Skip to content
version90

Legal

Privacy Policy

Last updated: July 11, 2026 · Applies to the version90 website and application

This policy explains how Latent Ape LLC, a Tennessee limited liability company ("Latent Ape", "we"), handles personal data in connection with version90 — both the public website (version90.com) and the application (app.version90.com). Short version: we collect what's needed to run a contract platform, we don't sell your data, our AI providers can't train on your documents, and your contracts remain yours.

1. Who we are, and our two roles

  • For the website and your account (visitor analytics, signup, billing), Latent Ape is the data controller.
  • For documents you upload — contracts that may contain personal data about your counterparties, signatories or employees — your organization is the controller and Latent Ape is a processor, acting on your instructions under our Data Processing Addendum.

2. What we collect

  • Account data: name, email, organization details, roles — collected at signup and managed via our authentication provider (Clerk).
  • Customer Content: documents you upload or email in, plus comments, notes and metadata your team creates. Contracts routinely contain personal data of the people named in them.
  • Usage data: logs of actions in the app (who accepted which change, when) — this is a product feature (the audit trail) as well as an operational record.
  • Billing data: processed by our payment processor; we do not store full card numbers.
  • Website analytics: the marketing website uses Google Analytics to understand traffic (pages viewed, referrer, approximate location from IP, device type). Analytics cookies are used on the website. We do not run advertising trackers.

3. How we use data

  • To provide the Service: storage, versioning, redlining, collaboration, notifications.
  • To provide AI features: relevant document content is sent to our AI model provider (Anthropic) to generate the review, extraction or explanation you requested. Our agreements prohibit AI providers from training models on your content. AI runs only on your action or the automatic processing described in-product (e.g., identifying an uploaded contract).
  • To operate the business: billing, support, abuse prevention, service emails.
  • To improve the website: aggregate analytics. We do not use Customer Content to train models or for advertising.

4. Who receives data (subprocessors)

We share data only with the service providers needed to run version90 — currently Google Cloud Platform (application hosting), Cloudflare (website hosting/CDN and network security), Anthropic (AI processing), Clerk (authentication), Stripe (payments) and Google Analytics (website analytics). The authoritative, always-current list with roles and locations is Annex III of the DPA. We may disclose data when legally required, with notice to you where lawful. We never sell personal data.

5. Cookies

  • Application: essential cookies only (session/authentication).
  • Website: Google Analytics cookies for traffic measurement. You can block these with browser settings or extensions without affecting the site.

6. Retention

Customer Content is retained while your subscription is active and for the 30-day export window after termination, then deleted from production systems (backups age out on a rolling schedule thereafter). Account and billing records are kept as required for tax and legal purposes. Website analytics are retained on Google Analytics' standard retention settings.

7. Security

Data is encrypted in transit and at rest; access is role-based and organization-scoped (tenant isolation is enforced in code and covered by automated tests); documents are content-hashed so tampering is detectable. No system is perfectly secure — report concerns to [email protected].

8. Your rights

Depending on where you live (GDPR, UK GDPR, CCPA/CPRA and similar laws), you may have rights to access, correct, delete, export, or restrict processing of your personal data, and to object or withdraw consent. Contact [email protected] and we'll respond within the legally required window. If your data is in a customer's organization (e.g., you're a counterparty named in someone's contract), we'll refer the request to that customer, as the law expects of a processor. You may also complain to your local supervisory authority.

9. International transfers

We are a U.S. company and process data in the United States. Where data of EU/UK individuals is transferred, we rely on Standard Contractual Clauses with our subprocessors (see the DPA).

10. Children

The Service is for business use and not directed to anyone under 18.

11. Changes and contact

Material changes to this policy will be announced by email or in-app at least 14 days in advance. Questions: [email protected] · Latent Ape LLC, Tennessee, USA.