Privacy Policy

Last updated: February 15, 2026

1. Introduction

WorkupWise ("we," "our," or "us") is committed to protecting the privacy of physicians who use our AI-powered contract review service. This Privacy Policy explains what data we collect, how we use it, how we store it, and your rights regarding your personal information.

2. Information We Collect

2.1 Account Information

  • Email address
  • Full name (optional)
  • Password (stored as a bcrypt hash — we never store plaintext passwords)

2.2 Documents

  • Uploaded contracts and offer letters (PDF, DOCX, images)
  • Text pasted directly into the review form
  • Extracted text content from uploaded documents

2.3 Review Data

  • Intake form responses (specialty, state, career stage, practice setting, specific concerns)
  • AI-generated analysis results and amendment letters
  • Generated PDF reports

2.4 Payment Information

All payment card data is processed and stored by Stripe. We only store Stripe customer IDs and payment intent IDs for record-keeping. We never have access to your full card number, CVV, or other sensitive payment details.

2.5 Usage Data

  • Review submission timestamps and processing duration
  • Error logs and performance data (via Sentry)
  • Page views and web vitals (via Vercel Analytics, if enabled)

3. How We Use Your Data

  • Document analysis: Uploaded documents are sent to the Anthropic Claude API for AI-powered analysis. Anthropic does not use API data for model training per their API terms.
  • Delivering results: Analysis results are stored to provide you with the review report and amendment letter on your dashboard and as downloadable PDFs.
  • Email notifications: Your email address is used to send transactional emails (review processing started, review complete, processing failed). We do not send marketing emails.
  • Payment processing: Payment information is used solely to process credit purchases.
  • Service improvement: Aggregate, anonymized usage data may be used to improve the Service. We do not sell your data to third parties.

4. How We Store Your Data

  • Documents: Encrypted at rest in Supabase Storage using AES-256 encryption. Access is restricted to authenticated requests via the backend API.
  • Database: PostgreSQL with encrypted connections (SSL/TLS). Contains account information, review metadata, and analysis results.
  • Generated PDFs: Encrypted at rest in Supabase Storage. Accessible only through signed, time-limited download URLs.
  • Passwords: Hashed using bcrypt with salt. Never stored or transmitted in plaintext.
  • All traffic: Encrypted in transit using HTTPS (TLS 1.2+).

5. Data Retention

  • Account data: Retained while your account is active.
  • Uploaded documents: Retained for 12 months after upload, or until you request deletion, whichever comes first.
  • Review results: Retained for 12 months after creation.
  • Deleted accounts: All associated data is purged within 30 days of account deletion.

6. Your Rights

  • Access: You can access and download your documents and review results at any time through your account dashboard.
  • Deletion: You can request deletion of your account and all associated data by emailing us. Deletion is completed within 30 days.
  • Portability: You can download your review PDFs and amendment letters at any time.
  • Correction: You can update your account information (name, email, password) on the Settings page.

To exercise any of these rights, contact us at privacy@workupwise.com. We will respond within 30 days.

7. Third-Party Services

We use the following third-party services to operate WorkupWise:

ServicePurposePrivacy Policy
AnthropicAI-powered document analysisLink
StripePayment processingLink
SupabaseDocument and PDF storageLink
ResendEmail notificationsLink
SentryError tracking and monitoringLink
VercelFrontend hosting and analyticsLink

8. Cookies and Local Storage

WorkupWise uses secure browser cookies for authentication session management (including HttpOnly cookies for session tokens). We do not use tracking cookies. Vercel Analytics, if enabled, may use cookies for anonymous page view tracking. No third-party advertising cookies are used.

9. Children's Privacy

WorkupWise is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.

11. Contact

For questions about this Privacy Policy or to exercise your data rights, contact us at: privacy@workupwise.com