Stipula logoStipula
Sign inBook a demo

Privacy Policy

Last updated: February 22, 2026

This Privacy Policy describes how Stipula Technologies LLC (“Company”, “we”, “us”, or “our”) collects, uses, and discloses information when you use our website and services (the “Service”), and explains your privacy rights under applicable law.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Interpretation and Definitions

Interpretation

Words with capitalized initial letters have meanings defined below. These definitions apply whether the terms appear in singular or plural form.

Definitions

  • Account means a unique account created to access the Service.
  • Company refers to Stipula Technologies LLC, 1441 South Washington Street, Denver, CO 80210, United States.
  • Cookies are small files placed on your device to store browsing information.
  • Country refers to the United States.
  • Customer Content means contracts or documents uploaded by users for analysis.
  • Derived Data means outputs generated from Customer Content, such as summaries, excerpts, metadata, or analytical results.
  • Device means any device that can access the Service.
  • Personal Data / Personal Information means information that identifies or relates to an identifiable individual.
  • Service refers to the website available at stipula.ai.
  • Service Provider means third parties who process data on our behalf.
  • Usage Data means data collected automatically through use of the Service.
  • You means the individual or entity using the Service.

2. Information We Collect

2.1 Personal Data

We may collect the following Personal Data when you use the Service:

  • Email address
  • First and last name (if provided)
  • Account-related information

2.2 Usage Data

Usage Data is collected automatically and may include:

  • IP address
  • Browser type and version
  • Pages visited, time and date of visits
  • Time spent on pages
  • Device identifiers and diagnostic data

3. Customer Content (Uploaded Contracts)

When you upload contracts or documents to the Service:

  • Customer Content is processed solely to provide the requested analysis
  • We do not verify the legality, accuracy, or completeness of uploaded content
  • The Service is informational only and does not provide legal advice

4. Contract Storage and Data Protection

4.1 Long-Term Storage

Customer Content (including original contract files) is stored securely to enable ongoing product functionality—such as contract history, re-analysis, and deal tracking. Contracts are retained for the duration of your account unless you request deletion.

4.2 Encryption at Rest and in Transit

All stored Customer Content is encrypted using AES-256 encryption at rest. All data transmitted between your device and our servers is protected with TLS 1.2 or higher. These industry-standard controls apply to every contract file and piece of Derived Data we store on your behalf.

4.3 No AI Model Training on Customer Data

We do not use your Customer Content to train, fine-tune, evaluate, or otherwise improve any machine learning or AI model—including our own models and those operated by any third-party AI provider. Your contracts are used solely to deliver the analysis you requested and for no other purpose.

4.4 Derived Data

We may retain Derived Data (such as summaries, excerpts, metadata, or analytical outputs) to support product functionality, user access, auditability, and service improvement. Derived Data is subject to the same encryption and access controls as Customer Content.

5. Cookies and Tracking Technologies

We use Cookies and similar technologies to operate and improve the Service.

Types of Cookies We Use

  • Essential Cookies — required for core functionality
  • Functionality Cookies — remember preferences
  • Analytics Cookies — help us understand usage patterns (where legally permitted)

Where required by law, non-essential cookies are used only with your consent. You may control cookies through your browser settings.

6. How We Use Your Information

We may use Personal Data to:

  • Provide and maintain the Service
  • Manage user accounts
  • Communicate service updates or support responses
  • Improve product functionality and performance
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

7. Payments

If you purchase paid services, payments are processed by third-party payment processors. We do not store or process payment card information directly. Payment data is handled according to the processor’s privacy policies.

8. Sharing of Information

We may share information:

  • With Service Providers assisting with hosting, analytics, or support
  • In connection with business transactions (e.g., merger or acquisition)
  • To comply with legal obligations or lawful requests
  • With your consent

We do not sell Customer Content or Personal Data.

9. Data Retention

We retain Personal Data only as long as necessary for the purposes described in this Privacy Policy, including:

  • Account information: for the duration of the account plus up to 24 months
  • Support communications: up to 24 months
  • Usage data and logs: up to 24 months

We may retain data longer where required by law or to establish, exercise, or defend legal claims.

When retention periods expire, data is deleted, anonymized, or securely archived in backups.

10. Data Security

We implement industry-standard technical and organizational safeguards to protect Personal Data and Customer Content, including:

  • Encryption at rest — AES-256 encryption for all stored data, including contract files and Derived Data
  • Encryption in transit — TLS 1.2+ for all data transmitted between clients and our infrastructure
  • Access controls — role-based permissions and least-privilege access for internal systems
  • No AI training — Customer Content is never used to train or improve any AI model

11. Your Privacy Rights

Depending on your jurisdiction, you may have the right to:

  • Access your Personal Data
  • Correct inaccurate information
  • Request deletion of Personal Data
  • Withdraw consent where applicable

Requests can be made by contacting us (see Section 15).

12. Children’s Privacy

The Service is not intended for individuals under the age of 13. We do not knowingly collect Personal Data from children under 13. If you believe a child has provided us Personal Data, please contact us.

13. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes become effective when posted on this page. We encourage you to review this policy periodically.

15. Contact Us

If you have any questions about this Privacy Policy, you can contact us:

By visiting: /contact