🔒 Privacy Policy

🌟1. Introduction

At Termfy, we've built our entire platform around the principle of transparency, and that extends deeply into our privacy practices. We understand that in an age where personal data is often treated as a commodity, users deserve to know exactly what happens to their information when they use digital services.

Our commitment to privacy isn't just a legal requirement—it's a core value that influences every technical and business decision we make. We believe that providing transparency about legal documents shouldn't come at the cost of your personal privacy, which is why we've designed our service to be as privacy-preserving as possible.

This Privacy Policy serves as our contract with you regarding data handling, explaining not just what we do, but also what we don't do with information that might be associated with your use of our service. We've written this policy in plain language because we believe privacy policies should be as transparent as the legal documents we help you understand.

📊2. Information We Collect

What We Currently Collect

Website Content Collection

When you use Termfy to analyze a legal document, we access and process the publicly available content from that webpage. This includes terms of service, privacy policies, and other legal documents that are publicly accessible on the internet. We store this content for several important purposes:

• Providing immediate analysis and summaries to users
• Improving our AI models through training and refinement
• Maintaining a database of legal document changes over time
• Quality assurance and accuracy improvements

Technical Information

Like most web services, our servers automatically collect certain technical information necessary for basic functionality:

• IP Addresses: Used for rate limiting, security, and basic analytics
• Browser Information: User agent strings for compatibility and debugging
• Timestamps: When requests are made for performance monitoring
• Error Logs: Technical errors for service improvement

What We Don't Collect

🔧3. How We Use the Data

Our data usage is focused entirely on providing and improving our core service of legal document analysis. Every piece of information we process serves a specific, transparent purpose in delivering value to our users.

Primary Uses

• Document Analysis and Summarization: The publicly available legal documents we collect are processed by our AI systems to generate summaries, risk assessments, and explanatory content. This is the core function of our service and requires us to analyze and understand the content of these documents.
• AI Model Training and Improvement: We use the legal documents in our database to continuously train and refine our AI models. This helps us improve accuracy, understand new types of legal language, and provide better summaries over time. This training process is automated and doesn't involve human review of personal information.
• Service Quality and Performance: Technical logs and usage patterns help us identify bugs, optimize performance, and ensure our service remains reliable and fast for all users.

Secondary Uses

• Security and Abuse Prevention: IP addresses and technical information help us prevent abuse, implement rate limiting, and protect our service from malicious activities.
• Legal Compliance: We may process information as required by applicable laws, regulations, or legal processes, though we will always strive to minimize such processing and notify users when legally permitted.

What We Don't Use Data For

🤝4. Third-Party Services

While we strive to minimize third-party dependencies to protect your privacy, our service does rely on certain external providers for core functionality. We're committed to being transparent about these relationships and ensuring they align with our privacy values.

Current Third-Party Services

Third-Party Data Sharing Principles

When we work with third-party services, we follow strict principles:

• Minimal Data Sharing: We only share the minimum data necessary for functionality
• Purpose Limitation: Data is only used for the specific purpose we've contracted for
• Privacy-First Vendors: We choose providers with strong privacy commitments
• No Personal Data: We don't share personal user information with any third parties

🔄5. Data Sharing

When We Might Share Information

While we don't engage in commercial data sharing, there are limited circumstances where we might be required to share information:

Legal Requirements

We may disclose information if required by law, regulation, legal process, or governmental request. In such cases, we will:

• Carefully review the legal basis for any request
• Provide only the minimum information legally required
• Notify affected users when legally permitted
• Challenge overly broad or inappropriate requests

Safety and Security

We may share information if we believe it's necessary to:

• Protect the safety of our users or the public
• Investigate potential violations of our terms
• Prevent fraud or abuse of our service
• Protect our legal rights and property

Business Transfers

In the unlikely event of a merger, acquisition, or sale of assets, user information might be transferred as part of that transaction, but only under strict privacy protections.

🔐6. Data Security

We take data security seriously and implement multiple layers of protection to safeguard any information processed through our service, even though we don't store personal user data.

Technical Security Measures

• Encryption: All data transmission between your browser and our servers is encrypted using industry-standard TLS encryption. Any data stored on our servers is encrypted at rest using AES-256 encryption.
• Access Controls: We implement strict access controls ensuring that only authorized personnel can access our systems, and all access is logged and monitored.
• Infrastructure Security: Our servers are hosted with reputable cloud providers that maintain SOC 2 compliance and implement comprehensive physical and digital security measures.

