Icertis and Dioptra Partner to Accelerate AI-Powered Contracting

Privacy Policy

Last updated: August 05, 2025

Quick Summary

What We Do. Dioptra provides B2B contract review and legal technology services. We collect business contact information and usage data to deliver our services, improve functionality, and ensure security.

Your Control. You can access, correct, or delete your data any time by emailing security@diopta.ai. We don't sell your information or use it for advertising. We're SOC2 compliant and built on enterprise-grade security infrastructure.

About This Policy

Your privacy is important to us.  This Privacy Policy describes how Dioptra, Inc. ("Dioptra," "we," or "us") collects, uses, and protects your personal information when you use our website, applications, add-ins or plug-ins, and other services provided by us or when you otherwise interact with us (collectively, the "Services"). “Personal information” as used in this Policy means information that identifies you or can be used to contact you, such as your name, email address, or usage patterns. It doesn't include anonymous data where your identity has been removed.

Important Notes:

1. Information We Collect

Data Type

Account Information

Examples

Name, email address, company name, postal address, telephone number, and payment information.

How we Collect

When you create an account, connect to us through a 3rd party service such as an SSO provider, or contact us.

Purpose

Service delivery, billing, and support.
Usage Data
session date, time, and duration; identifiers, usage data, session information, links clicked, pages visited, the page you visited before navigating to the Services, and mouse movements.
Automatically through cookies, web beacons, session replay and other technologies.
Service improvement and personalization.
Device Information
IP address, browser type, and device location.
Automatically when you access our Services.
Security, functionality, and fraud prevention.
Sales and Marketing Information
Name, email address, role, company name, telephone number, and social-media profile.
When you submit forms on our websites or from third party providers.
Lead generation, account enrichment.

2. How We Use Your Personal Information

We will only use your Personal Information for the purposes as described in this Policy.

3. Protection Of Your Personal Information

The security of your personal information is incredibly important to us. We have implemented and we continually maintain a variety of technical and organizational measures to protect your personal information from unauthorized access and against unlawful processing, accidental loss, destruction, and damage. Though no service is impenetrable, we are SOC2 compliant, and our service is built on top of services that maintain ISO 27001 and SOC2 certifications, and have years of experience managing and securing large-scale operations.

4. When We May Disclose Personal Information

We do NOT sell, transfer, or otherwise share your Personal Information with third parties or any data that you store using our services to any third party except as outlined in this privacy policy.

5. Retention

We only keep your Personal Information for as long as necessary to fulfill the purposes we collected it for, after which it will be deleted or archived unless we are required to keep it to comply with our legal obligations or for another legitimate and lawful purpose. To determine the appropriate retention period for personal information, we consider several factors, including the terms of our agreements with you, our legitimate interests (as outlined in this Policy), our legal obligations, and the amount and nature of your Personal Information. Different retention periods apply for different types of personal information.

When it is no longer necessary to retain your Personal Information, we will securely destroy it in accordance with applicable laws and regulations. In some circumstances we will anonymize Personal Information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

6. Reviewing Or Changing Personal Information

You can review or request changes to your Personal Information by contacting us at security@diopta.ai

7. Choice/Opt-Out

We will typically send you messages that relate to transactions you conduct on our website or that have important alerts and notices about your account or our Services. You cannot opt out of these communications.

Additionally, we may send you promotional information regarding our Services. You can opt out of receiving promotional emails by following the opt-out instructions provided in those emails or by contacting us at security@diopta.ai with your specific request.

We may ask you to confirm or update your marketing preferences if you instruct us to provide further products and/or services in the future, or if there are changes in the law, regulation, or the structure of our business.

You can configure your software so it does not accept cookies, though you may not be able to access certain portions or features of our Services.

8. U.S. State-Specific Privacy Notice

This section provides additional details about the Personal Information we collect about individuals and the rights afforded to them under various applicable U.S. state data-protection and privacy laws, including the California Consumer Privacy Act, as amended by the California Privacy Rights Act or “CPRA” (collectively, the “CCPA”). Subject to applicable law, you have the following rights with respect to your personal information:

Exercising Your Rights. To exercise any of these rights, please contact us at security@diopta.ai. To protect your privacy and security, we will verify your identity before fulfilling your requests within the timeframes required by applicable law. The verification process may require you to provide additional information depending on the nature of your request and the sensitivity of the information involved. You may designate an authorized agent to make requests on your behalf. We may require written authorization from you and verification of both your and the agent's identity before processing requests submitted by authorized agents.

Categories of Personal Information Collected Under CCPA:

Sale and Sharing of Personal Information: Dioptra does not sell your personal information as defined by the California Consumer Privacy Act (CCPA). We do not share your personal information for cross-context behavioral advertising purposes. While we may share your personal information with third-party service providers as described in this Policy, such sharing is limited to service providers who process your information on our behalf and solely for the purposes of providing services to us. This does not constitute a "sale" or "sharing" under the CCPA.

12-Month Disclosure: In the preceding 12 months, we have not sold or shared personal information for monetary or other valuable consideration, nor have we shared personal information for cross-context behavioral advertising purposes.

9. Supplemental Notice for the EEA, UK, and Switzerland

This section provides additional details about the Personal Information we process subject to the General Data Protection Regulation (GDPR) and UK GDPR.

Controller: Dioptra, Inc. is the data controller of your Personal Information processed under this Policy.

Your Rights: Subject to applicable law, you have the following rights with respect to your Personal Information:

To exercise your rights, please contact us at security@diopta.ai. We may ask you to provide additional information to confirm your identity.

Legal Bases for Processing: We process your personal information based on the following legal grounds:

International Data Transfers: Your personal information may be transferred to, stored, or processed in countries outside the EEA, UK, or Switzerland, including the United States. We ensure such transfers comply with applicable data protection laws through appropriate safeguards, including:

Complaints: You have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or where an alleged infringement occurred. Contact information for EEA data protection authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en, and for the UK Information Commissioner's Office at https://ico.org.uk/global/contact-us/.

10. Changes to our Privacy Policy

If we change our privacy policy, we will post those changes on this page and update the "Last Updated" date above. Any changes will become effective when we post the revised Privacy Policy on this page.

11. Terms and Conditions

Please also visit the Dioptra Terms of Service establishing the use, disclaimers, and limitations of liability governing the use of our Services.

Questions?

Please contact us at security@diopta.ai.