Security & Data Protection

Your contracts are sensitive. We treat them that way.

ContractsMind processes legal documents that may contain personal, financial and commercial data. This page explains, in plain language, exactly how that data is protected, stored, and deleted — and how you stay in control.

In short: files are encrypted with AES-256-GCM, stored in Cloudflare R2 (EU-oriented) with optional SSE-C, retained for a maximum of 20 days, scanned for malware before analysis, and deletable by you at any time under GDPR Article 17.

1. Encryption

All uploaded files are encrypted at rest using AES-256-GCM — the same authenticated-encryption standard used to protect classified information. Encryption is applied the moment a file lands in storage; the object is never written to disk in plaintext.

For sensitive files, ContractsMind supports SSE-C (Server-Side Encryption with Customer-Provided Keys). With SSE-C, the encryption key is supplied with each request and Cloudflare does not persist it — meaning we, and our storage provider, cannot decrypt your file without the key you provide.

At rest: AES-256-GCM (default), SSE-C (sensitive files)
In transit: TLS 1.2+ end-to-end (browser → API → storage)
Keys: managed / customer-provided; never stored alongside the data they protect

2. Storage & retention

Files are stored exclusively in Cloudflare R2 within an EU-oriented setup. They are never copied to the application server's local disk. Access to a file is only possible through a short-lived signed URL (TTL 1 hour), issued to the file's owner.

Retention period: 20 days maximum. After 20 days, files are permanently and automatically deleted. This short window exists only so you can review your report and export a PDF — it is not used for model training or any other purpose.

Your control: you are never dependent on the 20-day clock. You can delete any individual document instantly, or delete all of your documents and data at once, from the dashboard.

3. File intake & malware scanning

Before a file reaches the AI pipeline, ContractsMind performs several checks:

Allowlist of formats — only PDF, DOCX, DOC, JPG, PNG, TIFF are accepted
Real type verification — files are inspected by MIME type / magic bytes, not just the extension, so a renamed executable is rejected
Size cap — maximum 20 MB per file
Antivirus scan — every upload is scanned for malware before AI processing; infected files are quarantined and never analyzed

4. Access control

Every API endpoint requires a valid Bearer JWT; refresh tokens live in an httpOnly cookie
Files are accessible only to their owner — no cross-user access, ever
CORS is locked to contractsmind.com
Rate limiting on authentication (5 attempts / 15 min / IP) and on analysis (10/hour for free tier)
SQL-injection mitigated via ORM parameterized queries; XSS/CSRF mitigated via strict CSP headers

5. Audit logging (without storing document content)

ContractsMind keeps an audit log of security-relevant events (logins, uploads, deletions, analysis runs). Critically, audit logs never contain the contents of your documents — only metadata such as file name, timestamp, and action. This lets us investigate incidents without building a secondary copy of your data.

6. Your GDPR rights — deletion is one click away

We implement data protection by design and by default (Art. 25), and we make your rights under the GDPR easy to exercise:

“Delete my documents” button on every file — instant, irreversible removal of that document (Art. 17)
“Delete my account & data” button in your profile — removes your account, documents, and personal data (Art. 17)
Access & portability — request a copy of your data at any time (Art. 15 / 20)
Consent journal — we record when and what you consented to (Art. 7)
Data requests: [email protected] — answered within 30 days (Art. 12)

7. Internal compliance folder

Because ContractsMind processes potentially sensitive scans, we maintain an internal compliance program (not all of it is public, but the structure is):

DPIA (Data Protection Impact Assessment) — required internal document for this type of processing
DPA with Cloudflare R2 as a sub-processor — the contractual basis for transfers
Sub-processor list — maintained and updated; see below
Breach response procedure — detection, containment, notification within 72 hours of becoming aware (Art. 33)
Retention policy — 20 days for files; minimal logs retained only as long as needed

8. Sub-processors

The following third parties process data on our behalf. We list them for transparency, as required for GDPR compliance:

Cloudflare (R2) — encrypted file storage (EU-oriented); covered by a DPA
Paddle — payment processing (Merchant of Record); processes payment data, not document content
Victoriabank MD — local payment acquiring for Moldovan customers
AI model providers — process document text transiently for analysis under DPAs; outputs are not retained for training your data
SendGrid — transactional email delivery

We will notify users of any new sub-processor before it begins processing data.

9. Breach response

In the event of a personal data breach, ContractsMind follows a documented response procedure: immediate containment and assessment, followed by notification of the supervisory authority within 72 hours of becoming aware (Art. 33), and communication to affected users where the breach is likely to result in a high risk to their rights (Art. 34).

Have a security question or want to report a vulnerability? Email [email protected]. For data-protection requests, contact our DPO at [email protected].

Last updated: June 2026 · This overview is informational and complements our Privacy Policy and Terms of Service.