Built for legal's security requirements.
Your contracts contain privileged communications, pending deal terms, and vendor relationships your competitors would pay to see. Before you upload a single agreement, you need to understand exactly how Clauseharbor handles your data — where it goes, who can see it, and what happens when you want it deleted. This page answers those questions directly.
How we protect your contract data
Data confidentiality — no model training
Clauseharbor is designed with the principle that your contract data is not used to train or improve our AI models. Your agreements contain privileged and confidential information — they remain yours.
Encryption in transit and at rest
Clauseharbor is designed with TLS 1.3 encryption for all data in transit and AES-256 encryption at rest in mind. Contract documents are stored in isolated, encrypted storage with access controls tied to your account only.
Role-based access controls
Clauseharbor is designed with granular access controls in mind — manage who on your legal team can upload contracts, run scans, view reports, or export data. Every action is logged to an audit trail.
Customer-controlled retention and deletion
You control how long Clauseharbor retains your contract data. Delete individual contracts, entire repositories, or your account at any time. Deletion is permanent within 30 days.
What we will always be clear about
We do not train models on your contract data.
When you upload a contract to Clauseharbor, it is processed to generate risk flags for your use. It is not used to fine-tune, retrain, or improve our models. Your agreements contain privileged communications, confidential business terms, and trade secrets. They are not training data.
Clauseharbor is not an AI company building aggregate models from enterprise contract data. We are a contract risk tool for in-house legal teams. Those are different businesses with fundamentally different incentives for how customer data is handled. We do not have a business reason to retain your contracts beyond the period you authorize.
We also do not sell, share, or provide third-party access to your contract data for any purpose other than delivering the service you have contracted for. If our security posture changes materially, we will provide written notice to affected customers no fewer than 90 days in advance and make contract data available for export before any change takes effect.
What in-house legal teams ask us most
Contract data is stored in isolated cloud infrastructure within the United States. Enterprise customers can request data residency in specific geographic regions. We do not replicate contract data outside your designated region without your explicit consent.
Access to customer contract data is restricted to a small number of authorized personnel for purposes of technical support and system maintenance. All access is logged. We do not read customer contracts for product development or sales purposes. We can provide a list of authorized roles upon request.
You can delete any contract, folder, or your entire account at any time from the dashboard. Deletion removes the document from active systems within 24 hours. Full deletion from backup systems is completed within 30 days. We will confirm completion of enterprise deletion requests in writing.
Clauseharbor supports role-based access control with three default roles: Admin (full access), Analyst (upload, scan, view, export), and Reviewer (view and comment only). Enterprise customers can configure custom roles. All user actions are recorded in the audit log with timestamps and IP addresses.
Yes. The audit log records every upload, scan, flag review, export, and deletion action with user identity, timestamp, and IP address. Audit logs are available to account administrators and can be exported as CSV for your own records. Professional and Enterprise customers can configure log retention up to 3 years.
Security questions? Talk to us directly.
Our team will walk you through Clauseharbor's security architecture before you upload a single contract.