Privacy, retention, and handling expectations

How ContractGhost should handle your contract data

If freelancers are going to trust an AI contract review tool, the data rules need to be blunt, not vague. This page explains the intended handling model for uploaded contracts, what users should expect, and what should be tightened before full rollout.

Back to homepage Read FAQ See demo Sample report

Short version

ContractGhost should process contracts for analysis, minimise what it stores, avoid retaining raw documents unless clearly necessary, and tell users exactly when a third-party AI model is involved. If those rules are not live yet, sensitive contracts should wait.

What data may be involved

Contract text or uploaded files
Risk summaries generated from that text
Basic product analytics like page visits or form submissions
Email address and optional notes if you join the waitlist

What the product should do by default

Minimise retention: analyse the contract, return the result, and avoid storing the raw file longer than needed.
Separate contact data from contract data: waitlist emails should not be mixed into contract content.
Be explicit about third parties: if an AI model provider processes the text, users should know that plainly.
Avoid training ambiguity: users should not have to guess whether uploaded content is being used to train anything.
Delete aggressively: raw uploads should be discarded on a short retention window unless users explicitly request storage.

What freelancers should reasonably expect before uploading

A clear statement on whether raw contracts are stored
A clear statement on how long any stored data lasts
A clear statement on which providers process the content
A way to request deletion if an account or saved history exists
A warning not to upload highly sensitive agreements until the live policy is in place

Current practical reality

ContractGhost is still in validation mode. The frontend, demo, and analysis architecture exist, but the full production privacy posture depends on the final deployment path and operational choices. That means trust language should stay honest: this is the intended standard, and the live implementation should match it before broad rollout.

What not to upload yet

Contracts containing unusually sensitive personal information
M&A, employment, investor, or highly confidential enterprise agreements
Anything you are not comfortable sending through a third-party AI workflow

ContractGhost is for fast freelancer pre-sign screening, not for the most sensitive legal workflows on earth.

The trust standard that should exist at launch

Good privacy copy should be concrete enough that a cautious freelancer can decide in under a minute whether they trust the workflow. That means plain-English answers to storage, retention, deletion, model-provider use, and security basics — not lawyer fog.