1. What We Collect
When you use BeforeYouAgree, we collect the following:
- Account information: Your email address and a hashed version of your password (we never store your plain-text password).
- Documents and text you submit: URLs, pasted text, or uploaded files you submit for analysis. These are processed to generate your risk report and stored to power your scan history.
- Usage data: Number of scans, risk scores, and monitored URLs associated with your account.
- Technical data: Browser type, IP address (for rate limiting), and session tokens stored in secure, httpOnly cookies.
2. How We Use Your Data
- To generate risk reports for documents you submit.
- To maintain your scan history and monitored URLs.
- To send transactional emails (OTP codes, password resets) — no marketing email without explicit consent.
- To enforce daily usage limits and subscription tier access.
- To improve the accuracy of our clause detection over time using aggregated, anonymized data.
3. Document Data
Documents, text, and URLs you submit are sent to our analysis pipeline (which may use third-party AI providers) solely for the purpose of generating your report. We do not:
- Sell your document content to third parties.
- Use your specific documents to train AI models.
- Share your scan results with other users.
4. Third-Party Services
We use the following third-party services to operate the product:
- Supabase (PostgreSQL): Stores your account data and scan history. Data is hosted on AWS ap-southeast-2 (Sydney).
- Upstash Redis: Rate limiting and usage counters. No personal data is stored long-term.
- Brevo (SMTP): Sends transactional emails only.
- Razorpay: Processes payments. We do not store your card details.
- AI providers: Document text is sent to AI APIs for analysis. These providers process but do not retain your data per their enterprise agreements.
5. Cookies
We use a single httpOnly session cookie (bya_token) to keep you logged in for 7 days. We do not use advertising cookies or third-party tracking pixels.
6. Data Retention
Your scan history is retained as long as your account is active. If you delete your account, all associated data (scans, monitored URLs, profile) is permanently deleted within 30 days. You can request deletion at any time by contacting us.
7. Your Rights
You have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your account and all associated data.
- Export your scan history.
To exercise any of these rights, contact us at privacy@beforeyouagree.in.
8. Security
Passwords are hashed using bcrypt before storage. All connections are encrypted via TLS. Session tokens are stored in httpOnly cookies not accessible to JavaScript. We conduct periodic security reviews.
9. Changes to This Policy
We may update this policy when we add new features. Significant changes will be communicated via email. Continued use of the service after changes constitutes acceptance.