Privacy policy
Last updated: 2026-05-12
This policy explains how lawcheck.io processes your personal data when you use this service. It is provided in accordance with the EU General Data Protection Regulation (GDPR / DSGVO) and the German Telecommunications-Digital-Services Data Protection Act (TDDDG).
1. Controller
The controller responsible for data processing on this site is named in the Impressum.
2. What data we process
- Contract content — the text or file you upload for analysis. Stored in our database in pseudonymised form, associated with your account if you are logged in.
- Account data — email address, login timestamps, password hash (if set). Magic-link tokens are stored hashed and expire.
- Technical data — IP address (processed for rate-limiting and abuse prevention; held in your signed session and in rotated server access logs, not in a long-term store), user-agent, request timestamps. Server logs are rotated.
- Analysis results — claim verdicts, extracted text, and per-stage processing events.
3. Legal basis
- Art. 6 (1) (b) GDPR — performance of a contract (you submit contract text so we can analyse it).
- Art. 6 (1) (f) GDPR — legitimate interest in operating and securing the service (rate-limiting, abuse prevention, error logs).
- Art. 6 (1) (a) GDPR — consent, for the optional Google Ads measurement cookies described in section 7. You can withdraw this consent at any time via the "Cookie settings" link in the footer.
4. Recipients of your data
To classify the clauses of your contract and map them to a standardised structure we transmit the extracted contract text to Anthropic, PBC (San Francisco, USA) via its Claude API. Anthropic acts as our processor (Auftragsverarbeiter) under its Data Processing Addendum, which is automatically incorporated into our Commercial Terms of Service and includes the EU Standard Contractual Clauses; transfer to the USA is additionally covered by Anthropic's certification under the EU–US Data Privacy Framework. Anthropic does not train its models on API inputs by default. The actual legal comparison against the BGB and BGH case law is performed on our servers in the eu-central-1 region (Germany) and never leaves the EU.
The full Anthropic DPA is available at anthropic.com/legal/data-processing-addendum.
Before the contract text is forwarded, we automatically strip direct identifiers we can spot reliably — email addresses, IBANs, BICs, and internationally-dialled phone numbers — and replace them with placeholders. No automatic filter catches everything, so some personal details may still be present. Names and addresses are deliberately left untouched because automatic rules cannot tell them apart from ordinary German nouns without distorting the legal sense of the clauses.
Transactional emails (magic links, confirmation) are sent through Amazon Web Services EMEA SARL (Amazon SES, Frankfurt, eu-central-1). Hosting is provided by AWS in the same region.
Payments for credit packs are processed by Stripe Payments Europe, Ltd. (Dublin, Ireland) and Stripe, Inc. (San Francisco, USA). Card details are entered directly on Stripe-hosted pages and never touch our servers. We receive only the session ID, payment intent ID, customer ID, amount, and status. Stripe acts as our processor under a data processing agreement; transfer to the USA is covered by the EU–US Data Privacy Framework and Standard Contractual Clauses.
If — and only if — you click "Accept" in the cookie-consent banner, the fact and value of your purchase (transaction id, amount, currency) is also reported to Google Ireland Ltd. (Gordon House, Dublin, Ireland) so we can measure the effectiveness of our Google Ads campaigns. Google Ireland is the data controller for users in the EEA and may transfer data to Google LLC (Mountain View, USA) under the EU Standard Contractual Clauses and Google's certification under the EU–US Data Privacy Framework. Processing happens on the basis of your consent (Art. 6 (1) (a) GDPR) and the data is not used to train Google's AI models. Without consent, no Google Ads cookies are set and no purchase data is sent to Google.
On the same consent — and only if you click "Accept" — the same purchase data (transaction id, amount, currency) and the standard HTTP metadata your browser sends (IP address, user-agent) is also reported to Microsoft via its Universal Event Tracking (UET) tag, so we can measure the effectiveness of our Microsoft Advertising (Bing) campaigns. Microsoft Ireland Operations Ltd. (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland) is the data controller for users in the EEA and may transfer data to Microsoft Corporation (Redmond, USA) under the EU Standard Contractual Clauses and Microsoft's certification under the EU–US Data Privacy Framework. Processing happens on the basis of your consent (Art. 6 (1) (a) GDPR). Without consent, no Microsoft cookies are set and no purchase data is sent to Microsoft. Microsoft's advertising privacy terms apply additionally: privacy.microsoft.com/privacystatement.
5. Retention
- Uploaded contracts and analysis results are retained as long as your account exists. You can delete your account and associated data at any time.
- Anonymous analyses (no account) are retained for up to 30 days and then automatically deleted.
- Server access logs are retained for up to 14 days.
