Privacy Policy

Overview

FinePrint ("we", "us", or "our") operates the website at fineprint.dev and the FinePrint browser extension. This Privacy Policy explains what information we collect, how we use it, and your choices regarding your data.

Information We Collect

Account Information

When you sign up, we collect your name, email address, and profile picture through our authentication provider (Clerk). This is used to identify your account and personalize your experience.

Documents You Submit

When you upload a file (PDF, DOCX, or TXT) or paste contract text on the website, that file and the extracted text are sent to our servers for AI-powered analysis. Uploaded files are stored in private Supabase Storage scoped to your account. When you analyze a page from the browser extension, the text, URL, and title of that page are sent to our servers only when you explicitly trigger an analysis.

Saved Analyses and Chat

If you save an analysis, the results, document title, source (file or URL), and original text are stored in your account so you can revisit them. If you use the in-app chatbot, the document context and the messages you send are processed by our AI provider to generate answers and are stored as part of that document's conversation history.

Local Extension Data

The browser extension stores your authentication token, basic profile info, your auto-detect preference, and the most recent analysis result locally on your device using the Chrome storage API.

Privacy-Preserving Analysis

Before we send your document text to our AI provider, we automatically scrub personally identifying information such as names, email addresses, phone numbers, and organization names, replacing them with placeholders like [Person 1] or [Email 1]. The original values never leave our servers. When the AI returns its analysis, we swap the placeholders back so you see the familiar names. You can also preview and further edit the anonymized text before analysis using our optional privacy review step. Automated PII detection is not perfect, so we recommend avoiding documents that contain highly sensitive data (e.g. government IDs, financial account numbers) or using the privacy review to remove anything you do not want analyzed.

How We Use Your Information

• To provide and operate the FinePrint service
• To analyze Terms of Service and legal documents on your behalf
• To store and display your past analyses
• To authenticate you across the website and browser extension

Data Sharing and Subprocessors

We do not sell, rent, or trade your personal information to third parties, and we do not use your data to train any AI models. We rely on a small number of trusted service providers (subprocessors) that process data on our behalf under strict confidentiality obligations:

• Clerk — user authentication and account management.
• Supabase — database and private file storage for documents and analyses.
• OpenAI — AI analysis and chat responses. Text is sent through the OpenAI API after PII scrubbing. Per OpenAI's API data policy, data sent through the API is not used to train their models.
• Vercel — website and API hosting.
• Google Programmable Search — used when you request public web reviews of a company or service. Only your search query is sent; your document text is not.

Where Your Data Is Processed

Our servers and databases are hosted in the United States. If you are accessing FinePrint from another country, your data will be transferred to and processed in the United States.

Data Retention

Account information is retained as long as your account is active. Saved analyses are retained until you delete them or delete your account. You can delete individual analyses from your dashboard at any time.

Your Rights

You can access, update, or delete your account and saved data at any time through your FinePrint dashboard. To request complete deletion of your data, contact us at the email below.

Depending on where you live, you may have additional rights under laws such as the GDPR (EEA/UK) or CCPA (California), including the right to access, correct, delete, or port your personal data, and the right to object to certain processing. We do not sell personal information. To exercise any of these rights, contact us at the email below and we will respond within the timeframes required by applicable law.

Children's Privacy

FinePrint is not directed to children. You must be at least 13 years old (or 16 in the EEA/UK) to use the service. We do not knowingly collect personal information from children below these ages; if you believe a child has provided us with personal information, please contact us and we will delete it.

Security

We use industry-standard security measures including encrypted connections (HTTPS), secure authentication tokens, and access controls to protect your data.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date.

Contact

If you have questions about this Privacy Policy, please contact us at danaid@bu.edu.