We are Dang Apps LLC, a Florida limited liability company (the "Company," "we," "us," or "our"). Our registered mailing address is 3206 NE 2nd Ave, Suite 3028, Miami, FL 33137.
For privacy-related questions, requests, or complaints, contact us at privacy@dangcontracts.com. For general support, support@dangcontracts.com. For formal legal notices, legal@dangcontracts.com.
This policy explains how we collect, use, share, and protect personal information when you use the Dang service — including our website at dangcontracts.com, our iOS app (when available), and any related features such as our analysis reports and email delivery features (collectively, the "Service").
It applies whether you use Dang as an anonymous visitor (free preview), as a registered free account holder, as a one-time paid scan customer, or as a subscriber.
If you sign in with Apple or with Google, that provider sends us basic profile information you authorize — typically an email address (or Apple's private relay address — see Apple Sign-in) and, optionally, your name. We do not receive your password or any other information from those providers.
We may receive information about you from:
Contracts often contain personal information about people other than you — for example, a landlord's name and address, a property manager, a leasing agent, an employer, a vendor, a co-signer, or other counterparties. By uploading a contract, you confirm that you have the right to share it with us for analysis. We use any third-party personal information in your uploads only to provide the analysis to you, and we subject it to the same retention and deletion practices as the upload itself.
If you are not the uploader and you believe your personal information may have appeared in a contract someone uploaded to Dang, contact us at privacy@dangcontracts.com.
For purposes of the California Consumer Privacy Act (CCPA / CPRA) and similar US state privacy laws, the categories of personal information we may collect are summarized below. We use and disclose these categories for the purposes described throughout this policy, including to provide and secure the Service, process transactions, deliver requested communications, prevent abuse, debug and improve performance, comply with law, and enforce our Terms.
| Category | Examples | Sources |
|---|---|---|
| Identifiers and contact information | Email address, account ID, transaction identifiers, device identifiers, IP address | You, your device, payment processors, OAuth providers |
| Commercial information | Purchase status, transaction date and amount, product purchased, subscription tier | You, Stripe, Apple |
| Internet or network activity | Browser type, OS, app version, usage events, diagnostics, request metadata | Your device, our servers, analytics providers |
| Approximate location | Approximate geolocation inferred from IP address | Your device, our servers |
| User-submitted content | Contract text, uploaded files, prompts, follow-up questions, generated reports, support communications | You |
We may disclose these categories to service providers and contractors that help us operate the Service (see Section 8 below). We may share limited website and app activity, along with advertising identifiers, with advertising partners (such as Google and Meta) for attribution and measurement when you consent to advertising cookies. We do not sell personal information for money, and we do not share contract content with advertising or analytics tools.
We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, taking into account the nature of the information, the operational need, legal requirements, dispute handling, fraud prevention, and security obligations. See Section 10 (Data retention) for specifics.
We use the information we collect to:
If you are in the European Economic Area or the United Kingdom, we rely on the following lawful bases under Article 6 of the GDPR / UK GDPR:
| Purpose | Lawful basis |
|---|---|
| Providing the service (account, analysis, support) | Contractual necessity — Article 6(1)(b) |
| Processing payments | Contractual necessity — Article 6(1)(b) |
| Security, fraud prevention, abuse detection | Legitimate interests — Article 6(1)(f) |
| Analytics and product improvement (where cookie-based) | Consent — Article 6(1)(a) |
| Marketing email | Consent — Article 6(1)(a) |
| Legal compliance and responding to lawful requests | Legal obligation — Article 6(1)(c) |
The GDPR and UK GDPR may apply to processing by Dang when we offer services to users located in the European Union or United Kingdom, or monitor their behavior there. Because our website is publicly accessible and uses analytics and advertising tools that may receive EU/UK users, we voluntarily apply GDPR-grade disclosures globally and treat EU/UK rights support as a baseline for all users.
Our contract analysis service is powered by Anthropic's Claude AI through Anthropic's commercial API. When you upload a contract:
No attorney-client privilege. Using Dang does not create an attorney-client relationship. Information you share with Dang — including your contract content — is not protected by attorney-client privilege.
