← Back to Terms

Privacy Policy

Final Revision Inc — AI-Powered Contract Review Platform

Effective Date: January 22, 2026 | Last Updated: January 22, 2026

1. INTRODUCTION

Final Revision Inc. ("Company," "we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered contract review platform (the "Service").

This Privacy Policy applies to all users of the Service, including visitors, registered users, and enterprise customers. By using the Service, you consent to the data practices described in this policy.

Data Controller: Final Revision Inc., Cooper City, FL 33026, United States

Privacy Contact: For all privacy inquiries, data subject requests, or concerns, contact us at support@finalrevision.ai

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

When you register for an account or use the Service, we collect:

  • Account Information: Full name, email address, password (encrypted with Argon2 or bcrypt), company name, company domain, industry selection, and role (admin, editor, viewer)
  • Billing Information: Payment details processed by Stripe (we store only Stripe customer ID, not full payment card details)
  • Profile Information: User preferences, communication settings, and subscription tier
  • Document Content: Contracts, agreements, and other documents you upload for AI analysis
  • User-Generated Content: Comments, annotations, feedback on AI suggestions, chat messages with AI, and team collaboration messages
  • Support Communications: Messages sent to customer support, feedback forms, and survey responses

2.2 Information Collected Automatically

When you access the Service, we automatically collect:

  • Usage Data: Login timestamps, last active date, pages visited, features used, documents analyzed, and interaction with AI recommendations
  • Device Information: IP address, browser type and version, operating system, device identifiers, user agent string
  • Audit Logs: Comprehensive logs of user actions including document uploads, AI analysis requests, accept/decline decisions on findings, team member invitations, role changes, and account modifications. These logs include IP address, user agent, and timestamps for security and compliance purposes.
  • Cookies and Tracking: Session cookies for authentication, functional cookies for user preferences, and optional analytics cookies (with your consent)

2.3 Information from Third Parties

  • Authentication Providers: If you use single sign-on (SSO), we receive your name and email from your identity provider
  • Payment Processors: Stripe provides transaction status, subscription state, and billing history
  • External Collaborators: When invited to review documents, external users provide name and email for verification

2.4 Enterprise Learning System Data (Enterprise Tier Only)

For organizations on the Enterprise plan with learning enabled, we collect additional data to improve AI recommendations:

  • Feedback Events: Accept or decline decisions on AI-generated findings and redline suggestions
  • Interaction Patterns: Which risk categories you prioritize, editing patterns on AI suggestions, and confidence score adjustments
  • Organization Preferences: Detected patterns in contract review priorities specific to your organization

Important: Learning system data is organization-scoped and not shared with other customers. Aggregated, anonymized metrics may be used for platform-wide improvements. You can opt out of the learning system at any time in organization settings.

3. LEGAL BASIS FOR PROCESSING (GDPR)

We process your personal data under the following legal bases:

  • Contractual Necessity (GDPR Art. 6(1)(b)): Processing account information, billing data, and service usage to fulfill our Terms and Conditions and provide the Service
  • Consent (GDPR Art. 6(1)(a)): Marketing communications, analytics cookies, AI model training (opt-in), and Enterprise learning system (opt-out available)
  • Legitimate Interests (GDPR Art. 6(1)(f)): Fraud prevention, security monitoring, service improvement, audit logging for compliance (ISO 42001), and customer support
  • Legal Obligation (GDPR Art. 6(1)(c)): Compliance with tax laws, financial regulations, and data breach notification requirements

4. HOW WE USE YOUR INFORMATION

We use collected information for the following purposes:

4.1 Service Provision

  • Create and manage user accounts and organizations
  • Process and analyze uploaded contracts using AI models (OpenAI GPT-5/GPT-4o)
  • Generate risk assessments, redline suggestions, and contract summaries
  • Enable team collaboration, document sharing, and external reviewer access
  • Provide document version control and audit trails
  • Process payments and manage subscriptions via Stripe

