Skip to main content
Pre Contract Review
Upload

Privacy Policy

Last updated: 4 May 2026

1. Overview

Pre Contract Review (“we”, “us”, “our”) is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights under the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).

2. What We Collect

2.1 Document Content (Temporary)

When you upload a PDF, the text is extracted in your browser and sent to our server for analysis. We do not store your PDF files or the extracted text after the analysis is complete. The text is processed in memory and discarded once the analysis response is returned.

2.2 Payment Information

Payments are processed by Stripe. We do not collect, store, or have access to your credit card numbers, bank account details, or other payment credentials. Stripe handles all payment data in accordance with PCI DSS standards.

We receive from Stripe: the payment amount, currency, payment status, and the filename you provided (for your reference on the receipt).

2.3 Shared Reports

If you use the “Share” feature, your analysis results are stored on our servers for 30 days and accessible via a unique link. After 30 days, shared reports are automatically deleted. You can also delete a shared report by contacting us.

2.4 Feedback

If you submit feedback via the star rating widget, we store your rating, optional comment, and the property address from the analysis. We do not collect your name or email address through the feedback widget.

2.5 Email Address (Lead-Magnet Checklist Signup)

If you submit your email address to receive the free Section 32 Buyer's Checklist (offered on certain blog posts), we collect and store:

  • Your email address
  • The slug of the blog post you signed up from (for analytics)
  • The timestamp of first signup and most recent visit

We use this information to send you the requested checklist (one email containing the link), and we may occasionally email you about related Section 32 / Contract of Sale topics. Every email we send includes a one-click unsubscribe link as required by the Spam Act 2003 (Cth). You can also unsubscribe at any time by emailing help@precontractreview.com — we will action requests within 5 business days. Once unsubscribed, your email address is deleted from our active subscriber list within 30 days.

2.6 Analytics and Usage Data

We collect anonymous usage metrics to improve the Service, including: number of analyses performed, success/failure rates, and response times. These metrics do not contain personally identifiable information or document content.

2.7 Authentication (Admin Only)

Our admin dashboard uses Clerk for authentication. This only applies to our internal team — public users of the Service do not need to create an account or provide any personal information beyond what is listed above.

3. What We Do NOT Collect

  • We do not store your uploaded PDF files
  • We do not store the extracted text from your documents
  • We do not collect your name, phone number, or address. We only collect your email address if you actively choose to opt in by submitting it via the lead-magnet checklist form on a blog post (see section 2.5), or by emailing us directly.
  • We do not use cookies for advertising or tracking
  • We do not sell, rent, or share your data with third parties for marketing
  • We do not require account creation to use the Service

4. How We Use Your Data

The limited data we collect is used solely to:

  • Process your payment and deliver the analysis
  • Generate and deliver shared report links (when you choose to share)
  • Improve the accuracy and reliability of the Service
  • Monitor for errors and service disruptions
  • Respond to support requests

5. Third-Party Services

We use the following third-party services:

ServicePurposeData Shared
StripePayment processingPayment details (handled by Stripe, not us)
Third-party AI provider (US)Document analysisExtracted document text (not stored by them)
VercelHostingStandard web server logs (IP, user agent)
UpstashShared reports storageAnalysis results (when you share a report)
ClerkAdmin authenticationAdmin team accounts only (not public users)
ResendEmail delivery (paid-analysis report links + lead-magnet checklist)Recipient email + email body content
Google Analytics 4Aggregate site analytics (page views, conversion funnel)Page paths, click events, anonymised IP, browser type
Microsoft ClarityHeatmaps + anonymised session recordings (UX diagnosis)Mouse movement, clicks, scrolling, page navigation — not the contents of forms or uploaded documents

A note on session recordings. Microsoft Clarity records anonymous interaction patterns (where the cursor moves, what gets clicked, how the page is scrolled) so we can see where the site frustrates buyers and fix it. It does not record what you type into forms, the contents of any uploaded contract, or your payment details — those fields are masked or never reach Clarity at all (Stripe runs payment in an isolated frame outside the recording boundary). Recordings expire from Clarity after 30 days. You can opt out of Clarity entirely by enabling Do Not Track in your browser, which Clarity respects.

6. Data Retention

  • Document text: Not retained. Processed in memory and discarded immediately after analysis.
  • Shared reports: 30 days from creation, then automatically deleted.
  • Error logs: 7 days, then automatically deleted.
  • Usage metrics: 90 days, aggregated and anonymous.
  • Payment records: Retained by Stripe per their policies. We retain payment session metadata (amount, date, status) indefinitely for accounting purposes.
  • Feedback: Retained indefinitely unless you request deletion.
  • Lead-magnet email subscribers (section 2.5): Retained until you unsubscribe. Within 30 days of your unsubscribe request, your email address and associated metadata (signup source, timestamps) are deleted from our active subscriber list.

7. Your Rights

Under the Australian Privacy Act 1988, you have the right to:

  • Request access to any personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your data (including shared reports and feedback)
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs

To exercise these rights, contact us at help@precontractreview.com.

8. Security

We take reasonable steps to protect your data, including:

  • All data transmitted via HTTPS encryption
  • API keys and secrets stored server-side only, never in client code
  • Payment processing fully handled by Stripe (PCI DSS compliant)
  • No PDF files stored on our servers
  • Admin access protected by authentication

9. Cross-Border Disclosure (APP 8)

When you use our service, the extracted text from your document is sent to third-party servers located in the United States for analysis. These servers are operated by an AI service provider and its underlying model providers, all based in the US. US data protection laws differ from Australian privacy laws and may not provide the same level of protection. By using this service, you consent to this cross-border transfer. If you do not consent, please do not upload your documents.

10. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of the Service after changes constitutes acceptance.

11. Contact

For privacy-related questions or requests, contact us at help@precontractreview.com.

See also: Terms of Service