Privacy
Privacy Policy
How we collect, use, and protect personal data when you use Adira, written for a global audience across the major privacy frameworks.
- Effective date
- 14 June 2026
- Last updated
- 25 June 2026
§ 1
Introduction and scope
Adira, a product of Clausio (the company that builds Adira and reserves all rights in it, registered at [confirm registered address], referred to as Adira, we, us, or our) provides a contract lifecycle management service that drafts, reviews, redlines, signs, and tracks contracts (the Service). This Privacy Policy explains how we handle personal data when you visit our website, create an account, or use the Service.
This policy is written for a global audience. Where a specific legal framework applies to you, the relevant rights and protections set out below apply in addition to the general principles. It covers the EU and EEA General Data Protection Regulation (GDPR), the UK GDPR and Data Protection Act 2018, the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and the Australian Privacy Act and Australian Privacy Principles (APPs).
This policy does not cover third-party websites or services that we do not control, even where they link to or from the Service.
§ 2
Controller and contact details
For personal data we process about visitors, account holders, and users of the Service, the data controller is [confirm controller legal entity] of [confirm controller address].
Where we process contract content and other customer data on behalf of a customer, we generally act as a processor (or service provider) and the customer is the controller. Section 6 describes that processing.
Data protection officer
You can contact our Data Protection Officer at [confirm DPO email / address].
EU and UK representatives
Where required under Article 27 of the GDPR or the UK GDPR, our appointed representatives are:
- EU representative: [confirm EU representative name and address]
- UK representative: [confirm UK representative name and address]
§ 3
Information we collect
We collect the following categories of personal data.
Account information
Name, work email address, organization, role, password credentials, and similar details you provide when registering or managing an account.
Usage information
Records of how you interact with the Service, including features used, actions taken, timestamps, and diagnostic or log data.
Contract content and customer data
Documents, clauses, instructions, comments, signatory details, and other content that you or your organization submit to the Service. This content may itself contain personal data about you or third parties. See Section 6 for how it is processed.
Cookies and device information
IP address, browser and device characteristics, and information collected through cookies and similar technologies. See Section 5.
Communications
Records of your correspondence with us, including support requests and messages sent through forms, email, or other channels.
§ 4
How we use personal data and our legal bases
We use personal data to operate, secure, and improve the Service, to communicate with you, and to comply with our legal obligations. Where the GDPR or UK GDPR applies, we rely on the following legal bases under Article 6.
Performance of a contract (Art. 6(1)(b))
To create and administer your account, deliver the Service, and provide support.
Legitimate interests (Art. 6(1)(f))
To secure and improve the Service, prevent fraud and abuse, understand usage, and conduct ordinary business administration, balanced against your rights and interests.
Consent (Art. 6(1)(a))
For non-essential cookies, certain communications, and any optional use of customer data as described in Section 6. You may withdraw consent at any time.
Legal obligation (Art. 6(1)(c))
To meet accounting, tax, regulatory, and other legal requirements.
Where another framework applies, we process personal data on equivalent bases recognized under that framework, such as for the purposes disclosed at collection.
§ 5
Cookies and tracking
We use cookies and similar technologies to operate the website, keep you signed in, remember preferences, and understand how the Service is used. Strictly necessary cookies are required for the site to function.
Non-essential cookies, including analytics and any preference cookies, are set only where permitted, and where consent is required we ask for it before they are placed. You can manage your choices through our cookie controls and your browser settings. For details of the specific cookies we use, see our cookie notice at [confirm cookie notice link].
§ 6
AI processing of your documents
The Service uses artificial intelligence to draft, review, redline, and analyze contracts. When you submit a document, its content is processed to generate the output you request, such as a draft clause, a redline, or a risk note.
We do not use customer documents or customer data to train our or any third party's general AI models, unless you have explicitly opted in. [confirm confirm training and opt-in posture] Where you do opt in, you may withdraw that choice at any time, and withdrawal applies to future processing.
Where AI processing is carried out by sub-processors, that processing is governed by contractual terms consistent with this policy and Section 7.
§ 7
Sharing and disclosure
We share personal data only as described below.
