← Home

Privacy Policy

1. Introduction

1.1. This Privacy Policy (the "Policy") defines what personal data is collected, how it is processed, and how it is protected when using the SmartSplitAI Contract Review service (the "Service").

1.1.A. The Service is oriented toward use in the B2B sector: by individual entrepreneurs, legal entities, their employees, representatives, and other users acting in a professional, entrepreneurial, or contractual context. The Service is not intended for processing personal data of individuals for personal, family, household, or other purposes unrelated to entrepreneurial or professional activities.

1.2. This Policy has been developed taking into account the requirements of:

• EU Regulation 2016/679 (GDPR) — for users from the European Economic Area;
• California Consumer Privacy Act (CCPA/CPRA) — as a reference for user rights;
• Russian Federal Law No. 152-FZ "On Personal Data" — for users from the Russian Federation.

1.3. The Service does not guarantee full compliance with the requirements of all jurisdictions. Users from countries with specific data protection requirements should take this into account when using the Service.

2. Who is the data controller

2.1. The responsible person for the storage and processing of personal data within the SmartSplitAI service across all areas (users from the Russian Federation, users outside the Russian Federation, account data, organization data, uploaded contracts, AI analysis results, technical data) is Sergei V. Stepanov.

2.2. For Users from the Russian Federation, where applicable, the legal form used is:

2.3. For matters related to payment documents (billing/payment records) of international clients, limited payment and contact information may be processed by the payment party: Individual Entrepreneur Nataliia Kalabina, Georgia. Individual Entrepreneur Nataliia Kalabina may be listed in international payment documents and may participate in processing data necessary for payment and invoicing. The designation of Individual Entrepreneur Nataliia Kalabina as a payment recipient does not by itself mean that this person has access to contracts, AI reports, or is the primary data controller. The primary responsible person for data storage and processing within the SmartSplitAI service is specified in clause 2.1.

2.4. Contact email for all inquiries related to personal data processing: info@smartsplitai.net

2.A. Who Is Involved in Data Processing and Payments

2.A.1. Depending on the User's country, chosen payment method, currency, and interaction channel, the service and related operations may be administered by SmartSplitAI LLC and/or Individual Entrepreneur Sergei V. Stepanov.

2.A.2. Individual Entrepreneur Sergei V. Stepanov may act as a data processing operator/participant and/or payment recipient for Users from the Russian Federation and ruble scenarios.

2.A.3. Individual Entrepreneur Nataliia Kalabina may act as the recipient of an international or non-ruble payment, if so designated in the invoice, payment confirmation, payment form, or other financial document.

2.A.4. The designation of Individual Entrepreneur Nataliia Kalabina as a payment recipient does not by itself mean that this person has access to contracts, AI reports, or is the primary data controller.

2.A.5. Limited payment and contact information may be processed for the purposes of issuing payment documents and accounting support.

2.B. Categories of Data Subjects

2.B.1. The Service processes personal data of the following categories of data subjects:

• individual entrepreneurs using the Service;
• representatives of legal entities (employees, authorised persons);
• representatives of individual entrepreneurs;
• users acting on behalf of a legal entity or individual entrepreneur;
• counterparties and their representatives whose data is contained in uploaded contracts and documents;
• persons sending inquiries via the website, email, or other communication channels.

2.B.2. The Service does not process personal data of minors, nor special categories of personal data, biometric data, passport data, or residential addresses of individuals, except where such data is contained in documents uploaded by the user and relates to entrepreneurial, professional, or contractual activities.

3. What data is collected

3.1. During registration and use of the Service, data may be collected that falls into two categories:

3.A. Personal Data

• Registration data: full name, email, phone number (when filling in the profile);
• Professional data: position / role, organization name or IE status, tax ID / registration number (if applicable);
• Organization data: name, details (tax ID, registration numbers, legal address — when filling in the profile);
• Information from inquiries and documents: information contained in requests, contracts, documents, and business correspondence;
• Technical data: IP address, browser user-agent, session cookies;
• Plan and payment data: information about the tariff plan, package history (entered by the administrator manually).

3.B. Commercial and Contract Data

In addition to personal data, the User may upload commercial and contractual information to the Service that is not publicly available. Such information may include:

• Contract texts and annexes: contract files (DOCX, PDF, TXT) and annexes uploaded by the User for analysis;
• Revisions and tracked changes: edits made by the counterparty, tracked changes, editorial comments, and annotations in documents;
• Commercial terms: prices, amounts, payment timelines and procedures, currencies, rates, penalties, fines;
• Counterparty information: names, registration details, contact information, signatories;
• AI Analysis results: change reports, conclusions, risk assessments, recommendations, negotiation positions;
• Internal comments and positions: comments by approvers, managers, and other authorized persons.

