A privacy-first approach to AI: Ephemeral processing, strict boundaries, and full compliance—built into every feature.
How Contractbook Handles AI Data Processing and Storage
At Contractbook, we apply a privacy-first approach to all AI-powered functionality. Here's how we ensure your data remains secure, isolated, and compliant whenever AI is involved.
AI Infrastructure
Our AI models are hosted in Microsoft Azure and/or Google Cloud Platform (GCP)—both listed as official subprocessors. While Contractbook’s core infrastructure (including our databases) is hosted in GCP, AI processing itself does not result in any customer data being stored in Azure or retained within any AI model.No AI Training or Retention
Data sent to AI models is processed ephemerally, it is neither stored nor used to train the models. This behaviour is contractually enforced through our agreements with cloud providers.Strict Data Access Boundaries
AI features are designed to only access data relevant to the task at hand, strictly limited to the current document or workspace. This ensures complete isolation between different users, contexts, and organisations, eliminating the risk of data leakage.Subprocessor Compliance
All subprocessors involved in AI processing are GDPR-compliant and adhere to international data protection frameworks such as the EU-U.S. Data Privacy Framework (DPF) or equivalent mechanisms, ensuring lawful and secure data handling across borders.You can view our current list of subprocessors here.