Sub-processors and service providers
We engage vendors to help us provide the Service, such as cloud hosting, AI model providers, analytics, payment processing, and support tooling. They process personal data on our instructions under appropriate contractual safeguards. Our current sub-processors are:
- Cloud hosting and infrastructure: [confirm sub-processor list]
- AI model and processing providers: [confirm sub-processor list]
- Analytics, communications, and support: [confirm sub-processor list]
Legal and protective disclosures
We may disclose personal data where required by law, to respond to lawful requests, or to protect our rights, users, or the public.
Business transfers
If we are involved in a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction, subject to this policy.
We do not sell personal data. See Section 11 for related rights.
§ 8
International data transfers
We operate globally, so personal data may be transferred to and processed in countries other than your own, including [confirm processing locations]. Some of these countries may not provide the same level of data protection as your home jurisdiction.
Where we transfer personal data internationally, we rely on appropriate safeguards, which may include:
- Transfers to countries recognized as providing adequate protection (adequacy decisions);
- The European Commission's Standard Contractual Clauses (SCCs);
- The UK International Data Transfer Agreement or UK Addendum (IDTA);
- Other lawful transfer mechanisms recognized under applicable law.
You can request more information about these safeguards using the contact details in Section 16. [confirm transfer mechanism details]
§ 9
Data retention
We keep personal data only for as long as necessary for the purposes described in this policy, including providing the Service, meeting legal and accounting obligations, resolving disputes, and enforcing our agreements.
Retention periods vary by data type and context. Customer data is generally retained for the term of the customer's agreement and the period afterward set out in that agreement, after which it is deleted or anonymized. [confirm retention periods]
§ 10
Security measures
We maintain technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, or alteration. These measures may include encryption in transit and at rest, access controls, logging, and regular review of our practices.
No method of transmission or storage is completely secure, so we cannot guarantee absolute security. Any certifications or independent assessments we hold are listed here: [confirm certifications, only if held].
§ 11
Your rights
Depending on where you live and which framework applies, you may have some or all of the following rights. We honor valid requests as required by applicable law.
EU and UK (GDPR and UK GDPR)
- Access a copy of your personal data;
- Rectification of inaccurate or incomplete data;
- Erasure of your data in certain circumstances;
- Restriction of processing in certain circumstances;
- Portability of data you provided to us;
- Object to processing based on legitimate interests or direct marketing;
- Withdraw consent where processing relies on consent.
California (CCPA/CPRA)
- Know what personal information we collect, use, and disclose;
- Delete personal information we hold about you;
- Correct inaccurate personal information;
- Opt out of the sale or sharing of personal information;
- Limit the use of sensitive personal information;
- Non-discrimination for exercising your rights.
Canada (PIPEDA) and Australia (APPs)
You may request access to and correction of your personal information, ask about our handling practices, and complain about how we manage your data. We respond consistent with PIPEDA and the Australian Privacy Principles.
How to exercise your rights
To make a request, contact us using the details in Section 16. We may need to verify your identity, and you may use an authorized agent where the law allows. We will not discriminate against you for exercising your rights.
§ 12
Children's privacy
The Service is intended for business use and is not directed to children. We do not knowingly collect personal data from anyone under [confirm minimum age, e.g. 16 or 18]. If you believe a child has provided us with personal data, contact us and we will take appropriate steps to delete it.
§ 13
Automated decision-making
The Service uses AI to assist with drafting and analysis, but it is designed to support human decisions rather than replace them. We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing within the meaning of Article 22 of the GDPR.
If this position changes, we will provide the information and safeguards required by applicable law, including, where relevant, the right to obtain human intervention and to contest the decision.
§ 14
Changes to this policy
We may update this policy from time to time. When we make material changes, we will update the "Last updated" date above and, where required, provide additional notice. Your continued use of the Service after an update takes effect indicates that you have reviewed the current version.
§ 15
Complaints and supervisory authorities
If you have a concern about how we handle your personal data, please contact us first using the details in Section 16, and we will try to resolve it.
You also have the right to lodge a complaint with a supervisory or data protection authority. Depending on where you are, this may include your local EU data protection authority, the UK Information Commissioner's Office, the Office of the Privacy Commissioner of Canada, or the Office of the Australian Information Commissioner. Our lead supervisory authority is [confirm lead supervisory authority].
§ 16
Contact us
For any question about this policy or your personal data, contact us:
- By email: hello@adiralaw.com
- By post: [confirm postal address]
Also in this edition
Read the Terms and Conditions