1. Introduction

Fusial, LLC. (“Fusial,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your information when you access or use our AI-powered contract review platform, website, and related services (collectively, the “Service”).

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service. This Privacy Policy is incorporated into and subject to our Terms of Service.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: When you create an account, we collect your name, email address, company name, job title, and password.
• Billing Information: Payment card details, billing address, and tax identification numbers are collected by our third-party payment processor. We do not store full payment card numbers on our servers.
• Contract Documents (“Your Content”): The redlined contracts, legal documents, and related files you upload to the Service for AI analysis.
• User Inputs: Manual instructions, counter-proposal text, annotations, comments, and preferences you provide when interacting with AI-generated analyses.
• Team and Collaboration Data: Information about team members you invite, including their names and email addresses, role assignments, and workspace configurations.
• Communications: Information you provide when you contact our support team, submit feedback, or respond to surveys.

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, contracts reviewed, actions taken (accept, reject, counter-propose), export activity, session duration, and clickstream data.
• Device and Browser Information: IP address, browser type and version, operating system, device identifiers, screen resolution, and language preferences.
• Log Data: Server logs recording access times, referring URLs, error logs, and API call metadata.
• Cookies and Similar Technologies: We use cookies, web beacons, pixels, and local storage to maintain sessions, remember preferences, and analyze usage. See Section 8 for details.

2.3 Information from Third Parties

• Single Sign-On Providers: If you authenticate via a third-party identity provider (e.g., Google Workspace, Microsoft Entra ID, Okta), we receive your name, email address, and profile photo as authorized by your SSO configuration.
• Integration Partners: If you connect third-party tools (e.g., document management systems, cloud storage), we may receive metadata about files you choose to import.
• Business Contact Data: We may receive professional contact information from data enrichment providers to support sales and marketing activities, in compliance with applicable law.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery and Operation

• Processing and analyzing your uploaded contracts using our AI models to generate summaries, risk assessments, counter-proposals, rejection rationale, and market-standard comparisons.
• Enabling you to accept, reject, or counter-propose redlined changes and export finalized documents.
• Facilitating team collaboration, user invitations, and workspace management.
• Processing payments, managing subscriptions, and enforcing contract review limits under your plan.

3.2 Service Improvement

• Analyzing aggregated, de-identified usage patterns to improve the accuracy, reliability, and performance of our AI models and platform features.
• Conducting internal research and development to build new features and enhance existing ones.
• Monitoring system performance, diagnosing technical issues, and maintaining infrastructure stability.

3.3 Communications

• Sending transactional emails related to your account, billing, subscription changes, and security alerts.
• Providing product updates, feature announcements, and educational content related to the Service.
• Sending marketing communications where you have opted in or where permitted by applicable law. You may opt out at any time.

3.4 Security and Compliance

• Detecting, preventing, and responding to fraud, abuse, security incidents, and technical vulnerabilities.
• Enforcing our Terms of Service and Acceptable Use Policy.
• Complying with applicable legal obligations, regulatory requirements, legal processes, and government requests.

4. AI Processing and Your Content

4.1 How AI Processes Your Documents

When you upload a contract, our AI models analyze the document text to identify redlined changes, assess their legal and business implications, generate opinionated summaries, and produce counter-proposals or rejection rationale as requested. This processing occurs on our secured infrastructure and involves transmitting document content to our AI processing systems.

4.2 AI Model Training

We do not use Your Content to train AI models accessible to other customers unless you provide explicit opt-in consent. We may use aggregated, de-identified, and non-reversible statistical data derived from platform usage to improve the general performance of our models. Such aggregated data cannot be used to reconstruct any individual document or identify any customer.

4.3 Third-Party AI Providers

We may use third-party AI infrastructure providers to process Your Content. These providers are bound by data processing agreements that prohibit them from retaining, using, or training on Your Content. A current list of AI subprocessors is available at the bottom of this page.

4.4 Human Review

In limited circumstances, authorized Fusial personnel may access Your Content for the purposes of investigating support requests you initiate, responding to security incidents, or complying with legal obligations. Access is logged, limited to the minimum necessary, and subject to strict confidentiality obligations.

5. How We Share Your Information

We do not sell your personal information or Your Content. We share information only in the following circumstances:

5.1 Service Providers and Subprocessors

We engage trusted third-party companies to perform services on our behalf, including cloud hosting, payment processing, AI infrastructure, analytics, email delivery, and customer support tools. These providers are contractually obligated to process your data only as necessary to provide their services to us and in accordance with this Privacy Policy.

5.2 Within Your Organization

If you are part of a team or organization workspace, your account information, activity within shared workspaces, and documents within shared projects may be visible to your organization’s administrators and other authorized Team Members, as configured by your Admin.

5.3 Legal Requirements

We may disclose your information if required to do so by law, subpoena, court order, or governmental regulation, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, the safety of others, investigate fraud, or respond to a government request.

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service of any change in ownership or use of your information, as well as any choices you may have.

5.5 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

6. Data Retention

6.1 Your Content

Uploaded contracts and AI-generated outputs are retained for the duration of your active subscription. Following account termination or cancellation, Your Content is retained for thirty (30) days to allow for data export, after which it is permanently deleted from our active systems within sixty (60) days. Backup copies may persist in encrypted backups for up to ninety (90) additional days before automatic purging.

6.2 Account Information

We retain your account information for as long as your account is active and for a reasonable period thereafter to fulfill legitimate business purposes, comply with legal obligations, resolve disputes, and enforce our agreements.

6.3 Usage and Log Data

Usage analytics and log data are retained in identifiable form for up to twenty-four (24) months, after which they are aggregated or deleted.

