AI Policy
Version effective as of 2026-06-06. Plain-language guidance for how AI works in CleverContracts.
CleverContracts offers three AI-assisted features, all of which operate on engagement content you explicitly select:
- Summarize — generates a draft recap of selected messages, organized into what happened, explicit decisions, open items, and clarifying questions
- Draft reply — suggests reply text you can review, edit, and then send manually
- Extract change draft — helps turn discussion into a clear, attributable change proposal you can refine before requesting approval
- It does not provide legal advice or enforceability judgments
- It does not auto-apply edits to engagement records — every output requires your explicit review and approval
- It does not auto-send messages to clients
- It does not appear in client-facing screens — clients never see AI features or know they are being used
- CleverContracts does notoffer a “train on my data” feature — under Google Cloud Service Specific Terms §18 (Training Restriction), Google will not use Customer Data to train or fine-tune models without prior permission or instruction from CleverContracts
AI features are powered by Google LLC — Vertex AI / Gemini.
| Provider | Google LLC — Vertex AI / Gemini |
| Location | United States (configurable region via deployment settings) |
| Transfer safeguards | Google Cloud Data Processing Addendum (CDPA) incorporating SCCs; EU-US Data Privacy Framework (DPF) where applicable |
| Data retention | Prompts and generated output are not stored outside our Google Cloud account longer than reasonably necessary to generate output. Exceptions apply for abuse monitoring, safety, security, and legal compliance (see below). |
| Model training | §18 Training Restriction: Google will not use Customer Data to train or fine-tune models without prior permission or instruction from CleverContracts. |
| Abuse monitoring | Suspicious prompts may be logged by Google for up to approximately 90 days for safety and abuse review. This logging is not used for model training. |
Content is transmitted securely via HTTPS/TLS. For more information:
- Google Cloud Service Specific Terms (§18 Training Restriction, §20 Generative AI Services)
- Google Cloud Data Processing Addendum (CDPA)
- Google Cloud Generative AI Privacy FAQ
AI actions are designed to send the minimum data necessary:
- Each message is truncated to a maximum of 4,000 characters
- A maximum of 50 messages are included per request
- Only the messages you explicitly select are sent — not the entire engagement history
- Attachment contents are not sent to AI providers — only text content is used
AI actions use only the messages you explicitly select. The UI displays a “Sources used” list so you can verify what the output was based on.
The system prompt that guides AI behavior is fixed and designed to produce structured, factual outputs. It does not contain your personal data or any content from other users.
AI outputs are drafts. Review them carefully and edit as needed. Nothing changes until you apply it.
All AI outputs are clearly labeled as “AI-generated” and include a “Review before using” notice. AI outputs are not legal advice.
If AI is unavailable (provider outages, rate limits, invalid output), the platform shows an explicit error state and you can continue manually. No fabricated “fallback” output is ever shown.
AI is optional and off by default. To enable AI:
- You must be on a plan that includes AI features (Pro or during a trial)
- You must explicitly enable AI in your workspace settings, which requires a two-factor authentication step-up
- You must acknowledge the AI policy during enablement
Enabling AI is revocable — you can turn it off at any time in your settings.
AI usage is rate-limited and quota-limited to prevent runaway costs and abuse. If you hit a limit, you will see a clear message and can continue using the platform manually.
Separately from enabling AI, you may opt in to sharing AI diagnostic data. This helps us monitor AI feature quality and performance.
Diagnostic data is strictly content-free — it includes only:
- Which AI action was used (summarize, draft, extract)
- Which AI model was used
- Response latency (how long the AI took)
- Token count (input and output size)
No message content, scope text, or any engagement data is included in diagnostic records. Diagnostic events expire automatically after 30 days.
You can opt out of diagnostic data collection at any time. Existing diagnostic data expires naturally within 30 days.
When you use AI features, engagement content is sent to Google Vertex AI located in the United States (or a configured region). The transfer is protected by HTTPS/TLS encryption and governed by the Google Cloud Data Processing Addendum (CDPA), which incorporates Standard Contractual Clauses (SCCs), and the EU-US Data Privacy Framework (DPF) where applicable. Swiss revFADP transfers are covered by equivalent mechanisms. For more details, see our Privacy Policy, Section 5.