Security & Privacy

Honest information about security measures in this personal project.

Important Notice

ContractGuards is a personal project built by one developer. While I implement reasonable security measures, this is not an enterprise-grade security infrastructure. Please consider this when uploading sensitive documents.

✅ What I Do Provide

File Handling
Responsible file processing practices
  • • Files processed in memory only
  • • No permanent file storage
  • • Automatic cleanup after processing
  • • Files never saved to disk
Basic Security
Standard web security practices
  • • HTTPS encryption (TLS)
  • • Password hashing (bcrypt)
  • • Email verification required
  • • Session-based authentication
Privacy Practices
Minimal data collection approach
  • • Only collect necessary data
  • • No tracking or analytics
  • • No data selling or sharing
  • • Contract content not stored
Hosting
Vercel hosting infrastructure
  • • Hosted on Vercel platform
  • • PostgreSQL database
  • • Basic DDoS protection
  • • Automatic HTTPS

❌ What I Don't Have

Enterprise Security

  • • No dedicated security team
  • • No security audits or penetration testing
  • • No SOC 2 or ISO 27001 compliance
  • • No multi-factor authentication

Infrastructure

  • • No dedicated infrastructure team
  • • No 24/7 monitoring
  • • No incident response team
  • • No employee training (it's just me!)

Compliance

  • • No GDPR compliance infrastructure
  • • No formal data processing agreements
  • • No compliance reporting
  • • No legal team

Support

  • • No 24/7 support
  • • No SLA guarantees
  • • No backup support team
  • • Limited availability

💡 My Recommendations

For sensitive contracts: Consider using this tool for initial analysis only, then consult with a qualified attorney for important decisions.

For highly confidential documents: You may want to use enterprise-grade contract analysis tools with formal security certifications.

For general use: This tool is great for understanding everyday contracts like rental agreements, service contracts, or terms of service.

Data sensitivity: While I don't store your contract content, be mindful that any data you upload is processed by OpenAI's API.

Questions About Security?

I'm happy to answer any questions about how your data is handled.

Contact me through the contact form