3.2. The Service processes commercial and contract data as confidential and uses it exclusively for the purposes specified in Section 4.

3.3. The User undertakes not to upload to the Service documents and materials containing personal data of individuals if such data is not related to the User's entrepreneurial, professional, or contractual activities, or if the User lacks a lawful basis for its transfer and processing.

3.4. Responsibility for the lawfulness of transferring documents and information containing personal data of third parties to the Service lies with the User who uploaded such documents and information. The Service, as the data controller, is responsible for processing personal data in accordance with this Policy and applicable law after receiving such data.

4. Purposes of processing

4.1. Personal data is processed for the following purposes:

• Registration and account administration;
• Conclusion, performance, and support of contracts, provision of access to the Service;
• AI analysis of uploaded contracts and preparation of analysis results;
• Processing inquiries and requests, conducting business correspondence;
• Accounting, tax, and management accounting;
• Compliance with legal requirements;
• Ensuring Service security and preventing unauthorized access;
• Improving Service quality.

4.2. Commercial and contract data is processed exclusively for the following purposes:

• Uploading and extracting text from documents;
• Comparing contract versions and identifying changes;
• Performing AI analysis and generating reports, recommendations, and risk assessments;
• Storing review history and analysis results within the User's account;
• Providing technical support to the User;
• Ensuring Service security and error diagnostics.

4.3. The Service does not use the User's commercial and contract data for purposes unrelated to the provision of the service without the User's explicit consent, except as required by law.

5. Legal basis for processing

5.1. Personal data is processed on the following legal bases:

• Performance of a contract (Terms of Use) — for providing access to the Service, performing AI analysis, rendering services, and processing payments;
• Consent of the User — upon registration and acceptance of this Policy, and for purposes not strictly necessary for contract performance;
• Legitimate interest — for ensuring Service security, technical support, and fraud prevention;
• Compliance with legal obligations — for accounting and tax records, and fulfilling mandatory requirements.

6. Data retention period

6.1. Personal data is retained for the duration of the User's account activity and for the period necessary to provide the service.

6.2. The User may request deletion of their data by sending a request to info@smartsplitai.net. Data will be deleted within a reasonable period, except where retention is required by applicable law.

6.3. Documents and AI Analysis results are retained as long as the account is active or until the User deletes the corresponding reviews.

7. To whom data may be transferred

7.1. Data may be transferred to the following categories of recipients:

• Hosting providers and infrastructure services — for ensuring Service operation;
• Email provider — for sending review notifications and password reset emails;
• AI provider / LLM infrastructure — the text of uploaded documents is transmitted to the AI model for analysis;
• Legal and accounting consultants — when necessary for supporting the Service's activities.

7.2. The Service does not sell personal data to third parties.

8. International Data Transfer

8.1. When using certain technical services and infrastructure, personal data may be processed using infrastructure and technology providers located in different countries, where legal grounds exist and in compliance with applicable data protection legislation.

8.2. To perform document analysis, the Service may transmit the text or excerpts of documents to external AI/technical providers. Such transmission is carried out only to the extent necessary to provide the service. The Service selects providers taking into account the available confidentiality and data processing terms. The Service does not transfer data to AI providers for independent use beyond the provision of the service, unless required by the chosen technical integration and disclosed in the provider's terms. The User understands that processing by an AI provider is also governed by the terms of that provider.

9. User Rights

9.1. The User has the following rights regarding their personal data:

• Right of access — request information about what data is being processed;
• Right to rectification — request correction of inaccurate data;
• Right to erasure — request deletion of data ("right to be forgotten"), where applicable;
• Right to withdraw consent — withdraw consent to data processing;
• Right to restriction of processing — request restriction of processing in certain cases;
• Right to object — object to processing based on legitimate interest.

9.2. To exercise their rights, the User sends a request to info@smartsplitai.net. The Service undertakes to respond within 30 calendar days.

10. Data security

10.1. The Service applies reasonable organizational and technical measures to protect personal data from unauthorized access, alteration, disclosure, or destruction.

10.2. These measures include: password hashing (bcrypt), data transmission over HTTPS, access restriction within the team, session cookies with HttpOnly and SameSite flags.

11. Cookies

11.1. The Service uses only strictly necessary cookies for authentication and security. Detailed information is provided in the Cookie Policy.

12. Changes to this Policy

12.1. The Service reserves the right to amend this Policy. The new version takes effect upon publication.

12.2. In the event of material changes, Users will be notified via a notice in the Service interface or by email.