Stetful
LegalTrustLegal contact

Privacy

Privacy Policy

How Stetful collects, uses, shares, retains, and protects information for the initial U.S. launch.

Documents

Legal

  • Terms
  • Privacy
  • Acceptable Use
  • AI Notice
  • Security
  • Changelog

Trust

  • Trust Principles

Document version

Effective
July 2, 2026
Updated
July 2, 2026
Service scope
U.S. business use

Contact routing

Use the right inbox.

  • Legal notices and terms questionslegal@stetful.com
  • Privacy, data protection, and data-rights requestsprivacy@stetful.com
  • Security reports and vulnerability disclosuressecurity@stetful.com

Effective date: July 2, 2026
Last updated: July 4, 2026

Short version

  • Stetful is built for company legal records. We treat uploaded evidence and company legal records as confidential service data.
  • We collect account, organization, question, upload, evidence, legal-state, usage, support, and security information to provide and protect the Service.
  • We do not sell customer legal content or use it to train foundation models or third-party models.
  • We use providers for hosting, authentication, database, object storage, AI processing, operations, and support communications.
  • Pre-account first-question intake is short-lived unless you continue into an account/company context.
  • If your organization asks us to delete its data, we will delete or de-identify organization-specific data as described below. Governed platform observations about multi-party legal instruments and related evidence-basis or provenance records may remain only where lawful, contractually permitted, minimized, non-disclosing, tenant-isolated, and subject to correction or dispute procedures.
  • Stetful is initially for U.S. organizations and U.S. users.

1. Scope

This Privacy Policy explains how Stetful, Inc. (“Stetful,” “we,” “us,” or “our”) collects, uses, shares, and protects information when you use Stetful’s websites, landing page, first-question intake, product application, evidence upload features, AI-assisted legal-state analysis, and related services (the “Service”).

Read this Policy together with the Terms of Use, Acceptable Use Policy, AI Output and Legal-State Notice, and Subprocessors and Security Disclosure.

2. Information we collect

Account and contact information

We may collect your name, email address, organization, role, authentication information, account settings, support requests, legal/privacy/security requests, and related communications.

Organization and authority information

We may collect organization names, company identifiers, user roles, authority confirmations, review/acceptance receipts, and information needed to connect users to company records.

First-question intake

Before account creation, Stetful may collect a first question and optional legal-state attachments. This intake is short-lived unless you continue into an account or company context.

Customer legal records and uploaded evidence

We collect legal-state material you submit, including questions, prompts, legal documents, contracts, governance records, cap table-related records, IP assignments, privacy/security records, commercial contracts, evidence files, company context, and review rationales (“Customer Legal Content”).

Derived legal-state and observation information

We may create derived information from Customer Legal Content, including extracted facts, evidence classifications, coverage checks, confidence posture, evidence-basis records, provenance summaries, observed legal instruments, observed structure, observed terms, platform observations, observed assertions, customer reconciliations, tenant interpretations, evidence requests, proposed representations, findings, action cards, review receipts, audit events, and legal-state snapshots (“Legal-State Data”).

An evidence-basis record describes why Stetful is permitted to rely on evidence for a statement and what policy conditions apply. A provenance summary describes source class, lineage, timing, and related limits. An observed legal instrument is Stetful’s structured representation that a multi-party legal instrument appears to exist. Observed terms are minimized structured parameters, not verbatim clause text by default. A platform observation or observed assertion is a limited evidence-backed statement with confidence, time, visibility policy, and dispute status. Customer reconciliations and tenant interpretations are organization-specific review or reasoning layers, and they are not accepted state unless an authorized review and acceptance flow records that decision.

Usage, device, log, and security information

We may collect technical information needed to operate and secure the Service, such as IP address, device/browser information, request metadata, timestamps, authentication/session events, feature usage, error information, and security/audit logs.

Stetful does not intentionally copy customer legal content or raw extracted legal text into broad logs, worker results, or public exports.

Support, legal, privacy, and security communications

If you contact us, we collect the information you provide in that communication. Do not include unnecessary Customer Legal Content in support, legal, privacy, or security communications unless needed to handle your request.

3. How we use information

We use information to:

  • provide, operate, maintain, and improve the Service;
  • create and maintain accounts, organizations, roles, and sessions;
  • answer legal-state questions from available state and evidence;
  • process uploaded evidence and create Legal-State Data;
  • identify confidence-building evidence requests;
  • support proposed legal-state changes and company review/acceptance receipts;
  • secure the Service, detect abuse, troubleshoot errors, and prevent unauthorized access;
  • provide support and respond to legal, privacy, and security requests;
  • communicate about the Service and legal/policy updates;
  • comply with law and enforce our Terms; and
  • use aggregated, de-identified, or non-content operational metrics to improve Stetful.

4. AI processing and model training

Stetful may use AI providers to process bounded information needed to provide the Service, such as extracting facts, classifying evidence, drafting answers, or identifying coverage/confidence posture.

Stetful does not sell Customer Legal Content. Stetful does not use Customer Legal Content to train foundation models or third-party models.

Stetful uses AI providers only to provide the Service, not to train foundation models or third-party models. Provider human review of Customer Legal Content is not permitted except where legally or security-required or expressly enabled for a feature.

Stetful may use aggregated, de-identified, non-content telemetry and operational metrics to improve the Service. Stetful will not use raw Customer Legal Content for benchmarking, evaluation datasets, fine-tuning, or model training unless you explicitly authorize that use.

5. How we share information

We may share information with:

Service providers and subprocessors

We use providers for hosting, authentication, database, object storage, AI processing, security, code/operations tooling, and support communications. The Subprocessors and Security Disclosure identifies the current categories and providers.