4.2 Service Improvement

  • Analyze usage patterns to improve features and user experience
  • For Enterprise customers with learning enabled: personalize AI recommendations based on your organization's feedback patterns
  • Monitor AI model performance, accuracy, and reliability
  • Conduct research to enhance contract analysis capabilities

4.3 Communications

  • Send transactional emails (account confirmations, password resets, billing notifications, security alerts)
  • Deliver notifications for document mentions, comments, and shared documents
  • Send marketing communications (with your consent, opt-out available)
  • Respond to customer support inquiries and feedback

4.4 Security and Compliance

  • Detect and prevent fraud, abuse, and unauthorized access
  • Maintain audit logs for ISO 42001 AI governance compliance (7-year retention)
  • Investigate security incidents and respond to data breaches
  • Comply with legal obligations and regulatory requirements

5. DATA SHARING AND THIRD-PARTY PROCESSORS

We share your information with the following third parties under Data Processing Agreements (DPAs):

5.1 AI Service Providers

  • OpenAI: Contract text and metadata are sent to OpenAI's GPT-5 and GPT-4o models for analysis. OpenAI processes data according to their Enterprise Privacy Policy. We do not use customer data to train OpenAI's general models unless you explicitly opt in.

5.2 Payment Processors

  • Stripe: Payment card details, billing information, and transaction history are processed by Stripe. We store only Stripe customer IDs. See Stripe Privacy Policy.

5.3 Cloud Infrastructure

  • AWS S3 / MinIO: Document files are stored with encryption at rest. Access is restricted to authorized application services.
  • Database Hosting: User data and application state are stored in secure PostgreSQL databases with encryption and access controls.

5.4 Customer Relationship Management

  • Go High Level (GHL): Contact information (name, email, company, phone) is synchronized for sales and customer success workflows.

5.5 Email Delivery

  • SMTP Provider: Email addresses and message content are transmitted via secure SMTP/SSL for transactional and marketing emails.

5.6 No Sale of Personal Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. Under CCPA, we do not "sell" personal information as defined by the statute.

6. DATA RETENTION

We retain your data for the following periods:

  • Account Data: Retained while your account is active. After account deletion, personal data is deleted within 30 days.
  • Document Content: Retained until you delete documents or request account deletion.
  • Audit Logs: Retained for 7 years in compliance with ISO 42001 AI governance standards. Personal identifiers (names, emails) are anonymized after 1 year, but anonymized logs (IP addresses replaced with pseudonyms) are retained for the full 7-year period.
  • Chat Messages: Automatically deleted after 2 years unless part of active document collaboration.
  • Billing Records: Retained for 7 years for tax and financial compliance.
  • Inactive Accounts: Accounts with no login for 3 years may be automatically deleted after email notice.

7. YOUR PRIVACY RIGHTS

7.1 Rights Under GDPR (EU/EEA Users)

If you are located in the European Economic Area, you have the following rights:

  • Right of Access (Art. 15): Request a copy of all personal data we hold about you
  • Right to Rectification (Art. 16): Correct inaccurate or incomplete personal data
  • Right to Erasure / Right to be Forgotten (Art. 17): Request deletion of your personal data (subject to legal retention obligations for audit logs)
  • Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format (JSON/CSV)
  • Right to Restriction of Processing (Art. 18): Limit how we process your data in certain circumstances
  • Right to Object (Art. 21): Object to processing based on legitimate interests, including marketing
  • Right to Withdraw Consent (Art. 7(3)): Withdraw consent for marketing, cookies, or AI training at any time
  • Right to Lodge a Complaint: File a complaint with your national data protection authority (e.g., ICO in UK, CNIL in France)

7.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the following rights:

  • Right to Know (§1798.100): Request disclosure of personal information collected, used, and shared
  • Right to Delete (§1798.105): Request deletion of personal information (subject to exceptions)
  • Right to Opt-Out of Sale (§1798.120): We do not sell personal information, so no opt-out is necessary
  • Right to Non-Discrimination (§1798.125): You will not receive discriminatory treatment for exercising CCPA rights
  • Right to Correct (§1798.106): Request correction of inaccurate personal information

7.3 How to Exercise Your Rights

To exercise any of these rights, contact us at:

  • Email: support@finalrevision.ai with subject line "Data Subject Request"
  • Account Settings: Download your data or delete your account from the Settings page

We will respond to verified requests within 30 days (GDPR) or 45 days (CCPA). We may request additional information to verify your identity before processing requests.