- Payment records (Stripe session id, amount, status, date) are retained for 10 years after the purchase in accordance with § 147 AO and § 257 HGB. When you delete your account, these records survive but are de-linked from your user profile — they can only be identified via Stripe's own invoice archive. DSGVO Art. 17 (2) (b) permits this retention as necessary for compliance with a legal obligation.
6. Your rights
Under the GDPR you have the right to access, rectify, erase, restrict processing, object to processing, and data portability. You also have the right to lodge a complaint with a supervisory authority, e.g. your local Landesdatenschutzbeauftragter.
How to exercise your rights
- Access + portability (Art. 15 + Art. 20): sign in to Settings and use "Export my data (JSON)" to download an archive of your account, analyses, and tokens.
- Erasure (Art. 17): sign in to Settings and use the "Delete account" section. Deletion is immediate and permanent — account, all analyses, claim results, processing events, and API tokens are removed.
- Rectification, restriction, or objection: write to us at the address in the Impressum.
7. Cookies and local storage
We distinguish two groups of storage on your device:
- Strictly necessary — set without consent under §25 (2) TTDSG. Cover login, CSRF protection, your language and theme preference, and the storage of your cookie-banner choice itself.
- Optional (Google Ads measurement) — only set if you click "Accept" in the cookie banner. Legal basis Art. 6 (1) (a) GDPR. Until you choose, Google's gtag.js library runs in Consent Mode v2 with ad_storage=denied — no Google cookies are written; only aggregated, cookieless modelling pings are sent to Google.
You can change your choice at any time via the "Cookie settings" link in the footer. Withdrawing consent forgets your previous answer and stops Google Ads cookies from being written on subsequent page loads; cookies already on your device can be deleted in your browser settings.
What exactly is collected and why
If you accept, Google's gtag.js stores a single first-party cookie (_gcl_au) on your device. It contains a random identifier that links your current browser session to the Google Ads click that brought you to lawcheck.io. The cookie itself does not contain your name, email address, payment details, or contract content.
When you complete a purchase, the following data is transmitted to Google so the purchase can be matched back to the originating ad click: the Stripe session ID acting as transaction identifier, the purchase amount, the currency, the Google Ads conversion identifier, and the standard HTTP metadata your browser sends with any request (IP address, user-agent, referring page).
This data is used by Google exclusively for the following purposes: (a) counting and attributing conversions to the originating campaign, ad group, and keyword so we can see which ads work, (b) optimising the bidding strategy for similar future clicks ("Smart Bidding"), and (c) building aggregated, anonymous conversion-modelling estimates for users who did not consent. The data is not used to train Google's AI models and is not shared with other advertisers.
Google retains conversion records for up to 26 months by default in our Google Ads account. Their own privacy policies for advertising apply additionally: policies.google.com/technologies/ads.
If you accept, Microsoft's UET tag likewise stores cookies on your device (MUID, _uetsid, _uetvid) that link your browser to the Microsoft/Bing ad click that brought you here, and transmits the same purchase data so the conversion can be attributed to the originating campaign and to optimise future bidding. The cookies do not contain your name, email address, payment details, or contract content. Microsoft's advertising privacy terms apply additionally: about.ads.microsoft.com.
In addition to purchases, a conversion event is also fired when you submit a contract for a free check, so we can measure which Google Ads or Microsoft Advertising campaign referred you. This event transmits only the conversion signal and the standard HTTP metadata your browser sends — no contract content, and no name, email address or payment details — and is subject to the same consent and Consent Mode behaviour described above.
| Name | Type | Purpose | Lifetime |
|---|---|---|---|
_lawcheck_key |
Session cookie (necessary) | Keeps you logged in, carries CSRF and locale state. | Session (cleared on browser close) or 60 days if 'remember me' is enabled |
phx:theme |
localStorage (necessary) | Remembers your light/dark theme preference. | Until you clear it |
lawcheck_consent_marketing |
localStorage (necessary) | Stores your Accept/Reject choice for the Google Ads measurement cookies. | Until you clear it or change it via "Cookie settings\ |
_gcl_au |
Google Ads (consent required) | Measures whether our Google Ads led to a purchase. Set by Google's gtag.js — only after you click Accept. | 90 days |
MUID, _uetsid, _uetvid |
Microsoft Advertising (consent required) | Measures whether our Microsoft/Bing ads led to a purchase. Set by Microsoft's UET tag — only after you click Accept. | _uetsid: 1 day; MUID and _uetvid: up to 390 days |
8. Security
Traffic is encrypted with TLS (Let's Encrypt). Passwords — where set — are hashed with bcrypt. Magic-link tokens are single-use and short-lived.
9. Changes
We may update this policy. The current version is always available at this URL; the date at the top reflects the last change.