Privacy Policy

WisPlans operates three independent products under the WisPlans brand: Proposal AI (proposals.wisplans.com), Legal AI (legal.wisplans.com), and SOW AI (sow.wisplans.com). This policy describes the data we collect, how we use it, who we share it with, and your rights. It applies to all three products and to wisplans.com itself.

If you do not agree with this policy, please do not use the WisPlans services.

1. Data we collect

1.1 Information you provide

• Email address — when you sign up for our mailing list or request a sample.
• Document content — text you paste, upload, or enter into our forms. This includes contract text in Legal AI, project descriptions in Proposal AI, and scope information in SOW AI.
• Optional context — jurisdiction, role, contract type, or other context you choose to provide to improve AI output.
• Payment information — your name, billing email, and payment method. Payment processing is handled by Lemon Squeezy on our behalf; we do not store full card numbers.

1.2 Information collected automatically

• Request logs — IP address, browser user-agent, URL paths visited, timestamps, and HTTP response codes (collected by our hosting provider for security, debugging, and abuse prevention).
• Cookies — a small cookie stores your theme preference (light/dark). We do not currently use marketing or analytics cookies that require consent under the EU ePrivacy Directive.

2. How we use your data

• To deliver the service — process your input through our AI pipeline, generate the requested document or analysis, and return it to you.
• To process payment — pass your billing details to Lemon Squeezy to complete checkout.
• To send transactional email — deliver receipts, document copies, and account-related notifications.
• To send marketing email — only if you opted in via the email capture form. You can unsubscribe at any time via the link in any email.
• To debug and improve the service — aggregate error logs and performance metrics. We do not use your document content to train AI models (see Section 3).

3. AI processing and model training

Document content you submit (contracts, project descriptions, scope text) is sent to Anthropic's Claude API for AI analysis or generation. Per Anthropic's API terms, customer inputs and outputs sent via the API are not used to train Anthropic's models.

We do not retrain, fine-tune, or sell any AI models on your data. We do not retain document content beyond the short retention windows described in Section 6.

4. Sub-processors

We rely on the following sub-processors to deliver the service. Each is bound by contractual data-protection obligations.

• Anthropic, PBC (United States) — AI inference (Claude API). Receives document content and prompts. Does not train models on API data.
• Lemon Squeezy (United States) — payment processing, tax calculation, receipts. Receives name, email, billing address, and payment method.
• Upstash, Inc. (us-east-1) — short-term Redis storage for in-progress document drafts. Keyed by random UUID, expires within 24 hours.
• Vercel, Inc. (us-east-1) — hosting, edge network, runtime logs. Receives all HTTP requests and serverless function output.
• Mailchimp / Intuit — mailing list. Receives email addresses you submit via the email capture form, plus tag identifying the originating product.
• Resend — transactional email delivery. Receives recipient email, subject, and message body (including any attached document the user has paid for).
• GitHub, Inc. — source-code repository (does not handle user data in production).

5. International transfers

Our sub-processors are based primarily in the United States. If you are in the EEA, the United Kingdom, or another jurisdiction with cross-border transfer restrictions, data submitted to our service will be transferred to and processed in the United States. Each sub-processor publishes its own basis for international transfers (Standard Contractual Clauses, the EU–US Data Privacy Framework, or equivalent mechanism).

6. Data retention

• Document drafts in Upstash Redis — automatically expire within 24 hours of creation.
• Generated PDF copies — stored only long enough to deliver via email; not retained server-side after delivery.
• Mailing list subscriptions — retained until you unsubscribe, then deleted from our active list within 30 days.
• Payment records — retained by Lemon Squeezy per their policy and applicable tax law (typically 7 years).
• Request logs at hosting layer — typically 24 hours to 30 days depending on log type; see Vercel's policy.

7. Your rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate personal data.
• Delete your personal data (right to erasure).
• Restrict or object to processing.
• Data portability — receive a copy of your data in a machine-readable format.
• Withdraw consent for marketing email at any time via the unsubscribe link.
• Lodge a complaint with your local data protection authority.

To exercise these rights, email privacy@wisplans.com from the address associated with your account. We respond within 30 days.

8. Children

WisPlans is intended for users 18 years of age or older. We do not knowingly collect data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Security

We protect your data with industry-standard measures including TLS encryption in transit, encrypted-at-rest storage at our sub-processors, signed webhooks, and least-privilege access controls. No system is perfectly secure; we cannot guarantee absolute security but we work to minimize risk.

10. Changes to this policy

We may update this policy from time to time. Material changes will be noted via the “Last updated” date above and, where required by law, notified by email.

11. Contact

Privacy and data-protection inquiries: privacy@wisplans.com

Postal address: [Postal address: TBD]