Features How it works Pricing About Get early access
Legal

PRIVACY POLICY

Last updated: January 1, 2026  ·  Effective date: January 1, 2026

1. Introduction & Scope

Difflaw App ("Difflaw," "we," "us," or "our") operates the website difflaw-app.fun and the Difflaw contract analysis service (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our Service.

This Policy applies to all visitors, registered users, and anyone who uploads documents or otherwise interacts with the Service. By accessing or using the Service, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree with the terms of this Policy, please do not use the Service.

We are headquartered in the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where our servers and central database are operated.

2. Information We Collect

We collect several types of information in connection with the Service:

Account data. When you register for a Difflaw account, we collect your name, email address, and the password you create (stored in hashed form). If you sign up via a third-party authentication provider (such as Google), we receive the information that provider shares with us, which typically includes your name and email address.

Billing and payment data. If you subscribe to a paid plan, payment transactions are processed by a third-party payment processor. We do not store your full credit card number, CVV, or bank account details. We may receive and store limited billing information such as your billing address, payment method type (e.g., Visa ending in 4242), and transaction history for your account.

Uploaded documents. You may upload contracts and other documents to the Service for analysis. Please see Section 3 (Document & Contract Data) for the specific, detailed treatment of this category.

Usage data. We automatically collect certain information when you use the Service, including your IP address, browser type and version, operating system, referring URLs, pages visited, features used, time and date of access, and duration of sessions. This data is collected via server logs and analytics tools.

Device data. We may collect information about the device you use to access the Service, including device type, unique device identifiers, and mobile network information.

Communications. If you contact us by email or through a support channel, we retain records of that correspondence, including the content of your messages and any attachments.

3. Document & Contract Data

Your uploaded contracts are processed to deliver analysis results and are not permanently stored on our servers after the analysis is complete. Your documents are never used to train AI models — yours or anyone else's.

When you upload a contract or other document to the Service, the following applies:

  • Processing only. Your document is transmitted securely to our analysis pipeline, processed to produce the risk analysis, summaries, and flags, and the resulting output is returned to you.
  • Temporary retention. We may retain your uploaded document and analysis output in our systems for a limited period (no longer than 30 days) to allow you to access your results within the application. After this period, documents are permanently deleted from our servers.
  • No AI training. Your documents are never used to train, fine-tune, or improve any AI or machine learning model, whether operated by Difflaw or a third-party AI provider. We contractually prohibit our AI infrastructure providers from using your data for training purposes.
  • No sharing. Your documents are not shared with other users, sold to third parties, or disclosed to any party other than those described in Section 5 of this Policy (How We Share Your Information).
  • Sensitive content. You should not upload documents containing highly sensitive personal information about third parties (such as Social Security numbers or medical records) beyond what is necessary for the contract analysis you seek.

You retain full ownership of any documents you upload. Difflaw claims no intellectual property rights in your uploaded content.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide the Service. Processing your uploaded documents, delivering analysis results, maintaining your account, and communicating with you about your use of the Service.
  • To process payments. Managing billing, processing subscription payments, and handling refund requests.
  • To improve the Service. Analyzing usage patterns and aggregate (non-document) data to understand how users interact with Difflaw and to improve features, reliability, and performance. This analysis uses behavioral and usage data only — never document content.
  • To communicate with you. Sending transactional emails (account confirmations, receipts, password resets), service notifications, and, where you have opted in, marketing communications about Difflaw.
  • To enforce our terms. Detecting, investigating, and preventing fraudulent transactions, abuse, and other illegal activities, and enforcing our Terms of Service.
  • To comply with legal obligations. Responding to lawful requests from law enforcement or regulatory authorities, as described in Section 5.

We do not use automated decision-making or profiling in any way that produces legal or similarly significant effects for individuals.

5. How We Share Your Information

We do not sell your personal information. We do not sell, rent, or trade your personal data to data brokers, advertisers, or any other third party for their commercial purposes.

We may share your information in the following limited circumstances:

  • Service providers. We share information with third-party vendors who perform services on our behalf, such as cloud hosting, payment processing, email delivery, and customer support software. These providers are contractually obligated to use your data only to perform services for us and are prohibited from using it for their own purposes.
  • AI infrastructure providers. To analyze your uploaded documents, we use third-party AI APIs. These providers receive document content solely to perform the analysis. We require that they do not retain, use, or disclose your document content for any purpose other than completing the requested processing. They are explicitly prohibited from using your data for model training.
  • Legal requirements. We may disclose your information if required to do so by law, subpoena, court order, or other governmental or legal request, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a legal obligation.
  • Business transfers. If Difflaw is acquired by or merged with another company, or if substantially all of our assets are transferred, your information may be transferred as part of that transaction. We will notify you of any such change via email or a prominent notice on the Service.
  • With your consent. We may share your information with third parties when you have given us your explicit consent to do so.

