amigettingfucked.ai
Effective May 5, 2026

Privacy Policy

This Privacy Policy explains what data we collect when you use amigettingfucked.ai(the “Service”), why we collect it, where it is stored, who else sees it, and what rights you have over it. We handle legal contracts, which often contain sensitive commercial and personal information, and we treat that responsibility accordingly.

The short version:

  • Your contracts are yours.We don’t train on them, sell them, share them with advertisers, or share them with anyone except the AI providers strictly needed to produce your results.
  • We don’t keep backups.We don’t replicate your data to any third-party storage. The only place your contract lives is the operating database and image volume that runs the Service.
  • Deletion is real and immediate.Delete a contract or your entire account from the account page and the underlying data is gone — from our database, from the rendered-image volume, and from any cached state. There are no archives.
  • You can see and control everything we have. The account page lists every contract associated with your account. From there you can open it, delete it, or delete the whole account.

1. Who we are

We are the operator of the amigettingfucked.ai Service. For the purposes of EU/UK General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act as amended (“CCPA/CPRA”), we are the data controller of the personal data described in this Policy. Contact information is on our home page.

2. What we collect

  • Account information— email address, authentication identifiers, and basic profile data managed by our authentication provider Clerk. We do not store your password; Clerk handles credentials. If you sign in with a social provider (Google, GitHub, LinkedIn, Facebook, etc.), we receive only the profile fields the provider returns to Clerk (typically email, name, and avatar URL).
  • Documents you upload— the original PDFs you submit for analysis.
  • Derived content— rendered page images (PNGs of each page of the PDF), clause records (extracted section numbers, headings, verbatim clause text, severity ratings, plain-English explanations, recommendations, and bounding-box coordinates), synthesis objects (the Overview summary, key concerns, questions to ask), amendment drafts and rationales, and negotiation strategy outputs.
  • Deal context— the answers you give to the context form (deal type, your role, party name, free-text concerns, selected risk-frame lenses, willingness-to-sign).
  • Usage data— standard request logs (IP address, user-agent, timestamps, paths visited), error reports, and basic product analytics (e.g. how many contracts you analyzed, which tabs you opened). We do not log document content in analytics.
  • Cookies and similar technologies— session cookies for sign-in (set by Clerk), and first- or third-party cookies for analytics and advertising as described in Section 8.

3. How we use your data

  • To provide the Service: store the PDF, render its pages, extract clauses, produce severity ratings and explanations, generate amendments and negotiation strategies, and serve all of this back to you in your account.
  • To authenticate you and secure your account.
  • To debug, monitor, and improve the Service.
  • To enforce our Terms and prevent abuse, fraud, or illegal use.
  • To comply with legal obligations.
  • For aggregated, non-content analytics and advertising as described in Section 8.

Legal bases (GDPR): performance of the contract between us (providing the Service you signed up for), our legitimate interests (security, fraud prevention, product improvement), and your consent where we ask for it (e.g. for non-essential cookies in regions where consent is required).

4. Your contracts — explicit confidentiality commitments

Documents you upload are treated as Confidential Information. Specifically:

  • We do not use Your Content to train any AI model — ours or anyone else’s. Ever. This applies to the original PDF, the rendered images, the extracted clause text, and every artifact derived from them.
  • We do not sell, rent, license, or share Your Content with advertisers, data brokers, or any third party for their own use.
  • We do not maintain backups of Your Content, your account, or any analyses produced from them. We do not replicate Your Content to a separate storage system. The only place Your Content lives is the operating database and the rendered-image volume that runs the Service.
  • We send relevant portions of Your Content to AI providers (Sub-Processors, listed below) strictly as needed to produce the analysis you requested. We use those providers under their commercial API terms, which contractually prohibit training on customer-submitted data.
  • We will not access or read Your Content ourselves except: (a) at your request (e.g. to debug a problem you report); (b) to comply with valid legal process, narrowly construed; or (c) to investigate suspected serious abuse of the Service.

5. Sub-Processors

We use the following third-party services to run the Service. We contractually require each Sub-Processor to maintain confidentiality, use Your Content only as needed to provide its service to us, and refrain from training AI models on Your Content.

  • Clerk(authentication) — stores your email, authentication tokens, and basic profile. Does not receive document content.
  • Railway(compute, database, and persistent storage volumes) — hosts the application, the Postgres database in which clause records and account data are stored, and the volume that holds the original PDF and rendered page images.
  • Anthropic(large-language-model API for the orchestrator and sub-LM calls) — receives the page images and clause text needed to produce the analysis; subject to Anthropic’s commercial API terms, which prohibit training on customer inputs.
  • OpenAI and Google (Gemini)(large-language- model APIs, used as alternatives to Anthropic depending on deployment configuration) — receive the page images and clause text needed to produce the analysis; subject to each provider’s commercial API terms, which prohibit training on customer-submitted API content.

We may add or change Sub-Processors as the Service evolves. We will only use Sub-Processors that offer equivalent confidentiality and no-training commitments. Material changes will be reflected on this page.

