Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            How Contractbook handles AI data processing and storage

            Created by Tanya Stoyanova, Modified on Fri, May 8 at 1:21 PM by Tanya Stoyanova

            Managing your company's data privacy and understanding how AI processing works requires specific knowledge of our infrastructure. To review or discuss these protocols, you should have rights to “Manage company settings”. 

            If you need to understand our privacy-first approach to AI, here are the core principles of how we handle your data:

            AI infrastructure

            Our AI models are hosted in Microsoft Azure and/or Google Cloud Platform (GCP), both of which are listed as official Contractbook subprocessors. While Contractbook’s core infrastructure and primary databases are hosted in GCP, the actual AI processing does not result in any customer data being stored in Azure or retained within any specific AI model.

            No AI training or retention

            We ensure that your data is never used to improve global models without your consent. Data sent to AI models is processed ephemerally. This means:

            • The data is neither stored nor used to train the models.

            • This behavior is contractually enforced through our agreements with cloud providers to ensure your sensitive contract information remains private.

            Strict data access boundaries

            We maintain rigorous isolation between different Company accounts. Our AI features are designed to only access data relevant to the specific task at hand, strictly limited to the current document or workspace. This prevents data leakage and ensures that the AI cannot "see" information from other users or organizations.

            Subprocessor compliance

            All subprocessors involved in AI processing are GDPR-compliant. They adhere to international data protection frameworks, such as the EU-U.S. Data Privacy Framework (DPF), ensuring that data handling across borders remains lawful and secure. You can view our current list of subprocessors on our website to see how we maintain these standards.

            • Pro-tip: 

            Because we use ephemeral processing, your AI-extracted data is only as secure as the user permissions you set across your Company account. Use User groups to organize only authorized Company users who can view extracted contract data.

            • Note: 

            User groups is a premium feature that is not included in all plans. If you do not see the option to manage user groups under the Company section of your Profile settings, please reach out to your Customer Success Manager for more information on how to add this feature to your current subscription.

            Related articles

            • Security & provisioning 

            • Source highlights in AI Upload 

            • Company subscription

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0