Clause

Privacy Policy

Effective Date: 29 March 2026

Clause ("we," "our," "us," or "the Company") operates the clause.co.nz service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services, including the AI-powered document analysis tool.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Services.

1. What Data We Collect

We collect information about you in several ways:

Information You Provide Directly

  • Account information: Email address, name, and any profile details you create
  • Uploaded documents: Property-related documents you upload for analysis (e.g., purchase agreements, inspection reports, titles)
  • Payment information: Processed securely through Stripe (we do not store full credit card details)
  • Communications: Messages sent to our support team or feedback you provide

Information Collected Automatically

  • Analytics data: If you consent to optional analytics, we collect:
    • Pages visited and interactions with our interface
    • Device type, browser type, and operating system
    • Approximate location (country/region level only)
    • How long you spend on our service
  • Essential cookies: Automatically collected for security and service functionality
  • Log data: IP address, access times, and error information

2. Why We Collect Your Data

We collect and use your information for these purposes:

  • Providing the Service: To deliver AI-powered document analysis and generate reports tailored to your needs
  • Account Management: To create and manage your account, verify your identity, and process your requests
  • Payments: To process transactions securely through Stripe
  • Customer Support: To respond to your inquiries and resolve issues
  • Service Improvement: To understand how you use our service, identify problems, and develop new features
  • Legal Compliance: To meet our obligations under NZ law, including the Privacy Act 2020
  • Security: To detect, investigate, and prevent fraudulent, abusive, or illegal activity
  • Marketing (with consent): To send you information about our services, product updates, or promotional offers—only if you opt in

3. How Your Documents Are Processed

When you upload a document for analysis:

  1. Secure Transmission: Your document is encrypted in transit (using TLS/SSL encryption)
  2. AI Analysis: We send your document to Anthropic's API to generate your analysis report
  3. Data Not Used for Training: Anthropic's commercial API policy ensures your document is not used to train or improve their models. Your input is processed for your analysis only.
  4. Automatic Deletion: Your document is automatically deleted from our servers after 90 days
  5. Report Storage: Your generated analysis report is retained in your account while your subscription is active

Important: Your document may contain information about third parties (e.g., property agents, vendors, surveyors). We process this information solely to deliver your analysis service and do not use it for any other purpose.

4. Cross-Border Data Disclosure

Your documents and data are processed internationally:

  • Anthropic (United States): Your uploaded documents are sent to Anthropic's servers in the United States for AI analysis
  • Data Processing Agreement: Anthropic is bound by their commercial API terms, which state inputs and outputs are not used for model training. See their privacy policy at https://privacy.anthropic.com
  • Supabase (Australia): Your account data, reports, and metadata are stored with Supabase, which operates servers in Sydney, Australia
  • Stripe (International): Payment information is processed by Stripe's secure systems across multiple regions
  • Vercel & PostHog (US/EU): Analytics data (if consented) may be processed in the United States or European Union

By using Clause, you consent to your data being transferred to and processed in these jurisdictions.

5. How Long We Keep Your Data

We retain your information for as long as necessary to provide our service:

Documents

  • Uploaded documents are automatically deleted after 90 days
  • You can manually delete documents anytime from your dashboard

Reports & Account Data

  • Analysis reports are retained while your account is active
  • Historical reports and account metadata remain accessible during your subscription

Upon Account Deletion

  • All your data (documents, reports, account information) is scheduled for permanent deletion
  • Deletion is completed within 30 days of your request
  • Payment records may be retained for 7 years to comply with accounting and tax obligations

Cookie & Preference Retention

  • Essential Cookies: 12-month expiry
  • Marketing Preferences: Retained until you unsubscribe

6. AI and Automated Decision-Making

Clause uses artificial intelligence to:

  • Generate analysis: Our AI analyses your documents and generates property risk assessments
  • Produce risk ratings: The AI assigns risk levels and categorises potential issues
  • Provide recommendations: Automated suggestions are offered based on identified risks

How This Works

  • No human reviewer assesses your individual report unless you specifically request it
  • Your analysis is generated entirely by AI without manual intervention
  • If you wish to discuss or challenge any findings, you can contact our support team at support@clause.co.nz

Your Rights

You have the right to request human review of any AI-generated analysis. We will arrange for a qualified person to review your report and provide feedback within 10 working days.

7. Third-Party Personal Information in Documents

Documents you upload may contain personal information about third parties, such as:

  • Real estate agent names and contact details
  • Vendor or seller information
  • Surveyor or inspector credentials
  • Other individuals mentioned in property documentation

How we handle this

  • Third-party personal information is processed only to deliver your analysis service
  • We do not use this information for marketing, profiling, or any other purpose
  • Third-party data is subject to the same 90-day automatic deletion as your documents
  • We do not share this information with third parties

8. Cookies and Tracking

Essential Cookies (Always Active)

These are necessary for the service to function:

  • Session management: Keeping you logged in
  • Security: Protecting against unauthorised access
  • Service preferences: Remembering your settings
  • CSRF protection: Preventing cross-site attacks

Analytics Cookies (Consent Required)

We use two optional analytics services:

PostHog Analytics

  • Tracks how you interact with our interface
  • Helps us identify usability problems and improve features
  • Only enabled if you click "Accept All" on our consent banner

Vercel Analytics

  • Monitors website performance and uptime
  • Analyses page load times and user behaviour
  • Only enabled if you click "Accept All" on our consent banner

Consent Banner

  • "Essential Only" blocks PostHog and Vercel Analytics
  • "Accept All" enables both analytics services
  • Your choice is stored in a cookie that expires after 12 months
  • You can change your preferences anytime from the Settings page

Third-Party Cookies

Third-party services (Stripe, Anthropic) may set their own cookies. Refer to their privacy policies for details.

