Privacy Policy

Effective Date: February 10, 2026 | Last Updated: February 20, 2026

Accordable, LLC ("we," "us," or "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access or use our contract execution management platform (the "Service") or visit our website.

Our Privacy Commitment

Accordable is built on a simple principle: your data belongs to you. Our business model is based on subscription fees for software — not on monetizing your data in any form. Specifically:

  • We never sell your data. Not to advertisers, data brokers, or anyone else.
  • We never share your data except with the service providers required to operate the platform (listed below).
  • We never train AI models on your contracts. Your documents are processed ephemerally — analyzed and returned, never stored by AI providers.
  • We never see your contracts. Accordable staff cannot access your contract content, AI-generated analysis, or obligation data. Period.
  • We never use anonymized or aggregated contract data for any purpose outside the platform.

GEOGRAPHIC LIMITATION: The Service is hosted in the United States and is intended strictly for individuals and entities located within the United States and its territories. We do not market to or knowingly collect data from individuals in the European Union (EU), United Kingdom (UK), or other jurisdictions outside the US.

NOT LEGAL ADVICE: Accordable, LLC is not a law firm and does not provide legal advice. The Service is designed to assist with contract organization, deadline tracking, and document analysis. It is not a substitute for the advice of a licensed attorney. Users should consult with qualified legal counsel for any legal questions or decisions regarding their contracts, obligations, or rights.

1. Our Role: Service Provider / Data Processor

When your organization uses Accordable, your organization controls the contract data — you decide what to upload, who can access it, and when to delete it. Under applicable privacy laws, your organization is the "controller" (or "business") of that data.

Accordable acts as a "service provider" (under California law) or "processor" (under other state laws). We process your contract data only to provide the Service you've requested and for no other purpose. We do not determine the purposes or means of processing your contract data — your organization does.

This distinction matters: most privacy law obligations regarding the content of your contracts fall on your organization, not on Accordable. We are responsible for safeguarding the data while it's in our care and processing it only as directed.

2. Information We Collect

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device ("Personal Information").

A. Information You Provide to Us

  • Account Registration: Name, business email address, phone number (used for SMS two-factor authentication if enabled), job title, and password.
  • Billing Information: Credit card details and billing address (processed by our third-party payment processor; we do not store full credit card numbers).
  • User Content: Business contracts, PDF documents, images, and attachments you upload to the Service ("User Data"). While we process this data to provide the Service, we treat it as confidential business records owned entirely by your organization.
  • Contract Attachments: Supporting documents you upload to contracts (certificates of insurance, amendments, invoices, correspondence, etc.) are encrypted at rest using the same security measures as primary contract files.
  • Collaborative Notes: Comments and notes you add to contracts are stored and may be visible to other users in your organization based on role permissions. Internal-only notes are hidden from Professional Guest users.
  • Obligation Data: Document delivery obligations extracted by AI from your contracts, including obligation descriptions, deadlines, fulfillment status, and documents sent or received through our obligation tracking workflows.
  • Conflict of Interest Records: When your Admin configures Conflict of Interest Protection for Professional Guests, we store guest type classifications, counterparty keyword matches, and contract restriction selections. Views of restricted contracts by guests are logged in the audit trail.
  • Email Communications: When you send emails through Accordable's Direct Email feature, we store the recipient address, subject, message content, and track email opens using a tracking pixel for read receipt functionality.
  • Professional Guest Access: When your organization invites external advisors using Professional Guest Access, we collect their email address, access duration preferences, and track their document viewing activity for audit purposes.
  • Support Data: Information you include in communications with our customer support team.

B. Information Collected Automatically

  • Usage Data: We collect logs of how you interact with the Service, including access times, pages viewed, documents opened, and features used (e.g., "Audit Trails").
  • Login Activity: We record login events including timestamps, IP addresses, device type (desktop/mobile), browser name and version, and operating system. This information is used to provide you with login history visibility in your Security Settings and to detect suspicious account access. IP addresses are displayed in privacy-masked format (e.g., "192.168.*.*") in the user interface while full addresses are retained for security auditing purposes. Session status (Current, Active, or Expired) is calculated based on the 30-minute inactivity timeout.
  • SMS Two-Factor Authentication: If you enable SMS 2FA, we temporarily store a verification code and timestamp when codes are sent. Codes expire after 10 minutes and are cleared upon successful verification. SMS messages are delivered via our third-party provider (Twilio).
  • Email Tracking: When you send emails through our Direct Email feature, we embed a 1x1 pixel image to detect when recipients open your emails. This tracking data is used solely to provide read receipt functionality and is logged in your contract's audit trail.
  • Search Queries: When you use AI Semantic Search, your natural language search queries are transmitted to our AI provider for processing. Search queries are not stored permanently but are logged in session data for the duration of your active session.
  • Device Data: IP address, browser type, operating system, and unique device identifiers.
  • Cookies: We use cookies to maintain your login session and preferences.

