Privacy Policy
ContractShield protects your data with industry-leading security practices and transparent controls.
Effective date: March 1, 2024 • Last updated: September 20, 2025
1. Information we collect
Account information including name, email, phone number, and role.
Project data such as documents, photos, schedules, and communication logs shared through ContractShield.
Usage analytics that help us improve performance, diagnose issues, and plan capacity.
Integrations data from third-party services you connect (e.g., accounting, CRM, time tracking).
2. How we use your data
Provide, maintain, and improve the ContractShield platform.
Facilitate collaboration between contractors, clients, and subcontractors.
Deliver insights, AI-powered recommendations, and predictive analytics.
Communicate about updates, support tickets, and security notifications.
3. Data sharing & disclosure
We do not sell your personal data.
Data is shared with trusted subprocessors who provide infrastructure, analytics, or customer support—listed in our Trust Center.
We may disclose information if required by law or to protect the safety and rights of users.
Aggregated or anonymized data may be used for benchmarking and product development.
4. Security & compliance
SOC 2 Type I audit underway with controls monitored by our security team; Type II roadmap published in the Trust Center.
Role-based access, multi-factor authentication, and SSO (SAML/SCIM) support.
Regional data hosting options to support residency requirements.
5. Your choices
Request access, correction, or deletion of your personal data by emailing privacy@contractshield.io.
Manage marketing preferences via the unsubscribe link in emails.
Disable or revoke third-party integrations at any time from workspace settings.
Data residency & retention
Choose US or EU data centers. Customer data is retained for 90 days after contract termination unless otherwise requested.
- • Daily encrypted backups with 35-day retention
- • Optional customer-managed encryption keys
- • Disaster recovery objectives: RPO < 5 minutes, RTO < 30 minutes
Contact our privacy team
Reach out with privacy questions or data requests. We respond within two business days.
Email: privacy@contractshield.io
Mail: ContractShield Privacy, 1200 Blake St, Suite 800, Denver, CO 80202
Regulatory commitments
ContractShield complies with GDPR, CCPA, and PCI DSS for payment processing. HIPAA Business Associate agreements are available upon request for qualifying customers.
Explore the full Trust Center
Transparency across security, privacy, and accessibility keeps your crews and clients confident from day one.
Security program
Dive into encryption standards, incident response playbooks, and our SOC 2 roadmap.
View detailsAccessibility standards
See how we ship WCAG-aligned experiences and partner with crews who rely on assistive tech.
View detailsGDPR commitments
Review data subject workflows, retention policies, and subprocessors covered in our DPA.
View detailsWe take your trust seriously
Review our full Trust Center for security whitepapers, compliance reports, and subprocessor lists.