How accurate is the AI extraction?

Our AI identifies 95%+ of obligations in standard contracts. You can always review and edit extracted items before they become tasks. Complex or unusual contract formats may require manual adjustment.

Is my contract data secure?

Your contracts are stored securely on AWS. We never share your data with third parties. Your contracts are only processed to extract obligations—we don't train AI models on your data.

What happens if I want to cancel?

Cancel anytime with one click. No long-term contracts (ironic, we know). Your data can be exported or deleted on request.

Do I need to change how I sign contracts?

No. Connect your existing DocuSign, PandaDoc, or Google Drive. We import contracts from where they already live—no workflow changes needed.

What types of contracts work best?

Any contract with deadlines or obligations: SaaS agreements, vendor contracts, client SOWs, employment agreements, leases, NDAs, and more. If it has a date that matters, we track it.

PactAlert - Never miss a contractual deadline

1. Introduction

PactAlert is a product of RubiDev OÜ, a private limited company (osaühing) registered in Estonia (registry code: 16935750), with registered office at Vesivärava tn 50-201, Tallinn 10152, Estonia. When we say "we", "our", or "us" in this policy, we mean RubiDev OÜ.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, who we share it with, and the rights you have over it. It applies to visitors to our website and to customers using the PactAlert service.

For a technical description of how we protect your data, see our Security page.

2. Information We Collect

When you visit our website

IP address and basic device information (via server logs)
Pages you visit and actions you take, if analytics cookies are enabled

When you sign up for PactAlert

Your name and email address
Your sign-in provider identifier (e.g., Google OAuth user ID)
Workspace name and your role within it

When you use the service

Contract documents you upload
Obligations, deadlines, and metadata extracted from those contracts
Tasks you create and sync to third-party tools
Usage data (feature interactions, session logs) for debugging and product improvement

When you subscribe to a paid plan

Billing information — handled by Paddle, our Merchant of Record. We do not store full payment card data.
Subscription status and invoice history

When you contact us

The contents of your message and any information you choose to share

3. How We Use Your Information

Provide and operate the PactAlert service
Process your contracts and extract obligations
Send service-related emails (deadline alerts, account notifications)
Communicate with you about your account, subscription, and support requests
Improve the product using aggregated, de-identified usage data
Enforce our Terms of Service and prevent abuse
Comply with legal, tax, and accounting obligations

We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes.

4. Legal Basis for Processing (EU/UK)

If you are in the EU, UK, or EEA, we process your personal data under one or more of the following GDPR legal bases:

Contract — to provide the service you signed up for
Legitimate interests — to secure our systems, improve the product, and prevent fraud or abuse
Consent — for optional analytics cookies and any marketing emails you have opted into
Legal obligation — to meet tax, accounting, and regulatory requirements

5. Sharing, Storage, and Retention

Subprocessors

We use a small set of trusted subprocessors to operate the service:

AWS — document storage and transactional email delivery
OpenAI — extracts obligations from the contract text you upload
Paddle — payment processing and subscription billing
Google — sign-in, and optional Google Drive import if you connect it

The authoritative subprocessor list is maintained on our Security page. We will notify customers of material changes.

Data location

Customer data is stored on infrastructure located in the European Union.

International transfers

Some of our subprocessors (notably OpenAI and Paddle) are located outside the EU. Where personal data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, together with additional technical and organizational safeguards.

Retention

Website server logs: up to 30 days
Account data: retained while your account is active; removed when you delete your workspace
Contract content and extracted obligations: retained in your workspace until you delete them; permanently removed when you delete your workspace
Billing records: retained for 7 years as required by Estonian accounting law
Support communications: retained for up to 2 years after our last contact

6. GDPR Roles — Contract Data About Third Parties

When you use PactAlert to process contracts, those contracts may contain personal data about third parties (signatories, clients, counterparties). In that case:

You are the data controller for that personal data
PactAlert (RubiDev OÜ) is the data processor, acting on your documented instructions

We will sign a Data Processing Addendum (DPA) on request. Email [email protected].

7. Cookies and Tracking

We use a small set of cookies and similar technologies:

Essential cookies — required for sign-in, session management, and basic site functionality. These cannot be disabled without breaking the service.
Functional cookies — remember your preferences (e.g., cookie consent choices)
Analytics cookies — help us understand how the product is used. These are only loaded with your consent; you can change your choice at any time.

We do not use cookies for advertising, retargeting, or cross-site tracking.

8. Your Rights

If you are in the EU, UK, or EEA, you have the right to:

Access — request a copy of the personal data we hold about you
Rectification — request correction of inaccurate or incomplete data
Erasure — request deletion of your data ("right to be forgotten")
Portability — receive your data in a portable format
Restriction or objection — limit or object to certain processing
Withdraw consent — at any time, where we rely on consent
Complaint — lodge a complaint with your local data protection authority. In Estonia this is the Andmekaitse Inspektsioon.

To exercise any of these rights, email [email protected]. You can also delete your workspace directly from your account settings at any time.

9. Security

We take reasonable technical and organizational measures to protect your data, including encryption at rest and in transit, workspace isolation, and restricted internal access. For a full description of our security posture, subprocessors, and what we are still building, see our Security page.

If we discover a personal data breach affecting you, we will notify you in accordance with applicable law, including the GDPR 72-hour notification requirement where it applies.

10. Children's Privacy

PactAlert is a B2B service and is not intended for individuals under 18. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, please contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email to active customers or prominently on this page. The "Last updated" date at the top reflects the most recent version. Continued use of PactAlert after changes constitutes acceptance of the updated policy.

12. Contact

For privacy questions, data-subject requests, or to request our DPA, contact us at [email protected].

Data controller: RubiDev OÜ, Vesivärava tn 50-201, Tallinn 10152, Estonia (registry code 16935750).