Privacy Policy — Proviso

The short version: When you use your own API key (BYOK), your contract text never reaches our servers — it goes directly from Word to your LLM provider. We collect what we need to run the service: your email, payment info, and license activation metadata. We don't sell your data. We never will.

Contents

How the BYOK Architecture Protects Your Documents
What We Collect
What We Do NOT Collect
How We Use Your Information
Third-Party Services
Data Retention
Your Rights
Security
Children
Governing Law
Changes to This Policy
Contact

1. How the BYOK Architecture Protects Your Documents

Proviso's core design principle is data minimization. On BYOK plans, the architecture works like this:

You open a contract in Word. The document exists only on your machine.
You click Review in the Proviso add-in. The add-in reads the selected text locally inside Word.
The text is sent directly to your LLM provider (e.g., Anthropic, OpenAI) using your own API key. Proviso's servers are not in this data path.
Your provider returns the analysis directly to your Word instance. Again, Proviso's servers don't see it.
What reaches Proviso's servers: your license key validation request, and aggregate usage counts (number of reviews run — not the content).

On Managed plans: Contract text is processed by Anthropic's Claude API, operated by Proviso on your behalf. Anthropic's zero-data-retention agreement applies — contract content is not used to train models or stored beyond the API call. See Anthropic's privacy policy for details.

2. What We Collect

Account & Contact Information

When you create an account or sign up for a subscription, we collect:

Name
Email address
Company name (optional)

Payment Information

Payments are processed by Stripe. We receive confirmation of your subscription status and the last four digits of your card — we never see or store your full card number. Stripe's privacy policy governs how they handle your payment data.

License & Activation Metadata

When you install and activate Proviso, we collect a cryptographic machine identifier (machine ID) tied to your license key. This lets us enforce your seat limit and detect unauthorized sharing. We don't collect device names, file paths, or other system information.

Aggregate Usage Statistics

We may collect anonymized counts of features used (e.g., "N reviews run this month") to understand how the product is being used. This data cannot be traced back to individual documents or contract contents.

Communications

If you email us or submit a lead form, we retain that correspondence to follow up and improve the Service.

3. What We Do NOT Collect

Data Type	Do We Collect It?	Notes
Contract text / document content	✕ No (BYOK)	Goes directly from Word to your LLM provider
Contract text (Managed plan)	✕ Not stored	Processed in-flight via Anthropic API; not retained
Client names / counterparty information	✕ No	We never see document contents
Deal terms, pricing, or negotiation details	✕ No	We never see document contents
AI-generated analysis / output	✕ No	Output goes directly to your Word instance
Your LLM API key	✕ No	Stored only in your local Word add-in settings

4. How We Use Your Information

We use the information we collect to:

Operate and maintain the Service, including license key enforcement
Process your subscription and communicate billing information
Send product updates, security notices, and support responses
Detect and prevent fraud, abuse, and unauthorized access
Improve the product based on aggregate usage patterns
Comply with legal obligations

We do not sell your personal information to third parties. We don't use your information for behavioral advertising.

5. Third-Party Services

We use a small number of trusted third-party services to operate Proviso:

Provider	Purpose	What They Receive
Stripe	Payment processing	Payment info, email, subscription data
Resend	Transactional email	Your email address for receipts and notifications
Anthropic	LLM API (Managed plan only)	Contract text sent during Managed plan reviews
Your LLM provider	LLM API (BYOK plan)	Contract text — governed by your provider's privacy policy
Cloudflare	Hosting & DNS	Standard network metadata (IP, request headers)

We don't share your personal information with any other third parties without your explicit consent, except as required by law.

6. Data Retention

We retain account and billing information for as long as your account is active and for a reasonable period afterward to comply with legal obligations (typically 7 years for financial records).

If you request deletion of your account, we'll delete your personal data within 30 days, except where we're required to retain it for legal or fraud prevention purposes.

Contract content processed via the Managed plan is not retained by Proviso or Anthropic beyond the duration of the API call.

7. Your Rights

Depending on where you are located, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate data
Deletion: Request deletion of your account and associated personal data
Portability: Receive your data in a structured, machine-readable format
Objection: Object to processing of your data in certain circumstances

To exercise any of these rights, email [email protected]. We'll respond within 30 days.

We don't discriminate against users who exercise their privacy rights.

8. Security

We take reasonable technical and organizational measures to protect your personal information, including:

TLS 1.2+ encryption for all data in transit
AES-256 encryption for any stored sensitive data
Cryptographically random license keys (128-bit entropy)
Access controls limiting who on our team can access account data

No system is perfectly secure. If you discover a security vulnerability, please report it to [email protected] before disclosing publicly.

9. Children

Proviso is a professional legal tool designed for adults. We don't knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected such data, please contact us and we'll delete it promptly.

10. Governing Law

This Privacy Policy is governed by the laws of the State of Illinois. If you are located in the European Union or other jurisdictions with specific data protection requirements, you may have additional rights under applicable law. Contact us to discuss.

11. Changes to This Policy

If we make material changes to this Privacy Policy, we'll notify you by email or via an in-app notice before the changes take effect. The "Last updated" date at the top reflects when the policy was last revised.

Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

12. Contact

Privacy questions, data requests, or security reports: [email protected]

Proviso is operated by Chris McVety, sole proprietor, Glenview, Illinois.