GDPR compliance

GDPR Commitments

ContractShield operates with privacy by design. We honor data subject rights across the EU and UK and provide clear processes for access, deletion, and portability.

Right to access

Workspace owners can export project, document, and user activity logs at any time. Our team fulfills personal data requests within 30 days.

Right to rectification

Profile, company, and project data can be edited in app. We provide audit trails for changes and assist with bulk updates when needed.

Right to erasure

ContractShield deletes data within 30 days of a verified request and provides confirmation once backups roll off the retention window.

Data processing addendum

Processing & subprocessors

Our DPA governs data processing on behalf of customers. We publish current subprocessors and notify customers at least 30 days before changes, allowing objection and opt-out if required.

Supabase for managed Postgres and storage (USA/EU regions).

Vercel for global edge delivery and preview infrastructure.

Stripe for payment processing and invoicing (PCI DSS compliant).

Need a signed DPA?

Email privacy@contractshield.io with your company details. We turn around agreements within five business days.