Skip to main content
Reddox

Privacy Policy

Effective Date: April 1, 2026 | Last Updated: April 1, 2026

This Privacy Policy describes how Reddox ("we," "us," or "our") collects, uses, and protects your information when you use our AI-powered contract review platform available at reddox.ai, including our Microsoft Word add-in and any associated services (collectively, the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

Information We Collect

We collect information that you provide directly to us, information generated through your use of the Service, and certain information collected automatically.

Account Information. When you create a Reddox account, we collect your name, email address, organization name, and billing information. If you sign in through a third-party authentication provider, we may receive your name and email address from that provider.

Document Data. When you use Reddox to review contracts, the text content of your documents is transmitted to our servers for AI-powered analysis. This includes any contract text, clause content, and related metadata that you submit through the Word add-in or web interface.

Usage Analytics. We collect information about how you interact with the Service, including which tools you use, how frequently you use them, the types of analyses you run, and general usage patterns. This data helps us improve the platform and understand which features are most valuable.

Cookies and Similar Technologies.We use cookies and similar tracking technologies to maintain your session, remember your preferences, and support core platform functionality. See the "Cookies and Tracking" section below for more detail.

How We Use Your Information

We use the information we collect for the following purposes:

  • To Provide the Service. We use your account information to authenticate you, manage your subscription, and deliver the contract review functionality you request.
  • To Improve Our Product. We use aggregated and anonymized usage analytics to understand how the Service is used, identify areas for improvement, and develop new features.
  • To Communicate With You. We may send you transactional emails related to your account, subscription confirmations, security alerts, and product updates. You can opt out of non-essential communications at any time.
  • To Maintain Security. We use information to detect, prevent, and respond to fraud, abuse, security incidents, and other harmful activity.

Document Data and AI Processing

When you submit a document for review, the relevant text is sent to our AI processing infrastructure, which includes OpenAI, for analysis. We want to be transparent about how your document data is handled:

  • Document text is transmitted to OpenAI solely for the purpose of performing the contract analysis you request.
  • Your document data is not used by Reddox or OpenAI to train, fine-tune, or improve any AI models.
  • Your document content is not sold, shared with, or disclosed to any third parties beyond what is necessary to provide the Service.
  • Document data is processed in real time and is not persisted on our servers after the analysis is complete. When you delete a document or your account, all associated data is removed from our systems.

We contractually require our AI processing partners to maintain equivalent or greater data protection standards.

Third-Party Services

We rely on a limited number of trusted third-party services to operate the platform. Each provider is selected for its security standards and compliance posture:

  • OpenAI provides the AI models used for contract analysis and review. Document text is sent to OpenAI for processing under a data processing agreement that prohibits use of your data for model training.
  • Amazon Web Services (AWS) provides the cloud hosting infrastructure where our application servers and databases run.
  • Stripe processes all payment and billing transactions. Reddox does not store your full credit card number; this information is handled entirely by Stripe in compliance with PCI DSS standards.
  • Clerk provides authentication and user management services, handling sign-in, sign-up, and session management.
  • Cloudflare provides DNS, CDN, and security services including DDoS protection and web application firewall capabilities.

Data Retention

We retain different categories of data for different periods depending on their purpose:

  • Account Data. Your account information, including your name, email, and subscription details, is retained for as long as your account remains active. If you close your account, we will delete your account data within 30 days, except where retention is required by law.
  • Document Data. Contract text and analysis results are not persisted on our servers after processing is complete. We do not maintain a long-term store of your document content.
  • Deletion Requests. You may request deletion of your personal data at any time by contacting us. We will process your request within 30 days and confirm completion.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access. You may request a copy of the personal data we hold about you.
  • Correction. You may request that we correct any inaccurate or incomplete personal data.
  • Deletion. You may request that we delete your personal data, subject to certain legal exceptions.
  • Data Export. You may request a portable copy of your data in a commonly used, machine-readable format.
  • Opt-Out of Marketing. You may opt out of receiving marketing communications from us at any time by clicking the unsubscribe link in any marketing email or by contacting us directly.

To exercise any of these rights, please contact us at privacy@reddox.ai. We will respond to your request within 30 days.

Cookies and Tracking

Reddox uses only essential cookies that are necessary for the operation of the Service. These cookies maintain your authentication session, store your preferences, and enable core functionality. We do not use cookies for advertising or cross-site tracking.

For analytics, we use privacy-respecting tools that do not rely on cookies or collect personally identifiable information. Our analytics are designed to help us understand usage patterns in aggregate without tracking individual users across the web.

Security Measures

We take the security of your data seriously and implement multiple layers of protection:

  • Encryption in Transit. All data transmitted between your browser, our servers, and third-party services is encrypted using TLS (Transport Layer Security).
  • Encryption at Rest. Data stored on our servers is encrypted at rest using AES-256 encryption.
  • Access Controls. Access to production systems and customer data is restricted to authorized personnel on a need-to-know basis, with role-based access controls and multi-factor authentication.
  • Audit Logs. We maintain audit logs of access to sensitive systems and data to detect and investigate unauthorized activity.

While no system can guarantee absolute security, we are committed to protecting your information using industry-standard practices and continuously improving our security posture.

Children's Privacy

The Service is not directed at children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal data from a child under 13, we will take steps to delete that information as quickly as possible. If you believe a child under 13 has provided us with personal data, please contact us at privacy@reddox.ai.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email at the address associated with your account and update the "Last Updated" date at the top of this page. Your continued use of the Service after such changes constitutes your acceptance of the updated Privacy Policy.

Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

privacy@reddox.ai

← Back to Legal Information