Privacy Notice
Last updated: May 15, 2026
1. Who we are
Contract Companion is operated by HKConsulting. For the personal data described in this notice, HKConsulting is the data controller. You can reach us at privacy@contractcompanion.org.
2. What we collect and why
| Category | Purpose | Legal basis |
|---|---|---|
| Account info (name, email, password hash) | Create and secure your account | Contract performance |
| Contract data you upload (vendors, amounts, dates, PDFs) | Provide the Service to you | Contract performance |
| Usage and device telemetry, IP address | Security, fraud prevention, product improvement | Legitimate interests |
| Support correspondence | Respond to your questions | Legitimate interests |
| Marketing email (optional) | Send product updates if you opt in | Consent |
Payment card details are collected and processed by Paddle, our Merchant of Record. We do not see or store your full card number.
3. Who we share data with
- Paddle — Merchant of Record for sales, subscription management, payments, tax compliance and invoicing.
- Service providers / subprocessors — hosting (Lovable Cloud / Supabase), email delivery, analytics and customer-support tooling, all under written contracts.
- Professional advisers — legal and accounting professionals where required.
- Authorities — when required by law, court order, or to protect our rights.
We do not sell your personal data.
4. International transfers
Some of our service providers are located outside the UK/EEA. Where we transfer personal data internationally we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.
5. Retention
We keep your account and contract data for as long as your account is active. After you close your account we delete or anonymize personal data within 90 days, except where we are required to keep it longer (for example, billing records retained for tax purposes).
6. Your rights
Depending on where you live, you have the right to access, correct, delete, restrict or object to processing of your personal data, and to data portability. You can withdraw consent at any time and lodge a complaint with your local data-protection authority. To exercise these rights, contact privacy@contractcompanion.org. We respond within one month.
7. Security
We protect personal data with appropriate technical and organizational measures including encryption in transit and at rest, role-based access controls, and audit logging.
8. Cookies
We use a small number of essential cookies to keep you signed in and to remember your preferences. We do not use advertising cookies. You can control cookies via your browser settings.
9. Changes
We may update this notice from time to time. We will post the new version here and, for material changes, notify you by email or in-app notice.