Privacy Policy

This Privacy Policy describes how Heat & Horizon LLC ("Heat & Horizon," "Company," "we," "us," or "our") handles information collected through the TermUp website, web application, and related services (collectively, the "Service").

1. Scope

This Policy applies to information we collect from website visitors, account holders, invited users, and people who contact us about the Service. It does not govern information handled by third-party services you connect to TermUp except as described here.

2. Information We Collect

2.1 Account and profile information

When you create or use an account, we may collect your name, email address, password or authentication details, role, company name, phone number, timezone, and related account settings. If you use Google sign-in, we receive profile details made available by Google.

2.2 Customer Content and uploaded documents

TermUp is designed to host contracts, invoices, renewal notices, vendor records, comments, reminders, and related files or metadata you or your team upload to the Service ("Customer Content"). That content may include confidential business information.

2.3 AI extraction and generated metadata

When you use extraction features, we process uploaded files to identify dates, pricing, vendors, renewal terms, notice periods, summaries, and action items. We store the extracted output, review state, and related metadata in your workspace.

2.4 Billing and transaction information

Subscription billing is processed by Stripe. We do not store full payment card numbers on our servers. We may receive billing contact details, subscription status, customer identifiers, and transaction metadata from Stripe.

2.5 Integration and connected-service data

If you connect Google Drive, Dropbox, Google Calendar, or other integrations we support, we may store authentication tokens, connected account email addresses, scopes, and imported file or sync metadata needed to provide that functionality.

2.6 Usage, device, and log information

We automatically collect technical and usage information such as IP address, device and browser details, approximate location derived from IP, page and feature activity, timestamps, error logs, and security events. We use this information to operate, secure, and improve the Service.

2.7 Phone numbers and SMS

If you or a workspace administrator enable SMS reminders, we collect the mobile phone number provided for that purpose. Phone numbers may be used to deliver renewal reminders, cancellation-window alerts, and related transactional messages through the Service, as well as for account-related activities such as identity verification and account access. We do not share phone numbers with third parties for marketing purposes.

2.8 Communications

If you email us, request support, or otherwise communicate with us, we collect the contact details and message content associated with that interaction.

3. How We Use Information

We use information we collect to:

• Provide, host, maintain, and support the Service
• Authenticate users and manage accounts, roles, and teams
• Process Customer Content, including AI-assisted extraction and structured data review
• Send transactional communications such as reminders, verification messages, billing notices, support responses, and security alerts
• Enable integrations and document imports you choose to connect
• Detect misuse, fraud, abuse, bugs, and security incidents
• Analyze performance and improve the Service
• Comply with legal obligations and enforce our agreements

For Customer Content submitted through customer accounts, we generally process that content on behalf of our customers as a service provider or processor. Our customers determine whether to upload Customer Content, what Customer Content to submit, and the business purposes for which that content is processed through the Service.

We do not determine the purposes or means of processing Customer Content except as necessary to provide, secure, maintain, and support the Service.

If your organization requires a data processing agreement or similar privacy addendum, contact privacy@termup.io.

4. AI and Service Providers

We use third-party providers to operate the Service, including infrastructure, storage, email delivery, SMS delivery, billing, and AI processing. Based on the current product configuration, these may include Google Cloud, Vercel, Stripe, Resend, Sentry, Google, Dropbox, Upstash, Twilio, OpenRouter and AI model providers made available through it, including Amazon.

We do not sell Customer Content. We do not use Customer Content to train AI models. When we use third-party AI providers to process Customer Content, we utilize services and models that do not use Customer Content to train their models. Third-party providers may process data on our behalf subject to their own terms, security commitments, and data processing terms.

We may update subprocessors from time to time as the Service evolves. Updated providers may be reflected in this Policy or otherwise disclosed through the Service. We are not responsible for third-party providers' independent acts, omissions, or services outside our control.

5. Security

We use commercially reasonable administrative, technical, and organizational measures intended to protect information handled by the Service. Those measures include access controls, encryption in transit, encrypted cloud storage, and logging for security-relevant events. No system is perfectly secure, and we cannot guarantee that unauthorized access, loss, or misuse will never occur.

6. How We Share Information

We may share information in the following circumstances:

• With service providers and subprocessors helping us operate the Service
• With members of your workspace or company, based on your account role and sharing settings
• With connected third-party services when you authorize an integration or import
• When required by law, court order, or valid legal process
• To protect the rights, property, safety, and security of the Company, our users, or others
• In connection with a merger, financing, acquisition, bankruptcy, or sale of all or part of our business

7. Retention

We keep information for as long as reasonably necessary to provide the Service, maintain business and tax records, resolve disputes, detect fraud or abuse, enforce our agreements, and comply with law. Retention periods may vary by data type and account status.

Customer Content is typically retained for the duration of your account and for a limited period thereafter as reasonably necessary for backup recovery, support, dispute resolution, fraud prevention, and legal compliance.

If you request deletion or close your account, we will take steps to delete or de-identify applicable information within a commercially reasonable timeframe, subject to legal obligations, dispute resolution needs, fraud prevention, and residual copies that may remain temporarily in backups or logs.

8. Your Choices and Rights

You may be able to:

• Access, update, or correct account information
• Delete documents or other Customer Content from your workspace
• Request export or deletion of your account data
• Disconnect third-party integrations
• Disable SMS reminders or other optional communications
• Exercise privacy rights available under applicable law, including California or other U.S. state privacy laws where they apply

To make a privacy request, email privacy@termup.io.

9. Cookies and Similar Technologies

We use cookies and similar technologies for authentication, session management, security, and core site functionality. We may also use limited analytics or diagnostics tools to understand product performance. We do not use the Service to serve third-party behavior advertising.

10. Children's Privacy

The Service is intended for business use and is not directed to children under 18. We do not knowingly collect personal information from children.

11. International Data Transfers

TermUp is operated from the United States and data may be processed or stored in the United States or other locations where our service providers operate. If you use the Service from outside the United States, you understand that your information may be transferred to and processed in the United States.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we may provide notice through the Service, by email, or by updating the effective date above.

13. Contact

For privacy questions or requests, contact us at privacy@termup.io.

Heat & Horizon LLC
California, United States