3. How We Use Your Information

We use your Personal Information for the following business purposes:

  • Service Delivery: To create your account, process your uploads, and provide the contract execution management features.
  • AI Processing: To transmit your User Data to our AI providers (Google Cloud/Gemini) solely for the purpose of extracting key dates, financial terms, and metadata as requested by you.
  • Notifications: To send you transaction-related emails (e.g., account verification, password resets) and the core "Key Date" reminders which are central to the Service.
  • Security & Auditing: To verify accounts, monitor for suspicious activity, and maintain the "Audit Log" of who accessed specific documents.
  • Compliance: To comply with applicable laws, legal processes, and government requests.

Internal Analytics — The Only Way We Use Aggregate Data

We analyze aggregate, non-identifying usage patterns — such as which features are used most, where users encounter friction, and how workflow tools are adopted — solely for the purpose of improving the Accordable platform. This analysis never involves viewing, reading, or accessing the content of your contracts, obligations, or any AI-generated analysis. We look at how people use the tool, not what they put in it.

We do not sell, license, or distribute this aggregate data to any third party. It is used exclusively by Accordable for product development and improvement.

Zero AI Training Guarantee

We do NOT use your User Data (uploaded contracts) to train our internal artificial intelligence models or public AI models. Your contracts are processed exclusively to provide the Service features you requested. We utilize enterprise-grade API settings with Google Cloud that explicitly disable model training on customer data.

4. What We Do NOT Do With Your Data

To be explicit about our commitments:

  • We do not sell your Personal Information or User Data to any third party.
  • We do not share your Personal Information for cross-context behavioral advertising or targeted advertising.
  • We do not use your contract content, obligation data, or AI-generated analysis for any purpose other than delivering the Service to you.
  • We do not create anonymized or de-identified datasets from your contract content for sale, research, or distribution.
  • We do not profile you for purposes unrelated to the Service.
  • We do not use your data to train machine learning or AI models — ours or anyone else's.

5. Sharing of Information

We disclose your information only to the following categories of third parties, and only as necessary to operate the Service:

  • Service Providers (Sub-Processors): Contractors and vendors who provide services on our behalf, bound by contractual obligations to use your data only as directed. Our current sub-processors are:
    • Google Cloud Platform (US): Cloud hosting, file storage, and database services.
    • Google Gemini / Vertex AI (US): AI-powered document analysis and extraction. Data is processed ephemerally and not retained by the provider.
    • SendGrid / Twilio (US): Email delivery for notifications and alerts, and SMS delivery for two-factor authentication.
    • Stripe, Inc. (US): Payment processing and subscription management.
  • Business Transfers: If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.
  • Legal Requirements: We may disclose information if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation or protect the safety of our users.

6. Artificial Intelligence & Automated Processing

The Service utilizes Google Gemini (Google Cloud Vertex AI) to analyze your documents.

  • Data Transmission: When you upload a document, the text and image data are transmitted securely to Google's US-based servers for processing.
  • Data Retention by AI: We utilize enterprise-grade API settings intended to ensure your data is ephemeral (temporary) and is not stored by the AI provider for model training purposes.
  • No Automated Decision-Making: Accordable's AI extracts information and surfaces recommendations, but all decisions regarding your contracts — including obligation assignments, status changes, and compliance determinations — are made by your team. The AI assists; humans decide.

7. Your Privacy Rights Under State Law

Multiple US states have enacted comprehensive privacy laws granting consumers specific rights over their personal information. Because Accordable is built on a privacy-first model, we extend these rights to all of our users regardless of which state you reside in.

Your Rights

  • Right to Know / Access: You may request details about the categories and specific pieces of Personal Information we have collected about you, the sources of that information, and how we use it.
  • Right to Delete: You may request that we delete your Personal Information, subject to certain legal exceptions (e.g., retaining records required by law or completing a transaction you initiated).
  • Right to Correct: You may request that we correct inaccurate Personal Information we maintain about you.
  • Right to Data Portability: You may request a copy of your Personal Information in a commonly used, machine-readable format. Accordable also provides a built-in Secure Data Export feature.
  • Right to Opt Out of Sale or Sharing: You have the right to opt out of the "sale" or "sharing" of your Personal Information. Accordable does not sell or share your Personal Information, so there is nothing to opt out of — but we honor this right as a matter of principle.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

Applicable State Laws

The following state privacy laws may apply to you depending on your location. Because we extend the same rights to all US users, the practical impact is the same regardless of your state:

  • California — California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA)
  • Virginia — Virginia Consumer Data Protection Act (VCDPA)
  • Colorado — Colorado Privacy Act (CPA)
  • Connecticut — Connecticut Data Privacy Act (CTDPA)
  • Utah — Utah Consumer Privacy Act (UCPA)
  • Texas — Texas Data Privacy and Security Act (TDPSA)
  • Oregon — Oregon Consumer Privacy Act (OCPA)
  • Montana — Montana Consumer Data Privacy Act (MCDPA)
  • Delaware, Iowa, New Hampshire, New Jersey, Nebraska — Effective 2025
  • Indiana, Kentucky, Rhode Island — Effective January 1, 2026
  • Tennessee, Minnesota, Maryland — Effective mid-to-late 2025

Additional states continue to enact privacy legislation. We monitor these developments and update our practices accordingly.

