Your documents are the product's input, not ours.
Sidecar works because you trust it with real contracts and real numbers. This page says plainly what we collect, where it goes, how long we keep it, and how to make us delete it.
Last updated: July 3, 2026
What we collect
Sidecar collects three kinds of information:
- →Account information. Your name, work email, organization name, and role — provided when you sign up or submit one of our forms.
- →Documents you upload. Contracts, invoices, renewal notices, reports, and other files you choose to send us, along with the text we extract from them to run the analysis.
- →Analyses we produce. Risk scores, findings, deadlines, and reports generated from your documents. These belong to your workspace.
If you arrive through our marketing site, we may also record basic context about how you found us (for example, a campaign tag in the link you clicked and the referring page).
Where your documents go
- →Storage. Uploaded files and extracted text are stored in Google Firebase services (Cloud Storage and Firestore), scoped to your organization.
- →Analysis. Document text is sent to the Anthropic API to generate your analysis. Your documents are not used to train AI models — not by us, and not by our AI provider under the API terms we operate under.
- →Nothing else. We do not sell your data, and we do not share your documents with third parties beyond the infrastructure providers above.
Isolation and access
Every document, analysis, and vendor record belongs to exactly one organization. Access rules are enforced at the data layer: members of your organization can read your workspace; nobody else can. Files are never publicly readable — every file read goes through our servers after an organization-membership check. Within your workspace, role-based permissions control who can upload, analyze, and delete.
A small number of authorized Sidecar staff may access your workspace when needed to provide support or operate the service. Every such access is recorded in a tamper-evident audit log, and while it is active you'll see a banner in the app.
Retention and deletion
Documents and analyses persist until you delete them. When you delete an agreement, its analyses are deleted with it — and if the file was uploaded through agreement intake, the stored file is deleted too. Files that live in your shared Upload Center and are merely referenced by an agreement stay until you delete them from the Upload Center directly.
To request deletion of your account or anything you can't remove yourself, email privacy@sidecarpartner.com or use the contact form. We'll confirm when it's done.
Cookies and sessions
The application uses a session cookie to keep you signed in. We don't run third-party advertising trackers on the product.
Changes
If this policy changes in a way that affects how your documents are handled, we'll update this page and note the date at the top. Questions? Ask us — we answer.
