Privacy Policy

2. Information we collect

Account information. When you create an account, we collect your name, email address, password (stored as a salted hash), and, where applicable, the company you belong to.

Content you provide. When you upload a contract or other document for analysis, we receive that document and the text extracted from it. This content is stored against your account so you can revisit prior analyses.

Usage data. We log technical information necessary to operate the Service, including IP address, device and browser type, pages viewed, actions taken, and timestamps.

Payment information. If you subscribe to a paid plan, payment is processed by our payment provider (Stripe). We receive limited transaction information (last four digits of card, billing country, transaction amount) but do not store full card numbers.

3. How we use your information

We use the information we collect to: (a) provide, operate, and improve the Service, including running AI analysis on documents you upload; (b) authenticate users and protect against fraud and abuse; (c) communicate with you about your account, billing, and Service updates; (d) comply with legal obligations and enforce our terms; and (e) understand aggregate usage so we can prioritise improvements.

We do not sell your personal information, and we do not use the content of contracts you upload to train third-party AI models.

4. Sharing and disclosure

We share information with limited categories of third parties:

• AI providers. To perform contract analysis, we send document content to our AI inference providers under contractual data-protection commitments. Providers are restricted from using your content to train their models.
• Infrastructure providers. Hosting, database, email, and analytics providers process data on our behalf under contracts that limit their use to providing the relevant service.
• Legal and regulatory. We may disclose information when required by law, court order, or governmental authority, or to protect the rights, property, or safety of Graysen, our users, or others.
• Business transfers. If Graysen is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify users in advance.

5. Data security and storage

We protect personal information using industry-standard security measures, including encryption in transit (TLS) and at rest, restricted access controls, and regular security review of our infrastructure. No system is perfectly secure, however, and we cannot guarantee absolute security.

Documents and account data are stored on infrastructure operated by our cloud and database providers. Where data is stored outside the United Arab Emirates, we ensure appropriate data-protection contractual safeguards are in place.

6. Your rights

Subject to applicable law (including the UAE Personal Data Protection Law, Federal Decree-Law No. 45 of 2021, and the EU General Data Protection Regulation where applicable), you have the right to:

• access the personal information we hold about you;
• correct or update inaccurate information;
• delete your account and associated data;
• object to or restrict certain processing;
• request a portable copy of your data;
• withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at the email below. We will respond within the timeframes required by applicable law.

7. Cookies and tracking

We use a small number of cookies and similar technologies to keep you signed in, remember your preferences, and understand aggregate usage. Most browsers allow you to refuse cookies; doing so may limit your use of certain features of the Service.

8. Data retention

We retain personal information for as long as your account is active and for a reasonable period afterwards to comply with our legal obligations, resolve disputes, and enforce our agreements. You may delete your account at any time, after which we will delete or anonymise your personal information except where retention is required by law.

9. Children

The Service is not directed to individuals under the age of 18, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and, where appropriate, notify you by email or through the Service. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.