Pactable (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you use the Pactable mobile application, website, and related services (collectively, the “Platform”). By using the Platform, you consent to the practices described in this policy.
1. Information We Collect
1.1 Information You Provide
| Data Type | When Collected | Purpose |
|---|---|---|
| Phone number | Account creation (inline during first agreement) | Account identity, SMS/RCS verification, passwordless sign-in |
| Name | Agreement creation (from device contacts or manual entry) | Identifying parties in agreements |
| Email address | Optional, post-acceptance (counterparty email capture) | Delivering executed agreement PDFs |
| Agreement content | During voice or text conversation with AI | Structuring, storing, and delivering agreements |
| Voice input | When using voice conversation feature | Converting speech to text for agreement creation (processed on-device via iOS Speech Recognition; audio is not stored on our servers) |
| Counterparty contact information | During agreement creation (from device contacts or manual entry) | Delivering agreement notifications via SMS/RCS |
1.2 Information Collected Automatically
| Data Type | Purpose |
|---|---|
| Device information (device model, OS version, unique device identifiers) | Security, fraud prevention, audit trail for agreements |
| IP address | Security, approximate geolocation for audit trail |
| Biometric verification status (pass/fail — we do not store biometric data) | Identity verification for agreement execution |
| Timestamps (agreement creation, verification, sending, acceptance) | Audit trail, Certificate of Completion |
| Message delivery status (sent, delivered, read for RCS) | Ensuring agreement notifications are received |
| Usage data (screens viewed, features used, interaction patterns) | Improving the Platform |
1.3 Information We Do Not Collect
- Biometric data: Face ID verification is performed on your device by Apple’s secure enclave (native app) or via WebAuthn (Safari). We receive only a pass/fail result. We never receive, process, or store your facial geometry, fingerprint, or other biometric data.
- Audio recordings: Voice input is processed on-device via iOS Speech Recognition. Raw audio is not transmitted to or stored on our servers.
- Full contact list: We access your device contacts only when you search for a counterparty during agreement creation. We do not bulk-upload or store your entire contact list.
2. How We Use Your Information
We use your information for the following purposes:
- Providing the Platform: Creating, storing, delivering, and managing agreements between parties
- Identity verification: Confirming your identity via phone number verification and biometric authentication
- Communications: Sending transactional SMS and RCS messages related to your agreements (delivery notifications, verification codes, acceptance/decline notifications, payment reminders)
- Legal compliance: Maintaining audit trails and Certificates of Completion as required for E-SIGN Act compliance
- Security: Detecting and preventing fraud, unauthorized access, and other security threats
- Improvement: Analyzing usage patterns to improve the Platform’s features and user experience
We do not use your information for advertising or sell your personal information to third parties.
AI Processing: Your conversation content is processed by our AI service provider (Anthropic) to structure agreement terms. Conversation data sent to the AI is used solely for generating your agreement and is not used to train AI models. See Section 4 for more details on third-party services.
3. Communications and Messaging
Pactable sends transactional messages related to your agreements via SMS and RCS (Rich Communication Services). These messages include agreement delivery notifications to counterparties, one-time verification codes for account creation and sign-in, agreement acceptance and decline notifications, and payment reminders for loan agreements.
All messages are triggered by explicit user actions within the Platform. We do not send marketing or promotional messages without your separate, explicit consent.
You may opt out of non-essential messages at any time by replying STOP to any message from Pactable. Opting out does not affect the validity of existing agreements. Standard message and data rates from your carrier may apply.
Message frequency varies based on your use of the Platform. For support, contact support@pactable.io or reply HELP to any message.
4. Third-Party Service Providers
We use the following third-party services to operate the Platform:
| Provider | Service | Data Shared |
|---|---|---|
| Twilio | SMS/RCS messaging, phone number verification | Phone numbers, message content, delivery status |
| Anthropic (Claude API) | AI conversation processing, agreement structuring | Conversation text (not used for AI training) |
| Supabase | Database, authentication, storage | Account data, agreement records |
| Vercel | Web hosting (counterparty experience, legal pages) | Standard web server logs |
| Apple | Face ID (on-device), Push Notifications | Notification tokens (biometric data stays on device) |
Each provider is bound by their own privacy policies and data processing agreements. We select providers that maintain industry-standard security practices and do not use your data for their own commercial purposes beyond providing the contracted services.
5. Data Storage and Security
Agreement data is encrypted at rest and in transit using industry-standard encryption (AES-256 at rest, TLS 1.3 in transit). Access to agreement records is restricted to authenticated parties to the agreement. We maintain security practices consistent with industry standards for applications handling personal and legal data.
While we implement reasonable safeguards, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.
6. Data Retention
- Active agreements: Agreement data is retained for as long as the agreement is active and for a reasonable period thereafter to allow parties to access their records.
- Executed agreements: Retained indefinitely to ensure both parties can access their legally binding agreements and associated proof files.
- Account data: Retained for as long as your account is active. If you request account deletion, we will delete your personal data within 30 days, except for agreement records where you are a party (which must be retained for the other party’s legal interests).
- Conversation transcripts: Retained as part of the agreement audit trail for E-SIGN Act compliance.
- Server logs: Retained for up to 90 days for security and debugging purposes.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate personal information
- Deletion: Request deletion of your personal information, subject to legal retention requirements
- Portability: Request a machine-readable copy of your data
- Opt-out of messaging: Reply STOP to any SMS/RCS message at any time
To exercise any of these rights, contact us at privacy@pactable.io. We will respond within 30 days.
8. California Privacy Rights (CCPA)
If you are a California resident, you have the right to know what personal information we collect and how we use it, request deletion of your personal information, opt out of the sale of personal information (we do not sell personal information), and not be discriminated against for exercising your privacy rights.
To submit a verifiable consumer request, contact us at privacy@pactable.io.
9. Children’s Privacy
Pactable is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on the Platform and updating the “Effective Date” above. Your continued use of the Platform after any changes constitutes your acceptance of the updated policy.
11. Contact Information
If you have questions about this Privacy Policy or our data practices, please contact us at:
Pactable
Email: privacy@pactable.io
Website: pactable.io