NEXTSUITEby ContractPlan Inc.

Privacy Policy

Effective: October 25, 2025

This Privacy Policy explains how ContractPlan collects, uses, and discloses information about you.

1. Scope

Applies to websites, apps, and related Services where this policy is posted.

2. Information We Collect

Account & Contact: name, email, organization, role, billing details.

Usage & Device: log data, IP, device/browser, pages viewed, actions taken.

Customer Content: data you upload or enter into the Services.

Integrations: data from authorized integrations (e.g., Salesforce, Stripe).

Cookies & Similar Tech: see Cookie Policy.

3. How We Use Information

  • Provide and maintain the Services, including AI features you enable.
  • Secure, troubleshoot, and improve the Services, including analytics and research.
  • Communicate with you (service notices, product updates, marketing—opt-out available).
  • Comply with legal obligations.

4. Legal Bases (EEA/UK)

We process personal data under legitimate interests, contract necessity, consent (where applicable), and legal obligations.

5. Sharing

  • Vendors & Subprocessors (hosting, auth, analytics, payments);
  • Partners/Integrations you authorize;
  • Law & Safety compliance;
  • Corporate Transactions (merger, acquisition).

See our Subprocessor List.

6. International Transfers

We use global infrastructure. Where required, we rely on adequacy decisions, Standard Contractual Clauses (SCCs), or other safeguards.

7. Data Retention

We retain personal data as needed to provide Services, comply with law, resolve disputes, and enforce agreements.

8. Your Rights

Depending on location, you may have rights to access, correct, delete, restrict, port, or object to processing.

To exercise rights: contact privacy@contractplan.com

Third-Party Processors

  • Clerk - Authentication and user management
  • Stripe - Payment processing
  • AWS S3 - File storage (encrypted at rest with AES-256)
  • Neon/PostgreSQL - Database hosting
  • Sentry - Error tracking and monitoring
  • PostHog - Product analytics
  • Vercel - Application hosting
  • Upstash Redis - Rate limiting and caching

9. Security

We implement appropriate technical and organizational measures to protect your data:

  • Files stored on AWS S3 with server-side encryption (AES-256)
  • Database connections encrypted with SSL/TLS
  • HTTPS/TLS for all data in transit
  • Content Security Policy (CSP) headers to prevent XSS
  • Multi-tenant data isolation at database level
  • Rate limiting to prevent abuse
  • Regular security audits and monitoring via Sentry

10. Contact

For privacy questions or to exercise your rights:
Email: privacy@contractplan.com