Authorized users in your organization

We may make Customer Legal Content and Legal-State Data available to authorized users in the relevant organization according to their roles and permissions.

Legal, safety, and compliance recipients

We may disclose information if we believe disclosure is required by law, legal process, regulation, or a government request, or if needed to protect rights, security, confidentiality, safety, or the integrity of the Service.

Business transfers

If Stetful is involved in a merger, acquisition, financing, reorganization, sale of assets, or similar transaction, information may be transferred as part of that transaction, subject to appropriate confidentiality protections.

With your direction or consent

We may share information when you direct us to do so or when you consent.

6. Multi-party legal instruments, platform observations, and tenant isolation

A legal record may involve more than one organization. Uploaded artifacts, attachments, comments, signatures, customer-specific legal content, tenant-specific interpretations, operational conclusions, and storage locations remain the uploading organization’s confidential evidence.

Stetful will not give another organization access to uploaded documents, excerpts, privileged content, tenant interpretations, operational conclusions, or storage locations simply because that organization is mentioned in a record.

Where permitted by law, contract, and any applicable customer agreement, Stetful may maintain limited observed legal instruments, observed structure, observed terms, platform observations, entity references, relationship records, evidence-basis records, and provenance summaries. These records are separate from uploaded artifacts. They are not tenant interpretations, proposed representations, accepted state, or operational conclusions.

Retained platform observations must be minimized, non-disclosing, tenant-isolated, access-controlled, limited by time and provenance, and subject to correction or dispute procedures. Enterprise agreements, data processing terms, or admin settings may disable or further constrain platform-observation retention or use.

7. Retention

We keep information for as long as needed to provide the Service, maintain accepted state, comply with law, resolve disputes, enforce agreements, maintain security, and preserve audit/review history.

Current retention categories:

  • Pre-account first-question intake: short-lived unless converted into an account/company context.
  • Account and organization data: retained while the account or organization is active and for a reasonable period afterward for legal, security, and operational purposes.
  • Customer Legal Content and evidence objects: retained while needed for the customer’s legal-state record unless deleted, discarded, or subject to another retention rule.
  • Evidence-basis and provenance records: retained only where lawful and contractually permitted; may be severed, redacted, limited, or marked deleted when a source artifact is deleted.
  • Observed legal instruments, observed structure, observed terms, and platform observations: retained only where independently maintained, minimally necessary, lawful, contractually permitted, non-disclosing, tenant-isolated, time/provenance-limited, and subject to correction or dispute procedures.
  • Customer reconciliations, tenant interpretations, tenant projections, and other Legal-State Data: retained while needed to preserve review history, accepted representations, confidence posture, findings, action cards, auditability, and answer revision, and deleted or de-identified with the tenant unless a lawful exception applies.
  • Worker jobs and operational metadata: retained as needed to process, troubleshoot, audit, and secure the Service, without intentionally retaining raw customer legal content in broad logs.
  • Security logs: retained as needed to detect abuse, investigate incidents, and secure the Service.
  • Backups: retained for limited backup/recovery periods and deleted on ordinary backup cycles.

8. Deletion, correction, and privacy requests

Contact privacy@stetful.com for privacy, data protection, and data-rights requests.

Depending on your relationship to the relevant organization and applicable law, we may ask you to verify your identity and authority before fulfilling a request. If your request relates to an organization’s legal records, we may need confirmation from an authorized organization administrator or legal representative.

We may decline or limit a request where allowed by law, including when retention is needed for security, legal compliance, dispute resolution, auditability, fraud/abuse prevention, lawful evidence-basis or platform-observation integrity, or other legitimate business purposes.

If you believe a retained observed legal instrument, observed term, platform observation, evidence-basis record, or provenance summary is inaccurate, incomplete, outdated, disputed, or no longer belongs in the Service, contact privacy@stetful.com with enough information for us to evaluate the issue.

9. Cookies and similar technologies

The marketing site does not use analytics cookies, pixels, external scripts, or third-party SDKs. The product app may use essential cookies or similar technologies for authentication, session management, security, and product operation.

If Stetful adds analytics, advertising, or non-essential cookies, this Policy and the product notices will be updated before those features launch.

10. Security

Stetful uses administrative, technical, and organizational measures designed to protect information, including tenant-scoped data handling, role/capability checks, object storage controls, worker/logging rules designed to avoid customer legal content in logs, and provider-based infrastructure security.

No system is perfectly secure. If you believe you found a vulnerability, contact security@stetful.com. Please do not include unnecessary Customer Legal Content in vulnerability reports.

11. U.S.-only launch posture

Stetful is operated from the United States and is initially for U.S. organizations and U.S. users. If you use Stetful from outside the United States or submit information about people outside the United States, you understand that information may be processed in the United States.

Stetful may add GDPR, UK, EU, international transfer, or data processing addendum terms later if needed for broader launch or enterprise contracting.

12. Children and minors

Stetful is not directed to children or minors. Do not use Stetful to store minors’ records or information unless that information is incidental to an authorized company legal record and you are legally permitted to provide it.

13. Changes to this Policy

We may update this Privacy Policy over time. We will post the updated version with a new effective date. Material updates may also be listed in the Legal Changelog or communicated through the Service or by email.

14. Contact

Stetful, Inc.
7775 Walton Parkway, Unit #192
New Albany, OH 43054

  • Legal notices and terms questions: legal@stetful.com
  • Privacy, data protection, and data-rights requests: privacy@stetful.com
  • Security reports and vulnerability disclosures: security@stetful.com

© 2026 Stetful, Inc.

Legal
  • Terms
  • Privacy
  • Acceptable Use
  • AI Notice
  • Security
  • Changelog
Trust
  • Trust Principles

Contact

  • legal@stetful.com
  • privacy@stetful.com
  • security@stetful.com