6. Where your data lives, and for how long

Your account, documents, rendered page images, and analyses are stored on cloud infrastructure operated by Railway in the region Railway selects for our project. We do not maintain backups, and we do not replicate Your Content to any other storage. This means:

  • Deletion is immediate and permanent (see Section 7);
  • Service availability depends on the underlying infrastructure’s availability;
  • Retention is determined by you. We retain Your Content for as long as your account exists and you have not deleted it. We retain account data only while your account is active. We retain non-content service logs for a limited period (typically 30–90 days) for security and abuse-prevention purposes.

7. Deletion mechanics

You can delete in two ways from the account page:

  • Delete a single contract. Removes the original PDF, every rendered page image, every clause record, every region/bounding-box record, every clause comment or amendment draft, every synthesis object, and every negotiation strategy associated with that contract.
  • Delete your entire account. Performs the same action above for every contract you have, then removes your account row, and finally removes your authentication record at Clerk. After deletion, signing back in with the same email will create a fresh, empty account with no association to the deleted one.

Both deletions are immediate and final. We have no “undo,” no archive, and no internal backup we can restore from. We may retain non-content log entries (e.g. “account deleted at time T by user Y”) for a limited period as required by security and legal-compliance obligations; these entries do not contain document content.

8. Advertising & analytics

We may run advertising, including showing you ads on third-party sites based on your interactions with our Service (retargeting). To do this we may use cookies, pixels, or similar technologies provided by advertising networks. These signals are aggregated and non-content: advertising partners do not receive your documents, your analyses, your deal context, or anything you typed into the Service.

We use basic product analytics (page views, feature usage) to understand how the Service is used and where it can be improved. Analytics does not include document content.

You can opt out of personalized advertising via your browser settings (e.g. “Do Not Track,” “Global Privacy Control”) or industry tools (the Network Advertising Initiative in the U.S., Your Online Choices in the EU). Where the law requires, we will obtain consent before setting non-essential cookies.

9. Security

We use industry-standard practices to protect your data:

  • All traffic between you and the Service is encrypted in transit using HTTPS/TLS;
  • Data at rest in Railway’s Postgres and storage volumes inherits Railway’s at-rest encryption;
  • The internal API between the web service and the analysis service is protected by a shared secret over Railway’s private network and is not exposed to the public internet;
  • Authentication is delegated to Clerk, which manages credentials, multi-factor authentication, and session security;
  • Access to production systems is limited to operators with a legitimate need.

No system is perfectly secure, and we make no guarantee of absolute security. If you discover a vulnerability, please report it to the contact published on our home page so we can investigate.

10. Breach notification

If we become aware of unauthorized access to or disclosure of Your Content or your personal data, we will notify affected users without undue delay and, where required by applicable law (e.g. GDPR Article 33/34), within the timeframes specified by law. The notice will describe the nature of the incident, the data involved, the steps we have taken, and the steps you can take.

11. Your rights

Depending on where you live, you may have the following rights regarding your personal data. You can exercise most of these rights directly from your account; for the rest, contact us via the contact information on our home page.

  • Access— the account page lists every contract associated with your account. For other personal data, contact us and we will provide a copy.
  • Correction— update your email or profile via Clerk’s account widget; contact us for anything else.
  • Deletion— delete a contract or your entire account from the account page (Section 7).
  • Portability— we can export an analysis on request; contact us.
  • Restriction / objection— you may ask us to restrict or stop processing your personal data.
  • Withdraw consent— where we rely on consent (e.g. non-essential cookies), you can withdraw it at any time without affecting prior processing.
  • Lodge a complaint— with the supervisory authority in your jurisdiction (e.g. an EU Data Protection Authority, the UK Information Commissioner’s Office, your state attorney general).
  • California residents (CCPA/CPRA)— you have the right to know what personal information we collect, to delete it, to correct it, to limit use of sensitive personal information, and not to be discriminated against for exercising these rights. We do not “sell” or “share” (as those terms are defined under CCPA/CPRA) personal information.

We do not discriminate against you for exercising any of your privacy rights. We will respond to verifiable requests within the timeframes required by applicable law (typically 30 days for GDPR, 45 days for CCPA, extendable in limited circumstances).

12. Children

The Service is not intended for children under 18. We do not knowingly collect personal data from children under 18. If you believe a child has provided us data, contact us via the home page and we will delete it.

13. International transfers

Your data may be processed in countries other than the one you reside in (typically the United States, where our Sub-Processors operate their primary infrastructure). For transfers of personal data out of the European Economic Area, the United Kingdom, or Switzerland, we rely on the European Commission’s Standard Contractual Clauses or another lawful transfer mechanism. By using the Service, you understand that your data may be processed outside your country of residence subject to those safeguards.

14. Automated decision-making

The Service uses AI models to produce automated commentary on contracts. This commentary is informational; it does not produce legal effects on you and you remain free to ignore it, override it, or seek independent professional review. The Service does not use solely automated processing to make decisions about you within the meaning of GDPR Article 22.

15. Changes to this Policy

We may update this Policy. The “Effective” date at the top of this page reflects the latest version. Material changes will be communicated through the Service or, where you provided one, by email. Your continued use of the Service after the Effective date of a revised version constitutes acceptance of the revised Policy.

16. Contact

Questions about privacy, your data, or to exercise any of the rights above? Reach out via the contact information published on our home page.