Legal

Privacy Policy

Last updated: April 13, 2026

This Privacy Policy describes how AGX Group LLC ("Pactful.AI," "we," "us," or "our") collects, uses, and shares information in connection with your use of the Pactful.AI platform, website at www.pactful.ai, and related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

  • Account Information: When you create an account, we collect your name, email address, and password. If you sign up via Google OAuth, we receive your name and email from Google.
  • Profile Information: Company name, profile photo, timezone, and language preference.
  • Contract Data: Documents you upload or create, contract terms, signer information, field values, and signatures (drawn, typed, or uploaded).
  • Invoice Data: Business profiles, client information, invoice details, and logos you upload.
  • Dispute Data: Dispute descriptions, evidence files, transaction details, and AI-generated response drafts.
  • Payment Information: When you subscribe to a paid plan, payment is processed by Stripe. We do not store your full credit card number — Stripe handles this securely. We store your Stripe customer ID and subscription status.
  • Communications: If you contact us, we may collect the content of your messages.

1.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, timestamps, and referring URLs.
  • Device Information: Browser type, operating system, screen resolution, and device type.
  • IP Address: Collected for security, fraud prevention, and approximate geolocation (country/region level).
  • Cookies: We use cookies to maintain your session, remember your language preference, and improve the Service. See Section 7 for details.

1.3 Information from Third Parties

  • Google OAuth: If you sign in with Google, we receive your name, email, and profile picture from Google.
  • Cloud Storage Providers: If you connect Google Drive, Dropbox, or Box, we access files you explicitly select for import. We do not browse or index your entire cloud storage.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Create and manage your account
  • Process and store your contracts, invoices, and dispute data
  • Generate AI-powered dispute response drafts using the information you provide
  • Send transactional emails (contract signing requests, password resets, payment receipts)
  • Process payments and manage subscriptions via Stripe
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations
  • Respond to your requests and support inquiries

3. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

  • Contract Signers: When you send a contract for signature, the recipient receives access to the contract document and can see the fields assigned to them.
  • Service Providers: We use third-party services to operate the platform:
    • Supabase — Database hosting and authentication
    • Vercel — Application hosting
    • Stripe — Payment processing
    • Resend — Transactional email delivery
    • Anthropic (Claude AI) — AI-powered dispute response generation (we send only the dispute context you provide, not your entire account data)
    • Sentry — Error monitoring and performance tracking (collects technical error data only, no personal content)
  • Legal Requirements: We may disclose information if required by law, subpoena, court order, or government request.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
  • With Your Consent: We may share information for any other purpose with your explicit consent.

4. Data Storage and Security

Your data is stored on servers provided by Supabase (hosted on AWS infrastructure). We implement industry-standard security measures including:

  • Encryption in transit (TLS/SSL) for all data transmitted to and from the Service
  • Encryption at rest for stored data
  • Row-level security policies on our database
  • Secure authentication with password hashing and optional two-factor authentication (TOTP)
  • Signed URLs with expiration for document access

While we take reasonable measures to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

  • Account Data: Retained as long as your account is active. You may request deletion at any time.
  • Contracts and Documents: Retained as long as your account is active or as needed for legal compliance. Soft-deleted items are permanently removed after 30 days in trash.
  • Invoices: Retained as long as your account is active.
  • Payment Records: Retained as required by tax and financial regulations.
  • Usage Logs: Retained for up to 90 days for security and debugging purposes.

6. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data and account.
  • Portability: Request your data in a machine-readable format.
  • Objection: Object to processing of your data for certain purposes.
  • Withdrawal of Consent: Withdraw consent for processing where consent is the legal basis.

To exercise any of these rights, contact us at support@pactful.ai.

7. Cookies

We use the following cookies:

  • NEXT_LOCALE: Stores your language preference. Essential for the Service to function in your preferred language. Expires after 1 year.
  • Supabase Auth Cookies: Maintain your authentication session. Essential for staying logged in. Expire when your session ends or after the configured session duration.

We do not use advertising or tracking cookies. We do not use Google Analytics or similar third-party analytics services.

8. Children's Privacy

The Service is not intended for children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

9. International Data Transfers

The Service is operated from the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer.

10. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose
  • Request deletion of your personal information
  • Opt out of the sale of personal information (we do not sell your data)
  • Not be discriminated against for exercising your rights

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, contact us at:

AGX Group LLC
Email: support@pactful.ai
Website: www.pactful.ai

Privacy Policy | Pactful.AI