Security & Privacy

Contract Connection is designed with security as a core principle.
This page explains how the system protects sensitive contract data.

Your Data Is NEVER Used for AI Training

  • Your documents are NEVER used to train AI models
  • Your data is NEVER shared with third parties
  • Your queries are NEVER logged for model improvement
  • Analysis results belong to YOU, not us

This applies to all supported AI providers. Contract Connection uses API configurations that explicitly disable training on your data.

Data Protection

Encryption

TLS 1.3 in transit, AES-256 at rest. Your data is encrypted everywhere.

Tenant Isolation

Each user has completely isolated storage. No co-mingling of data.

SOC 2 Type II Design

Architecture designed for SOC 2 Type II compliance standards.

Data Residency

Data stored in US region. Architecture supports configurable regions.

Data Retention

Configurable retention policies. Delete your data anytime.

Audit Logging

Full audit trail of all access and actions on your data.

Access Controls

Role-based access. No employee access without explicit permission.

SSO & SAML

Architecture supports single sign-on integration with identity providers.

How We Handle Your Data in AI Analysis

Contract Connection uses Retrieval-Augmented Generation (RAG) to analyze your contracts. Here's exactly what happens at each step:

1

Document Processing

When you upload a contract:

What Happens
  • Document is chunked into smaller sections
  • Each chunk is converted to a mathematical 'embedding'
  • Embeddings are stored in YOUR isolated database
Security
  • Embeddings are encrypted at rest (AES-256)
  • Each user has isolated storage (no co-mingling)
  • Original text is stored encrypted, never in plain text
2

Query & Retrieval

When you ask a question or run analysis:

What Happens
  • Your question is converted to an embedding
  • We search YOUR documents only (tenant isolation)
  • Relevant sections are retrieved (typically 5-10 chunks)
Security
  • Queries are ephemeral (not stored or logged)
  • Row-level security ensures you only see YOUR data
  • No cross-user data access is possible
3

AI Analysis

Retrieved sections are sent to the AI model:

What Happens
  • Only relevant chunks sent (NOT entire documents)
  • AI generates analysis based on those chunks
  • Response returned to you immediately
Security
  • AI providers configured: NOT used for training
  • Data NOT stored after processing
  • NOT accessible to AI provider employees
  • BYOK option: use your own API keys
  • On-prem option: AI runs locally, nothing leaves network

RAG Security Architecture

Your Documents
Contract PDF/DOCX
Chunk & Embed
Your Vector Database
Encrypted, Isolated
Your Query
"What are payment terms?"
Search YOUR docs only
Retrieved Chunks
5-10 relevant sections
AI Model (LLM)
Processes & discards
No storage No training
Generate response
Analysis Results
Returned to you only
Encrypted At rest & in transit
Isolated No cross-tenant access
Not Retained AI discards after use

Deployment Options

Choose the architecture that fits your security requirements.

Cloud

Default
  • Fastest setup
  • Fully managed
  • Automatic updates
Best for: Quick setup, small-medium teams

BYOK

Your API Keys
  • Your AI accounts
  • Your billing
  • Your data policies
Best for: Organizations with existing AI accounts

On-Premises

Self-Hosted
  • Runs on your network
  • Local LLM option
  • Air-gap compatible
Best for: Maximum security, regulated industries
Compare Deployment Options

Compliance-Ready Architecture

Contract Connection is designed with compliance requirements in mind:

SOC 2 Type II Design
GDPR-Ready
CCPA-Ready
AES-256 Encryption

Frequently Asked Questions

No. Only relevant sections (typically 5-10 small chunks of ~500 words each) are sent based on your query. The AI never sees your full document in a single request.
No. AI providers process your request and immediately discard the data. There is no persistent memory between requests. Each analysis is independent.
No. Each user has completely isolated storage with row-level security. There is no mechanism for cross-tenant data access. Your data is cryptographically separated from other users.
Your data is not stored by AI providers — only processed ephemerally and discarded. Even in a breach, your historical documents would not be exposed because they were never retained. For maximum security, the on-premises deployment option uses local LLMs.
Yes. The system includes audit logging capability showing exactly what document chunks were retrieved and sent for each query, along with timestamps and user information.
Embeddings are mathematical vector representations, not readable text. While not perfectly irreversible, they cannot be trivially converted back to original text. Current research shows embedding inversion is extremely difficult and produces only fragments. For highly sensitive environments, use local embedding models with the on-premises deployment option.
When you delete a document, the system deletes the original file, all extracted text, and all associated embeddings from the vector database. Deletion is permanent and typically completes within 24 hours.
Yes. The on-premises deployment option runs entirely within your network with local LLMs (Llama, Mixtral, etc.). No internet connection is required after initial setup. See the deployment options for more details.
Help
On This Page
Quick Links
Getting Started Guide Legal Glossary FAQ Security & Privacy
Common Terms
Indemnification Pay-When-Paid Liquidated Damages Liability Cap Retainage Force Majeure
Full Help Center