ContractPilot

Document protection

Uploaded documents are stored in access-controlled storage and encrypted at rest. Contract files are only used to provide the requested review workflow and are not used to train or fine-tune AI models.

Transport and access controls

• TLS is required for browser-to-service traffic.
• Authenticated API routes enforce user-level authorization before returning contract data.
• Operational logs are structured to avoid storing contract text, prompts, model completions, filenames, or secrets.

Deletion and retention

Users can delete uploaded contracts. Permanent deletion removes the contract record and associated stored file, and audit/usage records are minimized where required for erasure workflows.

AI review boundaries

ContractPilot provides risk signals and citations for attorney review. It does not replace professional legal judgment and does not state that a contract is safe to sign.