LeewardBack to Leeward
Leeward · Legal

Privacy

Last updated July 1, 2026

Leeward reads the contracts you give it and emails you when work becomes billable. You choose what to upload, you confirm what it found before anything is saved, and your contracts are never used to train AI. Here is exactly what we collect, how it is processed, and the controls you have.

How Leeward handles your contracts

This is the part that matters most, so it goes first. Leeward only ever sees the contracts you choose to give it, and you stay in control of every step:

  • You choose what to upload. Leeward only processes the contracts you give it.
  • Leeward uses AI to read each contract and pull out the engagement, its milestones, dates, amounts, and the clause that makes each milestone billable.
  • You confirm every detail before anything is saved. Leeward never files an invoice or sends anything to your client on its own.
  • Your contracts are never used to train AI models.
  • Files are sent over an encrypted connection.
  • You can delete any contract and its engagement at any time.

Information we collect

  • Your account email. We use it to sign you in (with a one-time link, so there is no password to store) and to send your invoicing alerts.
  • The contracts you upload and the data extracted from them — engagement details, milestones, dates, amounts, and acceptance clauses.
  • Basic, privacy-respecting usage analytics — aggregate page metrics with no cookies and no cross-site tracking — so we can tell whether the product is useful.

We do not collect passwords (sign-in is a one-time email link), payment details (the product is free), or anything we do not need to do the job.

How we use your information

  • To read your contracts and track each engagement's milestones.
  • To email you the moment a milestone becomes billable, and to send your sign-in links.
  • To operate, secure, and improve the service.

We do not sell your data, and we do not use your contracts to train AI.

Who processes your data

Leeward runs on a small set of trusted providers. Each one only processes what it needs to do its part:

  • Cloud hosting and privacy-first analytics — Cloudflare.
  • Database and sign-in — Supabase.
  • AI extraction — a third-party enterprise AI provider processes the contents of an uploaded contract to extract the engagement data, and does not use your contracts to train its models.
  • Email delivery — Resend.

How long we keep your data

Your engagements and contracts stay in your account until you delete them. When you delete an engagement, it is removed from the live product. Closing your account removes your data from the live product.

Security

  • Files and traffic are encrypted in transit.
  • Your data is private to your account — every read and write is scoped to the signed-in user.
  • No system is perfectly secure. We work to protect your data and ask you to keep access to your sign-in email secure.

Your choices and rights

  • Access, correct, or delete your data from within the product, or by contacting us.
  • Stop using the service and delete your account at any time.

Children

Leeward is a business tool and is not directed to anyone under 18.

Where processing happens

Leeward is operated from the United States. By using it, you understand that your data is processed in the United States and by the providers listed above.

Changes to this policy

If this policy changes, we will update this page and the "last updated" date above. For material changes, we will make a reasonable effort to let you know.

Contact

If you have any questions about your data or this policy, get in touch and we will help.

This is a plain-English summary written for clarity, pending review by counsel. If anything here conflicts with a signed agreement between you and Leeward, that agreement governs.