Summary — Please read the full policy below
- We store your email, every question you ask, and every answer you receive.
- Your questions are processed by Anthropic (Claude AI) and OpenAI (search embeddings only).
- We do not sell, rent, or share your personal data with anyone outside our processors.
- The admin can view all questions and answers for quality review — this is how we find wrong answers.
- You can request data export or deletion by emailing us. We process within 30 days.
- When you delete your account, your personal data is removed or anonymized.
- Pilots: your questions are stored and could theoretically be subject to legal discovery.
What We Collect
Account data
- Email address (required for login)
- Display name (optional)
- Password (hashed with PBKDF2-SHA256 — we never store or see your plain-text password)
Usage data
- Every question you ask (full text, stored with your email)
- Every answer generated for you (full text)
- Thumbs up/down ratings and feedback comments you provide
- Timestamps of all activity
- Which AI model processed your query and how many tokens were used
- Which contract you searched
What we do NOT collect
- IP addresses
- Device or browser information
- Location data
- Payment information (no payments during beta)
- Tracking cookies (we use sessionStorage for login state only)
Why We Collect It
- To provide the service — we can't answer your question without receiving it.
- To improve answer quality — admin reviews answers and feedback to catch errors.
- To track API costs — AI models charge per token and we need to monitor spend.
- To detect and fix wrong answers — your feedback helps us find problems.
Third-Party Processors
We use the following service providers to operate AskTheContract. Each receives only the data necessary for its role:
- Anthropic — receives your question plus contract sections to generate answers. Subject to Anthropic's privacy policy.
- OpenAI — receives your question to create search embeddings (vector representations for finding relevant contract sections). No answers are generated by OpenAI. Subject to OpenAI's privacy policy.
- Turso — cloud database (LibSQL) that stores all user data. Hosted in the US.
- Railway — cloud hosting platform running the application. Hosted in the US.
- Resend — sends transactional email only (invites, password resets). Receives your email address.
We do not sell, rent, or share your personal data with any other third parties.
Future payment processor. When we add paid plans, your payment information will be processed by a third-party payment processor. We will not store your full credit card number.
Admin Access
The service owner (sole admin) can view all user questions, answers, and feedback for quality review purposes. This is necessary to find and fix wrong answers, which is the core safety function of the tool. We currently support multiple airline contracts and may have contract-specific admins in the future.
Data Retention
While your account is active, your data is retained indefinitely to provide the service and improve answer quality.
If you delete your account:
- Your login credentials are deleted.
- Your question and answer history is deleted.
- Your subscription and invite records are deleted.
- API usage records are anonymized — your email is removed but aggregate cost data is retained for operational purposes.
Anonymous aggregate data (e.g., total queries per day, model usage statistics, anonymized ratings) is retained indefinitely and is not affected by account deletion.
Business Transfers
If AskTheContract is acquired, merged, or sells substantially all its assets, your data may be transferred as part of that transaction. We will notify users of any such change via email or prominent notice in the app.
Your Rights
You have the right to:
- Request a copy of your data — email us and we'll export it for you.
- Request deletion of your data — email us and we'll delete or anonymize your account. Processed within 30 days.
- Stop using the service at any time.
Data requests: dpakermaker@gmail.com.
Note: We cannot delete data that has already been sent to third-party AI providers (Anthropic, OpenAI) as part of processing your queries. Those are subject to their respective retention policies.
Security
- Passwords are hashed with PBKDF2-SHA256 with unique salts.
- All connections use HTTPS.
- Admin access is protected by a separate authentication system.
- We don't store payment information.
No system is 100% secure. We take reasonable precautions but cannot guarantee absolute security.
Data and Law Enforcement
If compelled by valid legal process (subpoena, court order, or other lawful request), we may be required to disclose user data. We will comply with applicable law.
Important note for pilots: Your questions and answers — including questions about grievances, pay disputes, scheduling conflicts, fatigue, sick calls, and contract interpretations — are stored in our database. This data could theoretically be subject to legal discovery, subpoena, or other compelled disclosure in connection with employment disputes, arbitrations, or litigation. Consider this when deciding what to ask.
Children
This service is not intended for anyone under 18. We do not knowingly collect data from children.
Changes to This Policy
We may update this policy at any time. The "Last updated" date at the top of this page reflects the most recent changes. Continued use of the service after changes constitutes acceptance.