Privacy Policy

Last updated: January 25, 2026

Introduction

At Ivora ("we", "us", "our"), we are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered contract analysis platform.

Data Controller

Ivora is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us at:

  • Company: Ivora
  • Contact: Use our Contact Us form
  • Address: [Your Business Address]

Information We Collect

We collect several types of information from and about users of our platform:

Personal Information

Information you provide directly to us:

  • Account information: name, email address, password (encrypted)
  • Company information: company name, business address, VAT number
  • Payment information: processed securely through Stripe (we do not store card details)
  • Communication data: emails, support tickets, feedback you send us

Contract Data

Documents you upload for analysis:

  • Contract files (PDF, DOCX) you upload for AI analysis
  • Analysis results, summaries, and extracted data
  • Custom playbooks and policy rules you create
  • Redline suggestions and your edits

Automatically Collected Information

Information collected automatically when you use our platform:

  • Device information: browser type, operating system, device identifiers
  • Log data: IP address, access times, pages viewed, referring URL
  • Usage data: features used, actions taken, time spent on platform
  • Cookies and similar technologies (see Cookie Policy below)

Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our services to you
  • Legitimate Interests: Analytics, security, fraud prevention, product improvement
  • Consent: Marketing communications (you can withdraw consent anytime)
  • Legal Obligation: Tax records, compliance with legal requirements

How We Use Your Information

We use the information we collect for the following purposes:

  • Provide, maintain, and improve our AI contract analysis services
  • Process your contracts using our AI models and return analysis results
  • Process payments and manage your subscription
  • Send transactional emails (receipts, account updates, security alerts)
  • Respond to your support requests and questions
  • Analyze usage patterns to improve our product and user experience
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations and enforce our terms

AI Processing & Zero Data Retention

When you upload contracts for analysis, your documents are processed by our AI system. Important information about how we handle your contract data:

  • Your contracts are processed in real-time and are NOT used to train AI models
  • We use third-party AI providers (e.g., Groq) with Zero Data Retention agreements
  • Contract content is transmitted securely (TLS 1.3) and encrypted at rest (AES-256)
  • Analysis results are stored in your account until you delete them
  • You can delete your contracts and analysis data at any time

Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

  • Account data: Retained while your account is active, deleted within 30 days of account deletion
  • Contract data: Retained until you delete it, or within 30 days of account deletion
  • Payment records: Retained for 7 years as required by tax laws
  • Log data: Retained for 90 days for security and debugging purposes
  • Analytics data: Aggregated and anonymized, retained indefinitely

Data Sharing & Third Parties

We do not sell your personal data. We share your information only with:

  • AI Providers: Groq (contract analysis) — with Zero Data Retention agreements
  • Payment Processor: Stripe — for secure payment processing
  • Email Service: Resend — for transactional emails
  • Cloud Infrastructure: Secure cloud hosting with encryption
  • Analytics: Privacy-focused analytics for product improvement

All third-party providers are contractually bound to protect your data and process it only on our instructions.

International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. When we transfer data outside the EEA, we ensure appropriate safeguards:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with all third-party providers
  • Encryption of data in transit and at rest

Your Rights

Under GDPR and other privacy laws, you have the following rights regarding your personal data:

  • Right to Access: Request a copy of your personal data we hold
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for marketing
  • Right to Withdraw Consent: Withdraw consent at any time (without affecting prior processing)

To exercise any of these rights, please use our Contact Us form. We will respond within 30 days.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: What personal information we collect, use, disclose, and sell
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: We do NOT sell personal information, so no opt-out is needed
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To submit a CCPA request, use our Contact Us form or use the "Delete Account" feature in your settings.

Cookie Policy

We use cookies and similar technologies to provide and improve our services:

Types of cookies we use:

  • Essential Cookies: Required for the platform to function (authentication, security)
  • Analytics Cookies: Help us understand how users interact with our platform
  • Preference Cookies: Remember your settings and preferences

You can manage cookie preferences through your browser settings. Note that disabling essential cookies may affect platform functionality.

Data Security

We implement robust technical and organizational measures to protect your personal data:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Regular security audits and penetration testing
  • Access controls and authentication (including 2FA)
  • Employee training on data protection
  • Incident response procedures

Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

Complaints

If you have concerns about how we handle your personal data, please contact us first using our Contact Us form. You also have the right to lodge a complaint with your local data protection authority.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us.

Select 'Privacy and Data' category in the Contact Us form

Business tools platform that helps automate routine processes. Contract Analyzer is our first product — more tools coming soon.

Product

Products

Company

AboutContact

Legal

PrivacyTerms

© 2026 Ivora. All rights reserved.