We use the following third-party service providers to operate Dang. Each is contractually obligated to protect your data and use it only to provide services to us.
| Provider | What they do for us | Where based |
|---|---|---|
| Anthropic | AI contract analysis (Claude API) — standard retention up to 30 days; up to 2 years for content flagged for Usage Policy violation | United States |
| Supabase | Database, authentication, serverless functions | United States |
| Stripe | Payment processing (web), including subscription billing | United States |
| Apple | App Store distribution, in-app purchases (iOS), authentication (Sign in with Apple) | United States |
| Resend | Transactional email delivery (receipts, report PDFs, account notifications) | United States |
| Upstash | Rate limiting and scheduled jobs (Redis + QStash) | United States (global edge) |
| Vercel | Web hosting, content delivery, and serverless PDF rendering. When we generate a PDF report for email delivery, our application sends Vercel a sanitized report payload derived from the analysis — including the report score, findings, counts, and short clause excerpts, but not the original uploaded contract file. Our application does not intentionally store the rendered PDF on Vercel after the request completes. | United States (global edge) |
| Analytics (Google Analytics 4), advertising attribution (Google Ads), authentication (Sign in with Google) | United States | |
| Meta | Advertising attribution (Meta Pixel) | United States |
We may use additional infrastructure providers that do not process your personal information directly (for example, source-code hosting, DNS, business banking) — these do not appear on this list.
For users in the European Economic Area or United Kingdom: transfers to these US-based providers rely on Standard Contractual Clauses approved by the European Commission, and, where applicable, on participation in the EU-US Data Privacy Framework.
This list may change as we add or remove service providers. We will update it here and, for material changes, notify registered users and existing customers whose email we have on file by email at least 30 days before the change takes effect.
When Sign in with Apple is available in Dang and you choose "Continue with Apple," Apple asks you to authorize Dang to receive your basic profile (typically your name and email address). You may choose to share Apple's private relay email address (which looks like somename@privaterelay.appleid.com) instead of your real email — Apple forwards messages from Dang to your real inbox without exposing it to us. Either form of email works the same way for your account.
If you used a third-party sign-in provider, deleting your Dang account removes your Dang account access and app-side account data according to this policy. You may also be able to manage connected app permissions directly through that provider.
For Sign in with Apple specifically, you can remove Dang from your Apple ID directly at any time in your Apple ID settings on your device.
When you choose "Continue with Google," Google asks you to authorize Dang to receive your basic profile (typically your name and email address). You can review and revoke this authorization at any time at myaccount.google.com.
You can remove Dang from your Google account permissions directly via Google at any time.
We do not access any other Google services on your behalf (no Gmail, no Drive, no Calendar) — only your basic profile for identity verification.
We use cookies and similar technologies to operate the service, remember your preferences, measure usage, and (with your consent) personalize advertising.
Our cookie banner sets advertising and analytics cookies to denied by default until you give consent. You can change your cookie choices at any time using the cookie preferences link in our site footer.
Categories of cookies:
Most browsers also let you control cookies through browser settings. Note that disabling essential cookies will prevent the service from working.
Uploaded files. When you upload a contract, the file is deleted from our storage immediately after analysis completes. We do not retain the original file. In one narrow case — if you reach a usage limit and complete a payment to continue — your file may be held briefly in access-restricted temporary storage only long enough to finish the payment and analysis, and is then deleted on completion. Incomplete or abandoned uploads are automatically removed within 1 hour.
Free preview (anonymous analyses). Free previews for anonymous visitors are temporary. We do not create a saved report from a free preview unless you later unlock a paid scan or otherwise enter a saved-report flow. Unclaimed anonymous preview/report artifacts that are not tied to an entitlement or saved-report window are removed by our retention cleanup, currently after 7 days; incomplete uploads are removed sooner, typically within 1 hour.
Saved reports. Only one-time paid scans and subscribers have saved reports. Free accounts do not have saved reports.
Parsed contract text. The text extracted from your contract for analysis is retained alongside the saved report itself, and is deleted at the same time the saved report is deleted.
PDF report generation. When we email you a PDF report, our application renders the PDF from saved report data using a Vercel serverless function at the time of delivery. The rendered PDF is passed to our email provider for delivery and is not intentionally stored by our application after the email is sent.
Emailed PDF copies. The PDF report we email to you remains in your inbox under your control; we do not have access to or retention obligations for the copy in your email account.
Account data. Your account record (email, display name, linked authentication methods) is retained while your account is active. When you delete your account, we hold it in a paused state for 30 days so you can change your mind by signing back in — during this 30-day grace period your account is paused for new actions, but you can still sign in to view and download saved reports in read-only mode. On day 30, your account record, saved reports, and parsed contract text are permanently removed. Stripe-hosted payment records remain with Stripe under Stripe's own retention. The local payment receipts we keep for tax reporting are stripped of your email at deletion and retained in minimized form for the period required by law (typically 7 years). Anonymized consent records (with your identity removed) are retained as proof of consent.