Operational Security Practices

• Regular Security Audits: We conduct regular reviews of our security practices
• Vulnerability Management: We promptly address any identified security vulnerabilities
• Incident Response: We have procedures in place to respond quickly to any security incidents
• Employee Training: All team members receive security awareness training

Data Retention Security

For the limited data we do store (website content and technical logs), we implement secure deletion procedures when data reaches the end of its retention period.

✊7. User Rights

Even though we don't collect personal data, we believe users should have control over their interactions with our service and understand their rights regarding any information that might be processed.

Your Current Rights

• Right to Information: You have the right to understand what data we process, which this Privacy Policy aims to provide comprehensively.
• Right to Access: You can request information about any data processing that might relate to your use of our service.
• Right to Correction: If you believe any information we've processed is incorrect, you can request corrections.
• Right to Deletion: You can request deletion of any data that might be associated with your use of our service.
• Right to Object: You can object to certain types of data processing, and we'll work to accommodate your concerns.

How to Exercise Your Rights

To exercise any of these rights, contact us at termfyai@gmail.com with:

• A clear description of your request
• Any relevant information to help us identify applicable data
• Your preferred method of response

We will respond to all privacy requests within 30 days, or sooner when possible.

🍪8. Cookies

Our approach to cookies is minimal and focused solely on essential functionality rather than tracking or advertising purposes.

Essential Cookies Only

We use only essential cookies that are necessary for our service to function properly:

• Session Management: Temporary cookies to maintain your session while using our service
• Security Cookies: Cookies that help protect against cross-site request forgery and other security threats
• Preference Cookies: Cookies that remember your settings and preferences within our extension

What We Don't Use

Cookie Control

You can control cookies through your browser settings, though disabling essential cookies may affect the functionality of our service. Most browsers allow you to:

• View and delete existing cookies
• Block cookies from specific sites
• Block all cookies (not recommended for functionality)
• Receive notifications when cookies are set

👶9. Children's Privacy

We are committed to protecting the privacy of children and comply with applicable children's privacy laws, including COPPA (Children's Online Privacy Protection Act) in the United States and similar regulations worldwide.

Parental Rights and Responsibilities

If you are a parent or guardian and believe your child under 13 has used our service or provided information to us, please contact us immediately at termfyai@gmail.com. We will promptly investigate and take appropriate action, including deleting any information we may have inadvertently collected.

Parents and guardians have the right to:

• Review any personal information we might have collected from their child
• Request deletion of their child's information
• Refuse to allow further collection or use of their child's information

Teen Privacy (Ages 13-17)

For users between 13 and 17, we encourage parental involvement in understanding our service and privacy practices. While we don't collect personal information from any users, we recommend that parents discuss internet privacy and safety with their teenagers.

🔄10. Changes to This Policy

As our service evolves and privacy laws develop, we may need to update this Privacy Policy. We're committed to transparency in this process and ensuring that users are always informed about our privacy practices.

How We Handle Changes

When we make changes to this Privacy Policy, we will:

• Advance Notice: Provide at least 30 days' notice before any material changes take effect
• Clear Communication: Explain what's changing and why in plain language
• Multiple Channels: Notify users through our extension interface, website, and email (if we have contact information)
• Version Control: Maintain previous versions for reference and comparison

Types of Changes

• Minor Changes: Clarifications, typo corrections, or formatting improvements may be made without extensive notice, but we'll always update the "Last Updated" date.
• Material Changes: Any changes that affect how we collect, use, or share data will receive full notice and may require re-acceptance of the policy.

Your Options

If you don't agree with changes to our Privacy Policy, you can:

• Contact us to discuss your concerns
• Stop using our service before the changes take effect
• Request deletion of any data we might have related to your use

📞11. Contact Us

We believe that open communication is essential for maintaining trust and addressing privacy concerns. We're committed to being responsive and helpful when users have questions about our privacy practices.

What to Include in Privacy Inquiries

To help us respond effectively to your privacy questions or requests, please include:

• Subject Line: "Privacy Inquiry" or "Data Request"
• Specific Question: Clear description of your concern or request
• Relevant Details: Any information that might help us understand your situation
• Preferred Response Method: How you'd like us to respond

Response Timeline

We strive to respond to all privacy inquiries within:

• General Questions: 2-3 business days
• Data Requests: 30 days maximum (usually much faster)
• Urgent Privacy Concerns: Within 24 hours

Privacy Commitment

Our Promise: We will never share your contact information when you reach out to us about privacy concerns. Your privacy inquiries are treated with the utmost confidentiality and are handled only by authorized team members who are trained in privacy protection.

If you're not satisfied with our response to a privacy concern, you may have the right to file a complaint with your local data protection authority or privacy regulator.