Privacy Policy

Last updated: 24 May 2026.

Plain-language summary: we collect only what's needed to run Contractory for you. We don't sell, rent, or share personal data with advertisers. We don't use your contracts to train third-party AI models. We host in Switzerland or the EU. You can export or delete your data at any time. Cookies are essential-only — we don't run advertising or analytics trackers on this website unless you opt in.

Contents

Who we are
What data we process
Why we process it (purposes & legal bases)
Sub-processors and where data is hosted
AI processing and your contract content
How long we keep data
Who we share data with
International transfers
Your rights
Security
Cookies and tracking
Children
Changes to this policy
Contact and supervisory authorities

1. Who we are

The data controller for personal data processed when you use Contractory is:

DOLANI GmbH
Zurich, Switzerland
privacy@contractory.io · dolani.ch

We process personal data under the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR).

2. What data we process

Account data — name, work email, password hash, role, tenant, language, timezone, login history, and multi-factor-authentication state.

Customer Content — contracts, templates, partner records, comments, attachments, and other material you upload or generate inside the platform. Customer Content typically contains personal data of your counterparties, signatories, employees, or contacts. You are the controller of that personal data; we process it on your behalf as a processor.

Usage and technical data — request logs, IP addresses, browser type, device identifier, audit-log events (who did what and when), session cookies, error reports, and performance metrics. Logs are kept short by default (see Section 6).

Billing data — company name, billing address, VAT number, invoice history, and payment-method tokens stored with our payment processor. We do not store full card numbers.

Support data — emails, attachments, and screenshots you send to support, plus the responses we send back.

3. Why we process it

Purpose	Categories of data	Legal basis (GDPR / FADP)
Operate the Service for you	Account, Customer Content, technical	Performance of contract (Art. 6(1)(b) GDPR)
Bill, invoice, collect	Billing, account	Performance of contract + legal obligation (Art. 6(1)(b)(c) GDPR)
Security, fraud prevention, abuse detection	Technical, audit logs	Legitimate interest in operating a secure service (Art. 6(1)(f) GDPR)
Respond to support requests	Support data, account	Performance of contract / legitimate interest
Send product-update emails about features you use	Account, usage	Legitimate interest (with one-click unsubscribe)
Send marketing email to non-customers who opted in	Email address, opt-in record	Consent (Art. 6(1)(a) GDPR)
Comply with legal obligations (e.g. invoice retention)	Billing, account	Legal obligation (Art. 6(1)(c) GDPR)

4. Sub-processors and where data is hosted

We use the following sub-processors. Each is bound by a written data-processing agreement that prohibits using your data for their own purposes. We update this list before adding a new sub-processor.

Provider	Purpose	Region
Hetzner Online GmbH	Application hosting and managed PostgreSQL	Germany / Finland (EU)
OpenAI Ireland Ltd.	AI extraction and rewriting (enterprise terms; no training on your data)	EU / United States
Anthropic PBC	AI extraction and rewriting (enterprise terms; no training on your data)	United States
Google Cloud (Vertex AI — Gemini)	AI extraction and rewriting (enterprise terms; no training on your data)	EU / United States
Stripe Payments Europe Ltd.	Subscription billing and payment processing	Ireland (EU)
SendGrid (Twilio)	Transactional + invitation emails	EU / United States
Cloudflare	DDoS protection, edge TLS, CDN for marketing assets	Global edge; metadata only

5. AI processing and your contract content

Contractory uses large-language models to extract data from uploaded contracts, draft new contract sections, rewrite text on request, classify content, and check semantic alignment in bilingual contracts. We route the minimum amount of content needed for each operation to the provider you selected (or to our default provider). All three current AI sub-processors operate under enterprise data-processing terms that contractually prohibit using customer data to train their foundation models.

We log enough metadata about each AI call (provider, model, input/output token counts, timestamp, user, contract id) to bill correctly and to give you full provenance on AI-generated content. We do not retain the AI prompt or response payloads beyond what is shown in the contract section itself.

AI output can be wrong. Sections produced or modified by AI are tracked and labelled inside the platform so reviewers can see what was AI-generated and choose to accept, edit, or reject the change.

6. How long we keep data

Active account data — for as long as your subscription is active.
Customer Content — for as long as your subscription is active. After termination we make Customer Content available for export for at least 30 days, then delete it from active systems. Backups containing Customer Content age out under our standard 90-day backup retention.
Invoices and billing records — 10 years (Swiss statutory retention).
Application logs — 30 days by default; security-relevant audit logs up to 1 year.
Marketing-consent records — kept until you unsubscribe, plus a minimal suppression record after that so we don't email you again by accident.

We share personal data only with the sub-processors listed in Section 4, with public authorities when legally required (and, where legally permitted, only after notifying you), and with professional advisors under a duty of confidentiality (e.g. auditors, lawyers). We do not sell or rent personal data, and we do not share personal data with advertisers.

8. International transfers

Where personal data leaves Switzerland or the European Economic Area (for example to a US-based AI provider), we rely on the European Commission's Standard Contractual Clauses with the Swiss addendum from the FDPIC, the EU-US Data Privacy Framework where the recipient is certified, or another mechanism permitted by the FADP / GDPR. We assess each transfer to confirm it provides an adequate level of protection.

9. Your rights

Under the FADP and the GDPR you have the right to:

access the personal data we hold about you;
correct inaccurate or out-of-date personal data;
delete personal data, subject to retention obligations;
restrict or object to certain processing;
receive your personal data in a structured, machine-readable format (portability);
withdraw consent where processing is based on consent (this does not affect prior processing);
lodge a complaint with a data-protection authority (see Section 14).

To exercise any of these rights, email privacy@contractory.io. Where you are using the Service as an employee or contractor of a Contractory customer, please direct rights requests to your employer in the first instance — they are the controller of the personal data in their tenant; we will assist them.

10. Security

We protect personal data with technical and organisational measures appropriate to the risk, including:

TLS 1.2+ encryption for data in transit;
encryption at rest for the managed database and all object storage;
strict tenant isolation enforced at the application and database layer;
role-based access control with audit logging of admin actions;
optional multi-factor authentication for all users and mandatory MFA for admins;
short-lived production access tokens for engineers;
regular dependency updates and vulnerability scanning;
incident response procedures with breach notification to affected customers within 72 hours of confirmation, as required by GDPR Art. 33.

11. Cookies and tracking

On contractory.io (the marketing site) we use only essential cookies needed to remember your language preference and to provide cross-site request forgery protection on the signup form. We do not run advertising, retargeting, or third-party analytics on the marketing site.

On the application (your tenant subdomain under contractory.io) we use:

two HttpOnly + Secure session cookies (cty_at, cty_rt) carrying your authentication tokens — required for the Service to work;
a small amount of localStorage for your UI preferences (selected filters, pagination size, drafts panel state) — local to your browser only.

We do not use cookies for advertising or for cross-site tracking. We do not load third-party tracking scripts in the application.

12. Children

Contractory is a B2B tool aimed at business users. It is not directed at children, and we do not knowingly collect personal data from anyone under the age of 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. If a change is material we will notify Authorized Users by email at least 30 days before it takes effect. Older versions are available on request.

14. Contact and supervisory authorities

Privacy questions or requests: privacy@contractory.io.

Postal address:

DOLANI GmbH
Zurich, Switzerland

You also have the right to lodge a complaint with a data-protection authority:

Switzerland — Federal Data Protection and Information Commissioner (FDPIC), www.edoeb.admin.ch.
EU/EEA — the data-protection authority of your member state of residence, place of work, or place of the alleged infringement.