Cancellation and subscription changes. If you cancel a subscription, access generally continues through the period you have already paid for, unless a refund, chargeback, or immediate cancellation changes your access sooner. Saved reports remain available for the report-retention period that applies to your plan (described above). Some account or subscription states may limit scanning or recovery options.
Your account itself persists even after saved reports reach the end of their retention period and are deleted — you can sign back in and start fresh, or delete your account at any time per Section 16.
You can delete your account at any time from your Account page — see Section 16 for the step-by-step. If you need data removed faster than the standard 30-day grace, or if you want to delete data without deleting your full account, contact privacy@dangcontracts.com and we will remove everything we control on our systems, typically within 2 business days, subject to legal and security retention obligations.
Depending on where you live, you may have some or all of the following rights regarding your personal information:
To exercise any of these rights, email privacy@dangcontracts.com. We will respond within the time period required by applicable law (typically 30–45 days, extendable with notice). We may need to verify your identity before completing a request.
You may also designate an authorized agent to make requests on your behalf where applicable law permits. We may verify the agent's authority before acting.
We protect your information using industry-standard administrative, technical, and organizational safeguards: encryption in transit (TLS) and at rest, access controls limiting who at Dang can access user data, infrastructure hosted by reputable providers (Supabase, Vercel, Stripe) with their own security certifications, password hashing for stored credentials, and ongoing security monitoring.
No method of transmission or storage is 100% secure. If we ever experience a security incident affecting your personal information, we will notify you and any regulators required by law (in Florida, this is governed by the Florida Information Protection Act of 2014).
Dang is based in the United States. Our service providers listed in Section 8 are also primarily US-based. If you access Dang from outside the United States — including from the European Economic Area, the United Kingdom, or elsewhere — your information will be transferred to and processed in the United States.
For EU/UK users, these transfers rely on Standard Contractual Clauses approved by the European Commission and, where applicable, on the receiving party's participation in the EU-US Data Privacy Framework. Additional information on each provider's safeguards is available on request.
Dang is not directed to children, and our Terms of Service require users to be at least 18 years old. We do not knowingly collect personal information from anyone under 13 in violation of the Children's Online Privacy Protection Act (COPPA). If you believe a child has provided us with personal information, contact privacy@dangcontracts.com and we will delete it.
We send transactional emails (account notifications, payment receipts, report delivery, security alerts) whenever they relate to your use of the service. These are not marketing.
We use email for sign-in, report access, billing, security, and account updates. We do not currently send marketing emails. If we offer marketing emails in the future, we will provide the opt-out choices required by law.
You can delete your Dang account yourself from your account page:
30-day grace period. During the 30 days after you delete, your account is paused for new actions — you can sign in to view and download your saved reports in read-only mode, but you cannot run new scans, change account settings, or modify your saved reports. You can change your mind anytime in this window by signing back in to your account, which restores everything. After 30 days, deletion is permanent and cannot be undone.
What happens on day 30. Your account record, your saved reports, and the parsed contract text we kept to render those reports are permanently removed from our systems. Stripe-hosted payment records remain with Stripe under Stripe's own retention. The local payment receipts we keep for tax reporting are stripped of your email at deletion and retained in minimized form for the period required by law (typically 7 years). Anonymized consent records (with your identity removed) are retained as proof of consent. Operational logs we retain for security investigations are kept under their own retention.
If you used a third-party sign-in provider, deleting your Dang account removes your Dang account access and app-side account data according to this policy. You may also be able to manage connected app permissions directly through that provider.
If you can't sign in — for example, you lost access to your sign-in email — contact privacy@dangcontracts.com from any address and we will help verify your identity and delete your account on your behalf, typically within 2 business days, subject to legal and security retention obligations.
Faster paths for specific data:
We may update this policy when our practices change or when laws require it.
For new users (signing up after the effective date below): the current policy applies immediately upon account creation, and you confirm acceptance at signup.
For existing registered users and existing customers whose email we have on file (for example, anyone who has previously purchased a contract scan or whose email we received via support inquiry or report claim flow): material changes take effect 30 days after we notify you, OR upon your affirmative acceptance, whichever comes first. We notify you by:
For anonymous visitors: the updated policy applies prospectively from the publication date for activity occurring after that date.
For non-material changes (typos, clarifications), we update the "Last updated" date without separate notice.
Dang Apps LLC
3206 NE 2nd Ave, Suite 3028
Miami, FL 33137
If we are unable to resolve your complaint, you may also have the right to lodge a complaint with your local data protection authority (for EU/UK users) or with your state attorney general.
© 2026 Dang Apps LLC. All rights reserved.