6. Data Retention & Deletion

We retain your account data for as long as your account is active or as needed to provide you the Service. If you close your account, we will delete or anonymize your personal data within 90 days of account closure, except where we are required to retain it for legal, regulatory, or legitimate business purposes (such as resolving disputes or maintaining billing records as required by tax law).

Uploaded documents and analysis outputs are retained for up to 30 days and then permanently deleted. You may request deletion of a specific document or analysis at any time by contacting us at hello@difflaw-app.fun.

Usage logs and analytics data are retained in aggregated, anonymized form for internal analytics purposes.

7. Data Security

We take the security of your data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption in transit. All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security) with a minimum of TLS 1.2.
  • Encryption at rest. Stored data, including uploaded documents, is encrypted at rest using AES-256 encryption.
  • Access controls. Access to personal data is restricted to Difflaw employees and contractors who need it to perform their job functions, and is controlled via role-based access policies.
  • Infrastructure security. We use established cloud infrastructure providers that maintain SOC 2 and ISO 27001 certifications.

No method of electronic transmission or storage is 100% secure. While we use commercially reasonable means to protect your data, we cannot guarantee absolute security. If you become aware of any security vulnerability or incident, please contact us immediately at hello@difflaw-app.fun.

8. Your Rights

Depending on your location, you may have certain rights regarding your personal data. We honor these rights for all users regardless of location.

Rights available to all users:

  • Access. You may request a copy of the personal data we hold about you.
  • Correction. You may request that we correct inaccurate or incomplete personal data.
  • Deletion. You may request that we delete your personal data, subject to certain legal exceptions.
  • Data portability. You may request a machine-readable copy of your data to transfer to another service.
  • Opt-out of marketing. You may opt out of receiving marketing emails at any time using the unsubscribe link in any marketing email or by contacting us directly.

California residents (CCPA). California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect, the right to opt out of the "sale" of personal information (we do not sell your data), the right to non-discrimination for exercising your privacy rights, and the right to request deletion of your data.

EEA and UK residents (GDPR). If you are located in the European Economic Area or United Kingdom, you have rights under the General Data Protection Regulation, including the right to object to processing, the right to restrict processing, and the right to lodge a complaint with your local supervisory authority. Our legal bases for processing include performance of a contract (to provide the Service), legitimate interests (to operate and improve the Service), legal obligations, and consent where applicable.

To exercise any of these rights, contact us at hello@difflaw-app.fun. We will respond to verified requests within 30 days.

9. Cookie Policy

We use cookies and similar tracking technologies to operate and improve the Service. Cookies are small text files stored on your device by your browser.

We use the following types of cookies:

  • Essential cookies. Required for the Service to function, including session authentication and security tokens. These cannot be disabled.
  • Analytics cookies. We use privacy-respecting analytics tools to understand how users interact with the Service. These may be disabled without affecting core functionality.
  • Preference cookies. Used to remember your settings and preferences within the Service.

You can control cookies through your browser settings. Disabling essential cookies will prevent you from using certain features of the Service. We do not use advertising or tracking cookies from third-party ad networks.

10. Third-Party Services

The Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you use in connection with Difflaw.

Our key third-party infrastructure providers include cloud hosting services, payment processors, and AI API providers. Each is bound by contractual data processing agreements that restrict their use of your data to the purposes we specify.

11. Children's Privacy

The Service is intended for use by individuals who are 18 years of age or older. We do not knowingly collect personal information from anyone under the age of 18. If you are under 18, please do not use the Service or provide any personal information. If we learn that we have collected personal data from a person under 18 without parental consent, we will delete that information promptly. If you believe we may have any information from or about a person under 18, please contact us at hello@difflaw-app.fun.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will notify you by email (at the address associated with your account) and/or by posting a prominent notice on our website at least 14 days before the changes take effect.

The "Last updated" date at the top of this Policy reflects the date of the most recent revision. Your continued use of the Service after any changes become effective constitutes your acceptance of the revised Policy. If you do not agree with a revised Policy, you must stop using the Service before the changes take effect.

13. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We are committed to working with you to resolve any concerns about your privacy. For unresolved complaints, EEA and UK residents may contact their local data protection authority.