Your contracts are confidential. We treat them that way.
We know the documents you upload are among the most sensitive your firm handles. This page explains — in plain language — exactly what happens to your data, where it lives, and who can see it.
Last updated: June 2026
The short version
- ✓Your documents are private to your account. No other user can ever access them.
- ✓We use AI to analyze your contracts. The AI provider does not train its models on your data.
- ✓We never sell, share, or rent your data to anyone.
- ✓You can delete any document permanently at any time.
- ✓All data is encrypted in transit and at rest.
How your documents are processed
When you upload a contract, LegalMind processes it to generate the summary, risk analysis, timeline, and to answer your questions. This processing involves sending the text of your document to our AI provider (OpenAI) through their secure API.
This is the core of how the product works — the AI needs to read the contract text to analyze it. We send only what is necessary to perform the analysis you requested.
Importantly: OpenAI does not use data submitted through their API to train or improve their models. Your contract text is processed to return a result and is not used to make their AI smarter.
Where your data is stored
Your data lives in a few specific places, each chosen for security:
- Uploaded files are stored in encrypted cloud object storage (Cloudflare R2), isolated under your account.
- Extracted text, summaries, and analysis are stored in an encrypted PostgreSQL database (Neon).
- Your account details (email, hashed password) are stored in the same database. Passwords are hashed with bcrypt and never stored in plain text.
Who can access your documents
Your documents are strictly isolated to your account. Every request to read a document is checked against your identity — there is no code path that allows one user to retrieve another user's documents, summaries, chat history, or notes.
Our team does not browse your documents. We may access account-level metadata (like your email or usage counts) to provide support, but we do not read the contents of your contracts as a matter of course.
Security measures
- All data is encrypted in transit (HTTPS/TLS) and at rest.
- Authentication uses signed tokens; passwords are hashed with bcrypt.
- Every document and chat endpoint verifies ownership before returning any data.
- API access is rate-limited to prevent abuse.
Data retention and deletion
You are in control of your data. You can permanently delete any document from your dashboard at any time — this removes the file from storage and all associated analysis from our database.
If you close your account, we will delete your documents and personal data. If you ever want a full export or deletion, just email us.
What we never do
- We never sell your data.
- We never rent or share your data with advertisers.
- We never use your contracts to train AI models — ours or anyone else's.
- We never expose your documents to other users.
LegalMind is an AI assistance tool and does not constitute legal advice. This page describes our data practices in plain language and is provided for transparency. For questions about your data, or to request an export or deletion, contact us at hello@legalmindltd.com.