LeaseBrief

Legal

Privacy Policy

Last updated: May 2026

LeaseBrief (“we”, “us”) provides AI-powered lease abstraction software. This Privacy Policy explains what personal data we collect, how we use it, and the rights you have. By using LeaseBrief, you agree to this policy.

1. Data we collect

  • Account information — email, display name, team name, and authentication tokens. Stored when you sign up or are invited to a team.
  • Lease documents — PDF files you upload, plus the structured abstracts we extract from them. Stored in Supabase Storage and database, scoped to your team.
  • Payment information — collected and stored directly by Stripe (PCI-DSS Level 1). We retain only the Stripe customer ID, subscription state, and invoice history.
  • Usage telemetry — server logs (timestamps, IPs, URLs) for security and debugging. Retained for 30 days.
  • Email preferences — your choice to receive lease-ready notifications and (if connected) your Slack workspace + channel selection.

2. How we use your data

  • To run the LeaseBrief service: extract lease data, surface critical dates, and serve your abstracts back to you.
  • To process payments and manage your subscription via Stripe.
  • To send transactional emails (lease-ready notifications, team invitations, billing receipts) via Posthawk.
  • To detect and prevent fraud, abuse, and security incidents.
  • To comply with legal obligations.

We do not sell your data, share it for advertising, or use the contents of your leases for any purpose other than running the service for you.

3. AI processing — Anthropic

Lease extraction is performed by Anthropic's Claude API. When you upload a PDF, we send its contents to Anthropic for analysis. Anthropic processes the document under their Commercial Terms. We send every request with the no-training flag set, so your documents are not used to train any model. Anthropic retains API request data for 30 days for trust & safety, then deletes it.

4. Data sharing

We share data only with the sub-processors required to deliver the service:

  • Supabase — database, authentication, file storage (US region)
  • Anthropic — AI extraction (US region)
  • Stripe — payments and subscription billing
  • Posthawk — transactional email delivery
  • Inngest — background job orchestration for extraction
  • Vercel — application hosting
  • Google Analytics 4 — anonymized traffic analytics, only loaded if you accept the cookie consent banner. See our Cookie Policy.

5. Data retention

  • Account data is retained while your account is active.
  • Lease documents and abstracts are retained while you have an active subscription, plus 30 days after cancellation for export.
  • Server logs are retained for 30 days.
  • You may request deletion of your data at any time by emailing privacy@leasebrief.com. We will delete within 30 days unless legal retention obligations apply.

6. Security

All data is encrypted in transit (TLS 1.2+) and at rest. Access is restricted to authorized engineers via single sign-on with MFA. Database row-level security enforces team isolation. We follow secure-development practices and review every change before deployment.

7. Your rights

Depending on your jurisdiction (e.g. GDPR, CCPA), you may have the right to access, correct, export, or delete your personal data, and to withdraw consent. To exercise any of these rights, email privacy@leasebrief.com.

8. International transfers

LeaseBrief is operated from the United States. By using the service from outside the US, you consent to your data being transferred to and processed in the US. Where required, we use Standard Contractual Clauses with our sub-processors.

9. Changes to this policy

We may update this policy from time to time. Material changes will be announced by email at least 30 days in advance. The “Last updated” date at the top reflects the most recent revision.

10. Contact

Questions about this policy? Email privacy@leasebrief.com.

See our Terms of Service →