Privacy Policy

Overview

This Privacy Policy explains how DBA Check processes personal data when you use our platform. DBA Check operates under GDPR and applies data minimization principles to contract analysis workflows.

Data Controller Information

DBA Check B.V. is the data controller for personal data processed through the platform for account, billing, and service operations.

For privacy-related requests, contact us via the contact details listed on the website.

Data We Collect

Account data: name, email address, role, language settings, and company profile information.

Billing data: subscription plan metadata, Stripe customer identifiers, and invoice/payment status information (payment card data is handled by Stripe).

Contract analysis data: uploaded contract files, extracted contract text, questionnaire answers, analysis scores, findings, recommendations, and report metadata.

Data Minimization & Retention

We process only data required to provide, secure, and improve the service. We minimize the amount of personal data included in analysis outputs.

Extracted contract text is automatically deleted after 30 days. Scoring outputs and report metadata may be retained longer for auditability and reporting.

Where feasible, personally identifiable information (PII) is sanitized prior to AI processing.

Sub-processors

We use vetted sub-processors for core operations, including Supabase (hosting, database, storage), Anthropic (AI analysis), and Stripe (billing).

Our AI providers are contractually restricted from using customer inputs/outputs submitted through DBA Check to train their general foundation models.

Your GDPR Rights

Subject to applicable law, you have the right to access, rectify, erase, restrict, or object to processing of your personal data, and the right to data portability.

You may also withdraw consent where processing is based on consent and lodge a complaint with your local supervisory authority.