Local Browser Processing Enabled

Security & Privacy

Three questions, answered plainly. No legal jargon. No fine print.

1. Where does your contract text go?
Nowhere. When you import a .docx or PDF, the file is converted to HTML entirely inside your browser using client-side JavaScript (mammoth.js). The text is never sent to our servers, never transmitted over the internet, and never stored in any database we control. The conversion happens in your browser tab โ€” the same way a calculator app runs locally on your phone. When you close the tab, the data is gone from our side because it was never on our side.
๐Ÿ’ป
Your Browser
All parsing, conversion, and AI detection runs client-side in JavaScript. Nothing leaves your device.
โ˜๏ธ
Your Cloud
Contracts save to your Google Drive, OneDrive, Dropbox, or S3. You choose. We never have access.
๐Ÿšซ
Our Servers
Zero contract data. Zero file storage. Zero retention. Our servers deliver the app. Your data stays yours.
2. Who can see your contracts?
Only you and the people you invite. Pactum does not have access to your contract text, your obligation data, or your playbook rules. We cannot read your contracts because they never reach us. Your cloud storage provider's access controls determine who can see your files โ€” we have no role in that chain. Collaboration happens peer-to-peer within your organisation. We are the editor. You are the custodian.
3. Is your data used for AI training?
No. Never. Under any circumstances. Your contract text is not used to train any AI model โ€” ours or anyone else's. The AI obligation detection engine runs locally in your browser using pre-trained pattern matching. It does not send your text to any API. It does not phone home. It does not learn from your data. Your contracts are not our training data.
Our commitments.
โœ“
Client-side processing. All file conversion and obligation detection runs in the browser. Verified by our open-source codebase.
โœ“
Zero data retention. We do not store, cache, log, or retain any contract text or metadata on our servers.
โœ“
No AI training on your data. Your contracts are never used to train, fine-tune, or improve any machine learning model.
โœ“
Your cloud, your rules. Contracts are stored on your chosen cloud provider under your access controls. We never have credentials to your cloud.
โœ“
Playbook rules stay local. Your company's contract standards are stored in your browser's local session. Never transmitted.
โœ“
No third-party analytics on content. We do not use Google Analytics, Hotjar, or any tool that could access your contract content.
โœ“
SOC 2 in progress. We are working toward SOC 2 Type II certification for our application infrastructure.

Have security questions? Need a vendor assessment completed?
Contact us at hello@wearepactum.com

Back to Pactum โ†’