The paperwork, written like we mean it.
Six documents govern everything we do with your data and your money. Each opens with a plain-English summary, and the commitments that matter — never training on your records, deletion with certificates, breach clocks in hours — are contractual, not marketing.
The master agreement: who may use the platform, per-page billing with spend caps, Test-a-File evaluation terms, your duty to verify AI output, and the not-a-medical-device line.
Visitor, customer, and applicant data: what we collect, the full sharing list, a named retention table, US state and GDPR rights — and what individuals do when their records went through our platform.
Processor terms for the records you upload: instructions-only processing, the contractual never-train clause, customer-controlled retention with deletion certificates, subprocessor objection rights, SCCs — plus per-plan data paths in Annex 3.
Where covered entities, business associates, and non-covered legal and casualty teams each stand — and the clause-by-clause map of what our Business Associate Agreement commits us to.
Four vendors can touch Customer Content — AWS, Anthropic, OpenAI, OpenRouter — every one under a BAA with zero-retention, no-training terms. Business-ops vendors listed separately. Subscribe for 30-day advance change notices.
Every cookie and localStorage key, named with provider, purpose, and lifetime. Analytics and marketing run by default, public site only, never the platform, and marketing is always off on Solutions pages; nothing sensitive in browser storage.
Self-Service and Test-a-File customers get the whole stack automatically: accepting the Terms incorporates the DPA, and the BAA is presented click-through before any upload. Enterprise customers execute countersigned versions with their Order Form. The Privacy Notice and Cookie Policy cover the website and your account regardless of plan.
For procurement & security review
Need executed copies on your paper or ours? We accept reasonable redlines.
[email protected] →Controls documentation, SOC 2 evidence summary, pen-test summary — under NDA.
Request via Trust Center →30-day advance notice of any change to who can process Customer Content.
Subscribe on the list →Legal: [email protected] · Privacy: [email protected] · Security: [email protected]
30 North Gould Street, Sheridan, WY 82801