6.4 Early Deletion

You may request deletion of specific documents at any time through the Service interface or by contacting privacy@fusial.com. Account-level deletion requests are addressed in Section 7.

7. Your Rights and Choices

Depending on your location and applicable law, you may have some or all of the following rights regarding your personal information:

7.1 Access and Portability

You may request a copy of the personal information we hold about you in a structured, commonly used, and machine-readable format. You can export Your Content at any time through the Service’s built-in export functionality.

7.2 Correction

You may update or correct your account information at any time through your account settings. For other corrections, contact privacy@fusial.com.

7.3 Deletion

You may request deletion of your personal information and account. We will comply with verified requests subject to applicable legal retention obligations. Certain information may be retained as necessary for legitimate business purposes or legal compliance.

7.4 Restriction and Objection

Where applicable law provides, you may request that we restrict processing of your personal information or object to processing based on our legitimate interests.

7.5 Withdrawal of Consent

Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of processing conducted prior to withdrawal.

7.6 Marketing Opt-Out

You may opt out of marketing communications at any time by clicking the “unsubscribe” link in any marketing email or by updating your communication preferences in your account settings. Opting out of marketing does not affect transactional or service-related communications.

7.7 Exercising Your Rights

To exercise any of these rights, contact us at privacy@fusial.com. We will respond to verified requests within thirty (30) days or as required by applicable law. We will not discriminate against you for exercising your privacy rights.

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

• Strictly Necessary Cookies: Required for the Service to function, including authentication, session management, and security. These cannot be disabled.
• Functional Cookies: Remember your preferences, language settings, and workspace configurations to provide a personalized experience.
• Analytics Cookies: Help us understand how users interact with the Service so we can improve features, performance, and user experience. We use privacy-focused analytics tools that minimize personal data collection.
• Marketing Cookies: Used to deliver relevant advertisements and measure campaign effectiveness. These are only set with your consent where required by law.

8.2 Your Cookie Choices

You can manage your cookie preferences through our cookie consent banner displayed on your first visit, or at any time via the “Cookie Settings” link in the Service footer. You may also configure your browser to block or delete cookies, though this may impair certain features of the Service.

8.3 Do Not Track

The Service currently does not respond to “Do Not Track” browser signals. We will update this policy if we adopt a DNT standard in the future.

9. Data Security

We implement and maintain commercially reasonable administrative, technical, and organizational security measures designed to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS 1.2 or higher and at rest using AES-256 encryption.
• Logical isolation of customer data within our multi-tenant architecture.
• Role-based access controls and the principle of least privilege for all internal systems access.
• Regular third-party security audits, penetration testing, and vulnerability assessments.
• SOC 2 Type II compliance (report available upon request under NDA for Enterprise customers).
• Incident response procedures with defined notification timelines.

While we strive to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security and encourage you to take steps to protect your account credentials.

10. International Data Transfers

Fusial is based in the United States. Your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction.

Where we transfer personal data outside of the European Economic Area (“EEA”), United Kingdom, or Switzerland, we rely on appropriate legal mechanisms to ensure adequate protection, including Standard Contractual Clauses approved by the European Commission, the UK Addendum to Standard Contractual Clauses, or other transfer mechanisms recognized under applicable law.

Enterprise customers may request execution of Data Processing Agreements incorporating Standard Contractual Clauses. Contact legal@fusial.com for details.

11. Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area or the United Kingdom, our legal bases for processing your personal information are as follows:

• Performance of a Contract: Processing necessary to provide the Service under our Terms of Service, including analyzing your uploaded contracts, managing your account, processing payments, and facilitating team collaboration.
• Legitimate Interests: Processing necessary for our legitimate interests, including improving the Service, ensuring security, preventing fraud, and conducting analytics, provided such interests are not overridden by your data protection rights.
• Consent: Processing based on your freely given, specific, informed consent, such as marketing communications and optional AI model training using Your Content.
• Legal Obligation: Processing necessary to comply with applicable laws, regulations, or legal proceedings.

12. U.S. State Privacy Rights

12.1 California Residents (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect, the purposes for which it is used, and whether it is sold or shared. We do not sell personal information as defined under the California Consumer Privacy Act. You have the right to request access, deletion, and correction of your personal information, and to opt out of the sharing of personal information for cross-context behavioral advertising. You may designate an authorized agent to make requests on your behalf.

12.2 Other U.S. State Laws

Residents of Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, and other states with applicable privacy legislation may have similar rights under their respective laws, including rights of access, deletion, correction, portability, and the right to opt out of targeted advertising, sale of personal data, and profiling. To exercise these rights, contact privacy@fusial.com.

12.3 Appeals

If we decline a privacy request, you may appeal the decision by contacting us at privacy@fusial.com with the subject line “Privacy Appeal.” We will respond within the timeframe required by applicable law.

13. Children’s Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information promptly. If you believe we have inadvertently collected such information, please contact us at privacy@fusial.com.

14. Third-Party Links and Integrations

The Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to the practices of third parties we do not own or control. We encourage you to review the privacy policies of any third-party services you access through the Service. We are not responsible for the privacy practices of third parties.

15. Data Breach Notification

In the event of a security breach that results in unauthorized access to your personal information, we will notify affected users and relevant regulatory authorities as required by applicable law. For breaches affecting Your Content, we will notify the account owner or designated Admin within seventy-two (72) hours of becoming aware of the breach, providing details of the nature of the breach, the data affected, steps taken to address it, and recommended actions you should take.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will provide at least thirty (30) days’ prior notice via email to the address associated with your account and through a prominent notice within the Service. The “Effective Date” at the top of this policy indicates when it was last revised. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

For EEA/UK data protection inquiries, you may also contact our Data Protection Officer at dpo@fusial.com. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.