Any information relating to an identified or identifiable natural person as defined in Article 4(1) of the GDPR.
    "User-Generated Content"
    Any legal documents, contracts, contract drafts, clauses, templates, text, data, information, or other materials that are uploaded, input, created, modified, stored, or otherwise processed by users through the Platform.
    "Platform"
    The ClausePilot AI-powered productivity platform, including the web-based interface accessible via clausepilot.com and all associated services.
    "Data Controller"
    The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, as defined in Article 4(7) GDPR. Legal professionals using the Platform act as Data Controllers for their clients' data contained in User-Generated Content.
    "Data Processor"
    A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, as defined in Article 4(8) GDPR. ClausePilot acts as a Data Processor for User-Generated Content uploaded by legal professionals.
    "GDPR"
    Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural data with regard to the processing of personal data and on the free movement of such data.
    "Third-Party API Providers"
    The external artificial intelligence service providers (as listed in Appendix 2 of the Data Processing Agreement) whose APIs are integrated into the Platform to provide AI-powered features. These providers act as sub-processors of ClausePilot for User-Generated Content.
    "Sub-processor"
    Any processor engaged by ClausePilot (as a processor) that processes User-Generated Content on behalf of users listed in Appendix 2 of the Data Processing Agreement. The third-party API providers are considered sub-processors.

    This site uses cookies, for details read our Cookie Policy.