TermUp

Privacy Policy

Effective Date: March 27, 2026 · Last Updated: March 29, 2026

This Privacy Policy describes how Heat & Horizon LLC ("Heat & Horizon," "Company," "we," "us," or "our") handles information collected through the TermUp website, web application, and related services (collectively, the "Service").

1. Scope

This Policy applies to information we collect from website visitors, account holders, invited users, and people who contact us about the Service. It does not govern information handled by third-party services you connect to TermUp except as described here.

2. Information We Collect

2.1 Account and profile information

When you create or use an account, we may collect your name, email address, password or authentication details, role, company name, phone number, timezone, and related account settings. If you use Google sign-in, we receive profile details made available by Google.

2.2 Customer Content and uploaded documents

TermUp is designed to host contracts, invoices, renewal notices, vendor records, comments, reminders, and related files or metadata you or your team upload to the Service ("Customer Content"). That content may include confidential business information.

2.3 AI features and generated content

When you use AI-assisted features, we process the relevant inputs to generate output. This includes:

  • Document extraction: Identifying dates, pricing, vendors, renewal terms, notice periods, summaries, and action items from uploaded files.
  • Conversational AI (such as Ask This Document): Processing questions you submit about a specific document and generating AI-based responses.

We store the extracted output, review state, AI conversation history within a document, and related metadata in your workspace. Customer Content is not used to train AI models.

2.4 Billing and transaction information

Subscription billing is processed by Stripe. We do not store full payment card numbers on our servers. We may receive billing contact details, subscription status, customer identifiers, and transaction metadata from Stripe.

2.5 Integration and connected-service data

If you connect Google Drive, Dropbox, Google Calendar, or other integrations we support, we may store authentication tokens, connected account email addresses, scopes, and imported file or sync metadata needed to provide that functionality.

2.6 Usage, device, and log information

We automatically collect technical and usage information such as IP address, device and browser details, approximate location derived from IP, page and feature activity, timestamps, error logs, and security events. We use this information to operate, secure, and improve the Service.

2.7 Phone numbers and SMS

If you or a workspace administrator enable SMS reminders, we collect the mobile phone number provided for that purpose. Phone numbers may be used to deliver renewal reminders, cancellation-window alerts, and related transactional messages through the Service, as well as for account-related activities such as identity verification and account access. We do not share phone numbers with third parties for marketing purposes.

2.8 Communications

If you email us, request support, or otherwise communicate with us, we collect the contact details and message content associated with that interaction.

3. How We Use Information

We use information we collect to:

  • Provide, host, maintain, and support the Service
  • Authenticate users and manage accounts, roles, and teams
  • Process Customer Content, including AI-assisted extraction and structured data review
  • Send transactional communications such as reminders, verification messages, billing notices, support responses, and security alerts
  • Enable integrations and document imports you choose to connect
  • Detect misuse, fraud, abuse, bugs, and security incidents
  • Analyze performance and improve the Service
  • Comply with legal obligations and enforce our agreements

For Customer Content submitted through customer accounts, we generally process that content on behalf of our customers as a service provider or processor. Our customers determine whether to upload Customer Content, what Customer Content to submit, and the business purposes for which that content is processed through the Service.

We do not determine the purposes or means of processing Customer Content except as necessary to provide, secure, maintain, and support the Service.

If your organization requires a data processing agreement or similar privacy addendum, contact privacy@termup.io.

4. AI and Service Providers

We use third-party providers to operate the Service, including infrastructure, storage, email delivery, SMS delivery, billing, AI processing, analytics, and advertising measurement. Based on the current product configuration, these may include Google Cloud, Vercel, Stripe, Resend, Sentry, Google, Google Analytics, LinkedIn, Dropbox, Upstash, Twilio, OpenRouter and AI model providers made available through it, including Amazon.

We do not sell Customer Content. We do not use Customer Content to train AI models. When we use third-party AI providers to process Customer Content, we utilize services and models that do not use Customer Content to train their models. Third-party providers may process data on our behalf subject to their own terms, security commitments, and data processing terms.

We may update subprocessors from time to time as the Service evolves. Updated providers may be reflected in this Policy or otherwise disclosed through the Service. We are not responsible for third-party providers' independent acts, omissions, or services outside our control.

5. Security

We use commercially reasonable administrative, technical, and organizational measures intended to protect information handled by the Service. Those measures include access controls, encryption in transit, encrypted cloud storage, and logging for security-relevant events. No system is perfectly secure, and we cannot guarantee that unauthorized access, loss, or misuse will never occur.

6. How We Share Information

We may share information in the following circumstances:

  • With service providers and subprocessors helping us operate the Service
  • With members of your workspace or company, based on your account role and sharing settings
  • With connected third-party services when you authorize an integration or import
  • When required by law, court order, or valid legal process
  • To protect the rights, property, safety, and security of the Company, our users, or others
  • In connection with a merger, financing, acquisition, bankruptcy, or sale of all or part of our business

7. Retention

We keep information for as long as reasonably necessary to provide the Service, maintain business and tax records, resolve disputes, detect fraud or abuse, enforce our agreements, and comply with law. Retention periods may vary by data type and account status.

Customer Content is typically retained for the duration of your account and for a limited period thereafter as reasonably necessary for backup recovery, support, dispute resolution, fraud prevention, and legal compliance.

If you request deletion or close your account, we will take steps to delete or de-identify applicable information within a commercially reasonable timeframe, subject to legal obligations, dispute resolution needs, fraud prevention, and residual copies that may remain temporarily in backups or logs.

8. Your Choices and Rights

You may be able to:

  • Access, update, or correct account information
  • Delete documents or other Customer Content from your workspace
  • Request export or deletion of your account data
  • Disconnect third-party integrations
  • Disable SMS reminders or other optional communications
  • Opt out of advertising and analytics tracking on our marketing website (see the Cookies and Similar Technologies section below for details and opt-out links)
  • Exercise privacy rights available under applicable law, including California or other U.S. state privacy laws where they apply

To make a privacy request, email privacy@termup.io.

9. Cookies and Similar Technologies

We use cookies and similar technologies for authentication, session management, security, and core site functionality.

On our marketing website, we also use the following third-party tools:

  • Google Analytics for measuring website traffic, page performance, and aggregate visitor behavior. Google Analytics may set cookies on your browser. You can opt out by installing the Google Analytics opt-out browser add-on.
  • LinkedIn Insight Tag for measuring marketing campaign performance, conversion tracking, and showing relevant ads to people who have visited the marketing website. The LinkedIn Insight Tag may set cookies and pixels and may transmit information about your visit to LinkedIn. You can opt out through LinkedIn's ad preferences or through your browser's cookie controls.

We do not use these advertising or analytics technologies inside the authenticated TermUp application to track Customer Content or in-app activity for advertising purposes.

10. Children's Privacy

The Service is intended for business use and is not directed to children under 18. We do not knowingly collect personal information from children.

11. International Data Transfers

TermUp is operated from the United States and data may be processed or stored in the United States or other locations where our service providers operate. If you use the Service from outside the United States, you understand that your information may be transferred to and processed in the United States.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we may provide notice through the Service, by email, or by updating the effective date above.

13. Contact

For privacy questions or requests, contact us at privacy@termup.io.

Heat & Horizon LLC
California, United States