Get Started
Privacy

Privacy policy

Last updated: April 11, 2026

Controller

The controller responsible for data processing on this website and in the ContractMate app is ContractMate, Bremer Strasse 90, 21073 Hamburg, Germany. You can contact us by email at info@contractmate.de with any privacy questions.

1. Information We Collect

We collect several types of information to provide and improve our service:

1.1 Account Data

When you create an account, we collect:

  • First name and last name
  • Email address
  • Password (stored as a secure hash, never in plain text)
  • Selected subscription plan and billing cycle

1.2 Document Data

When you upload documents, we collect and store:

  • The PDF file itself (encrypted with your chosen password using AES-256)
  • Document metadata: name, type, provider, start/expiry dates, and reminder dates
  • Extracted text content from the PDF (used for AI chat functionality)

1.3 Subscription & Warranty Data

When you use our tracking features, we store:

  • Subscription details: name, category, billing cycle, price, and renewal dates
  • Warranty details: name, category, purchase date, warranty end date, status, and support contact information
  • Maintenance records: equipment details, service dates, and attached documents

1.4 AI Chat Data

When you use the AI Assistant:

  • Your questions and the extracted text of the selected document are sent to our AI provider to generate responses
  • Chat conversations are not stored on our servers. They exist only in your browser session
  • Your document content and chat conversations are never used to train AI models
  • Our AI provider processes your data solely to generate responses and does not retain it for model training

1.5 Payment Data

Payments are handled by our payment processing provider. We store only:

  • Payment customer and subscription IDs (for linking your account)
  • Invoice status and receipt URLs
  • We never store your credit card number, CVV, or full payment details

1.6 Analytics Data

If you consent to analytics, we use an EU-hosted analytics service to help us understand how ContractMate is used and to improve the product.

  • Pseudonymous route-level usage data, such as which parts of the app are opened
  • Manual product events for key actions, such as uploads, feature completion, and error outcomes
  • An internal user ID, plan tier, and billing cycle after you consent to analytics
  • We do not use session replay, heatmaps, or broad autocapture inside the product
  • Analytics are only activated after you give explicit consent via our cookie banner or Cookie Settings
  • We do not send document titles, provider names, extracted document text, AI prompts, AI responses, support-message content, health data, or exact location data to our analytics service
  • We do not use analytics for advertising or sell analytics data to advertisers

1.7 Cookies

  • Essential cookies: HTTP-only authentication cookie (required for login, no consent needed)
  • Analytics cookies: Set only when you accept analytics. Not used if you reject analytics.
  • Your cookie preference is stored in your browser's local storage

2. How We Use Your Data

We use your data for the following purposes:

  • Service delivery: To store and organize your documents, track subscriptions and warranties, and provide AI-powered document analysis
  • AI chat responses: Your document text and questions are sent to our AI provider solely to generate answers, not for training or any other purpose
  • Account management: To authenticate you, manage your subscription, and process payments through our payment processing provider
  • Notifications: To send renewal reminders, expiry alerts, and service-related communications
  • Service improvement: Pseudonymous route and feature analytics (only with your consent) to improve features and fix issues
  • Security: To detect and prevent unauthorized access, fraud, and technical issues
  • Legal compliance: To comply with applicable laws and regulations

Our main legal bases are:

  • Contract: To provide your account, document management, subscriptions, warranties, maintenance, support, and AI assistance
  • Consent: For optional product analytics
  • Legal obligation: To retain invoices and other records where required by law
  • Legitimate interests: To secure the service, investigate abuse, and maintain reliability

We never sell your personal data to third parties. We do not use your data for advertising or behavioral profiling.

3. Third-Party Services (Sub-processors)

We use the following third-party services to operate ContractMate:

  • Server hosting: All data is stored within the EU
  • AI provider: Processes document text and questions to generate chat responses. Data is not retained for model training
  • Payment processing: Handles payment transactions securely
  • Analytics provider: Processes pseudonymous usage events in the EU. Analytics is only activated with your explicit consent. We do not use session replay in the product.

These providers are contractually obligated to protect your data and process it only on our behalf.

4. Data Hosting & Residency

All ContractMate data is hosted within the European Union. Your documents, account data, and all associated metadata remain within the EU. When you use the AI Assistant, your document text is sent to our AI provider for processing within the EU. It is not retained for model training.

5. Data Security

We take data security seriously. All uploaded documents are encrypted with your chosen password using AES-256 encryption. Data in transit is protected via SSL/TLS. Authentication uses HTTP-only cookies to prevent cross-site scripting attacks. Document passwords are encrypted before storage. We conduct regular security reviews of our infrastructure.

6. Data Retention

We retain your personal data for as long as your account is active. When you delete a document, it is permanently removed from our servers. When you delete your account, all associated data (documents, subscriptions, warranties, and payment records) is permanently deleted. We may retain minimal data as required by law (e.g., invoicing records for tax purposes).

7. Your Data Rights

Under GDPR and applicable EU law, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request that we limit how we process your data
  • Portability: Receive your data in a structured, machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw consent: Withdraw analytics consent at any time via Cookie Settings
  • Complaint: Lodge a complaint with a supervisory authority if you believe your data has been processed unlawfully

To exercise these rights, contact us at info@contractmate.de and we will respond within 30 days. Providing account, billing, and document data is necessary to use the service; if you choose not to provide that data, we may not be able to create or maintain your account.

8. Children's Privacy

ContractMate is not intended for anyone under the age of 18. We do not knowingly collect personal data from minors. If you are a parent or guardian and believe your child has provided us with personal data, please contact us.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy on this page and updating the "Last updated" date. For material changes, we may also notify you via email.

10. Contact

If you have any questions about this Privacy Policy, please contact us at info@contractmate.de

We value your privacy We use cookies to improve your experience and analyze site usage. Read our Privacy Policy for details.