9. Your Privacy Rights

Under the Privacy Act 2020, you have the right to:

Right of Access

You can request a copy of all personal information we hold about you, including:

  • Your account details
  • Analysis reports and documents
  • Payment and transaction history
  • Communication records

How to request: Email support@clause.co.nz or use the "Download My Data" option in your dashboard. We will provide the information within 20 working days.

Right of Correction

If your personal information is inaccurate or incomplete, you can request corrections:

  • Update your name, email, or account details directly in the dashboard
  • Contact support@clause.co.nz for other corrections
  • We will confirm the correction within 5 working days

Right of Deletion

You can request deletion of your account and associated data:

  • Use the "Delete Account" option in your dashboard, or
  • Email support@clause.co.nz with your deletion request
  • We will permanently delete all your data within 30 days
  • Some data (tax records, legal holds) may be retained longer if required by law

Right to Object

You can object to the processing of your data for certain purposes (e.g., marketing communications or analytics). Contact us at support@clause.co.nz.

Right to Lodge a Complaint

If you believe your privacy rights have been breached, you can lodge a complaint with the Privacy Commissioner:

10. Marketing Communications

Email Communication Types

Transactional Emails (Always Sent)

  • Report delivery notifications
  • Payment receipts and invoices
  • Account verification and password resets
  • Service announcements (service outages, critical updates)
  • These contain zero promotional content

Marketing Emails (Opt-In Only)

  • Product updates and new features
  • Promotional offers and discounts
  • Tips, guides, and educational content
  • Surveys and feedback requests
  • You must explicitly opt in to receive these

Your Preferences

Marketing Opt-In (Separate, Unticked by Default)

  • During account creation and in Settings, there is a separate checkbox for marketing emails
  • This box is unticked by default—you must actively opt in to receive marketing
  • Marketing opt-in is completely separate from transactional emails

Unsubscribing

  • Every marketing email includes a one-click unsubscribe link
  • You can update your preferences in your dashboard anytime
  • Unsubscribe requests are processed immediately
  • Your unsubscribe will take effect within 24 hours

Communications Provider

Marketing emails are sent via Resend, a secure email service provider.

11. Data Security Measures

We implement comprehensive security measures to protect your information:

Encryption

  • In Transit: All data transmitted to/from our service is encrypted using TLS 1.2 or higher
  • At Rest: Documents and sensitive data are encrypted in our database using industry-standard encryption

Access Controls

  • Authentication: Multi-factor authentication (MFA) is available for your account
  • Authorisation: Database row-level security (RLS) ensures you can only access your own data
  • Staff Access: Our team uses role-based access control; staff only access data when necessary

Database Security

Supabase: Our primary database uses Supabase, which provides:

  • Encrypted storage (PostgreSQL with encryption)
  • Row-level security policies
  • Regular security audits and backups
  • DDoS protection and intrusion detection
  • Data residency in Sydney, Australia

Infrastructure

  • Hosting: Vercel provides secure hosting with edge-network protection
  • Backup: Regular automated backups are maintained in secure, encrypted storage
  • Monitoring: Continuous monitoring detects and alerts us to suspicious activity

Third-Party Security

  • Stripe: PCI DSS Level 1 compliant (highest standard for payment processing)
  • Anthropic: Enterprise-grade security for API processing
  • Resend: SOC 2 compliant email infrastructure

Incident Response

If we discover a data breach affecting your personal information, we will notify you as soon as possible and cooperate with the Privacy Commissioner.

12. Contact Details

If you have questions about this Privacy Policy or your personal information, please contact:

Clause Support

We will respond to your inquiries within 5 working days.

13. NZ Privacy Act 2020 Compliance

Clause is committed to complying with the Privacy Act 2020 and the Privacy Principles it sets out:

Information Privacy Principles (IPPs)

Collection & Use

  • We collect information only when necessary (IPP 1–2)
  • We use information only for purposes disclosed to you

Access & Correction

  • You can request access to your information (IPP 7)
  • You can request correction of inaccurate information (IPP 8)

Data Quality & Security

  • We maintain accurate, up-to-date information (IPP 3)
  • We protect your information from misuse and unauthorised access (IPP 9)

Disclosure

  • We limit disclosure of your information (IPP 4–6)
  • We do not share your data without consent, except as required by law

Openness & Access

  • This Privacy Policy is transparent about our practices
  • You can access this policy anytime

Privacy Commissioner

The Privacy Commissioner oversees privacy compliance in New Zealand. You can lodge a complaint at www.privacy.govt.nz.

14. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes to our practices
  • Changes to the law
  • Feedback from users

How We Notify You

  • Material changes: We will email you at least 30 days before material changes take effect
  • Minor updates: Non-material clarifications will be updated without notice
  • Effective date: The "Effective date" at the top of this policy indicates when it was last updated

Your continued use of Clause after changes become effective means you accept the updated Privacy Policy.

15. Document Upload Disclosure

When you upload a document, you will see this clear disclosure:

Your document is processed securely:

  • Encrypted in transit and at rest
  • Analysed by AI to generate your report
  • Automatically deleted after 90 days
  • Never used to train AI models
  • Processed by our AI provider whose servers are located in the United States

This disclosure appears on the upload page before you submit any document.

16. Definitions

  • "Personal information" means information about an identifiable individual (as defined in the Privacy Act 2020)
  • "Processing" means any operation performed on personal information, such as collection, storage, use, or deletion
  • "Data breach" means unauthorised access to or misuse of personal information
  • "Third party" means any individual or organisation other than you and Clause
  • "Cookie" means a small file stored on your device that allows us to recognise you
Back to top