California-Specific Disclosures (CCPA/CPRA)

If you are a California resident, the following additional disclosures apply:

  • Categories of Personal Information Collected: Identifiers (name, email, IP address); commercial information (billing records, subscription history); internet/electronic activity (usage logs, feature interactions); professional information (job title, organization name).
  • Sale of Personal Information: We have not sold Personal Information in the preceding 12 months. We do not sell Personal Information.
  • Sharing of Personal Information: We have not shared Personal Information for cross-context behavioral advertising in the preceding 12 months. We do not engage in this practice.
  • Sensitive Personal Information: We do not collect or process sensitive personal information as defined by the CCPA/CPRA (e.g., Social Security numbers, financial account credentials, precise geolocation, racial/ethnic origin, or biometric data).
  • Automated Decision-Making: We do not use automated decision-making technology to make decisions that produce legal or similarly significant effects on consumers. Our AI features assist your team with information extraction — they do not make decisions on your behalf.
  • Global Privacy Control: We honor Global Privacy Control (GPC) signals. When we detect a GPC signal from your browser, we treat it as a valid opt-out request. Since we do not sell or share data, no action is required on our part, but we recognize and respect the signal.

How to Exercise Your Rights

To submit a privacy rights request, please email us at privacy@accordable.ai. We will verify your identity by asking you to confirm information associated with your account. We respond to verified requests within 45 days.

You may also designate an authorized agent to submit a request on your behalf. The agent must provide proof of authorization.

If you are not satisfied with our response, you may contact your state's Attorney General.

8. Data Retention

  • Account Data: We retain your account information for as long as your account is active and for a reasonable period thereafter to comply with legal/tax obligations.
  • User Content (Contracts): We retain your uploaded documents only as long as you remain a subscriber. Upon termination of your account, we reserve the right to delete your User Content after 30 days.
  • Data Export: Before account termination, you may use our Secure Data Export feature to download a complete copy of your data.

9. Security

We implement multiple layers of technical and organizational measures to protect your Personal Information:

  • File Encryption at Rest: All uploaded contract PDFs are encrypted using Fernet symmetric encryption before storage. Files are stored with encrypted extensions and can only be decrypted by our application servers.
  • Encryption in Transit: All data transmitted between your browser and our servers is protected by HTTPS/TLS encryption.
  • Rate Limiting: Login endpoints are protected against brute-force attacks (5 attempts per minute). API endpoints have fair use limits (200/day, 50/hour).
  • Password Security: Passwords must meet minimum requirements (8 characters, uppercase, lowercase, number). Passwords are stored using industry-standard hashing.
  • Session Security: HTTPOnly cookies with Secure flag, SameSite=Lax protection, 30-minute inactivity timeout with warning modal, and server-side session validation.
  • Security Headers: X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy, Content-Security-Policy, and HSTS (on HTTPS).
  • Multi-Tenancy Isolation: All data queries are scoped to your organization. Users in one organization cannot access data belonging to another organization.

However, no electronic transmission or storage is 100% secure. You share information at your own risk.

10. Confidentiality of Contract Data

User Responsibility

Contracts uploaded to Accordable contain sensitive business information. All users are expected to treat contract content as strictly confidential. Contract content must not be shared with, disclosed to, or accessed by any person not authorized to receive it. Your organization's Admin controls user access and department permissions to ensure appropriate data governance.

Professional Guest Access: When your Admin invites external advisors (lawyers, accountants, consultants) using Professional Guest Access, those guests receive time-limited, read-only access to contracts in specified departments. Admins can flag contracts as "Internal Only" to prevent guest access. All guest document views are logged in the audit trail.

Accordable Staff Access Policy

Accordable staff is unable to view any of your contracts or contract-related information generated by our systems (including AI-extracted dates, summaries, payment terms, or any other analyzed data) without your express consent.

In the rare event that support access is required for troubleshooting purposes, such access may only occur via screen share conducted in the direct presence of your organization's Admin or Contract Owner. We will never access your contract data independently or through back-end systems without your explicit, real-time authorization.

11. Children's Privacy

Our Service is a B2B application intended for adults. We do not knowingly collect information from children under the age of 13 (or 16, where applicable under state law).

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a prominent notice on the Service prior to the changes taking effect.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us at:

Accordable, LLC
4270 McNeil Road
Cameron Park, CA 95682
privacy@accordable.ai