8. COOKIES AND TRACKING TECHNOLOGIES

8.1 Types of Cookies We Use

  • Strictly Necessary Cookies: Authentication tokens, session management, security features. These cannot be disabled as they are essential for Service operation.
  • Functional Cookies: User preferences (theme, language), remembered settings. These enhance user experience but are not essential.
  • Analytics Cookies (Optional): Usage statistics, feature adoption metrics. Require your consent before activation.

8.2 Managing Cookie Preferences

You can manage cookie preferences through your browser settings or our cookie consent banner (displayed on first visit). Disabling strictly necessary cookies may prevent you from using certain features of the Service.

9. INTERNATIONAL DATA TRANSFERS

Final Revision is based in the United States. If you access the Service from outside the US, your data will be transferred to and processed in the United States.

For EU/EEA users, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate data protection during international transfers. Our third-party processors (OpenAI, Stripe, AWS) also use SCCs or other approved transfer mechanisms.

10. DATA SECURITY

We implement industry-standard security measures to protect your data:

  • Encryption: Data in transit via HTTPS/TLS; data at rest in S3 storage encrypted with AES-256
  • Password Security: Passwords hashed with Argon2 or bcrypt (not stored in plain text)
  • Access Controls: Role-based permissions (admin, editor, viewer); multi-tenant isolation prevents cross-organization data access
  • Network Security: Firewalls, intrusion detection, and regular security assessments
  • Audit Logging: Comprehensive activity logs for security investigations and compliance

Despite these measures, no system is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

11. DATA BREACH NOTIFICATION

In the event of a data breach that compromises your personal information, we will:

  • Notify affected users within 72 hours of becoming aware of the breach (GDPR Art. 33 requirement)
  • Notify relevant supervisory authorities (e.g., ICO, state attorneys general) as required by law
  • Provide details about the breach, affected data, and mitigation steps
  • Offer guidance on protecting yourself from potential harm

12. CHILDREN'S PRIVACY

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, contact us at support@finalrevision.ai and we will delete it promptly.

13. AI MODEL TRAINING AND OPT-OUT

By default, we do not use your Customer Data (uploaded contracts, documents) to train general AI models. Your contract content is processed by OpenAI's models but is not used for OpenAI's model training under our Enterprise agreement.

If we seek to use anonymized contract data for improving Final Revision's proprietary AI features in the future, we will:

  • Request your explicit opt-in consent
  • Provide clear disclosure of how data will be used
  • Allow you to opt out at any time by emailing support@finalrevision.ai

Enterprise Learning System: For Enterprise customers, the optional learning system analyzes your organization's feedback patterns to personalize AI recommendations. This is organization-scoped and can be disabled in settings.

14. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Service features. Material changes will be communicated via:

  • Email notification to your registered address (for significant changes)
  • Prominent notice on the Service homepage
  • Updated "Last Updated" date at the top of this policy

Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy. For material changes that require new consent, we will seek your explicit agreement.

15. CONTACT US

For questions about this Privacy Policy, to exercise your privacy rights, or to contact our privacy team:

  • Email: support@finalrevision.ai
  • Subject Line: "Privacy Inquiry" or "Data Subject Request"
  • Mailing Address: Final Revision Inc., Cooper City, FL 33026, United States

We aim to respond to all privacy inquiries within 48 hours and data subject requests within 30 days.

This Privacy Policy is effective as of January 22, 2026. By using Final Revision, you acknowledge that you have read and understood this Privacy Policy.