Privacy Policy
Last updated: July 12, 2026
This Privacy Policy explains what information Pishik ("we," "us," or "our") collects, how we use it, and the choices you have. By using Pishik (the "Service"), you agree to this Policy. It is incorporated into our Terms of Service. While the Service is in private beta, the Beta Program Agreement also applies to your participation in the beta program.
Contents
1. Information we collect
- Account information — your name, email address, password, company name, and role. Passwords are never stored in plain text.
- Workspace data — contract titles and types, document links (not the documents themselves), reviewer names and email addresses, review stages, decisions, comments and @mentions, notes and to-dos, reminders, and activity-history entries you create.
- Delivery metadata — when the Service sends a review or notification email, we record the recipient, the subject line, timestamps, and the delivery status. This delivery log is the only email record we keep; we never store mailbox contents. (Section 3 explains how sending works.)
- Technical data — basic log information such as IP address, request times, and error diagnostics, used to operate, secure, and troubleshoot the Service.
- Invite requests & messages you send us — when you request an invite or use our contact form, we receive the name, email address, company, and message you submit. We use them to respond to you and to administer the invite-only beta — for example, to review invite requests and send invite codes. Feedback you share about the beta is handled as described in the Beta Program Agreement.
2. How we use information
- To provide, maintain, secure, and improve the Service;
- To authenticate you and protect against fraud, abuse, and unauthorized access;
- To send transactional messages you initiate (review requests, reminders, status updates, invitations, and password resets);
- To administer the beta program, including reviewing invite requests and sending invite codes;
- To respond to support requests; and
- To comply with legal obligations and enforce our Terms.
We do not sell your personal information, and we do not use your Customer Data to train third-party advertising models.
3. How email is sent
Review and notification emails are sent automatically by the Service. Depending on how delivery is configured for your workspace, mail is sent through your own Microsoft 365 tenant (via Microsoft Graph), through Azure Communication Services, or through an SMTP provider. Every send is recorded in the delivery log described in Section 1 — the metadata, and nothing more.
A note on Microsoft 365: when your workspace delivers email through your own Microsoft 365 tenant, each message is sent from a sender mailbox in your tenant, and a copy of each sent message is saved to that mailbox's Sent Items — your mailbox, in your tenant, under your control. The Service only sends; we do not read, sync, or otherwise access your mailbox.
Replies from reviewers go to your team's reply-to address — yours, or a company-wide one your admin sets — not to us. When you use a third-party storage provider (for example, SharePoint, OneDrive, or Google Drive), your use of that provider is governed by its own privacy policy.
4. Cookies, analytics & tracking
The Service uses a single, strictly necessary session cookie to keep you signed in. We do not use advertising cookies, third-party tracking cookies, or analytics services of any kind.
This website is fully self-hosted: its pages, styles, scripts, images, and fonts are all served from our own domain. Visiting it makes zero requests to third-party servers — no analytics beacons, no tracking pixels, no social-media embeds, no external fonts or CDNs.
5. Service providers & hosting
We host the Service on cloud infrastructure (currently Microsoft Azure) and may use vetted service providers to operate it. These providers process data only to provide services to us and are bound by confidentiality and security obligations. Your Documents remain in your own storage (for example, SharePoint, OneDrive, or Google Drive) and are not transmitted to or stored by us.
6. Data retention
We retain Customer Data for as long as your account is active or as needed to provide the Service, and thereafter as required to comply with legal obligations, resolve disputes, and enforce agreements. You can export your data at any time and may request deletion of your account. We may delete data associated with terminated or long-inactive accounts.
7. Security
We take the protection of your information seriously and use reasonable technical and organizational measures designed to safeguard it. However, no method of transmission over the Internet or method of electronic storage is completely secure, and we cannot and do not guarantee absolute security. You are responsible for keeping your account credentials confidential and for maintaining your own backups of important data. For a plain-language description of how the Service is built — including two-factor authentication, single-use review links, and the audit trail — see Security & trust.
8. Reviewers who receive our email
If an organization that uses Pishik asks you to review a contract, you do not need an account, and we keep only what the review itself requires: your name and email address (plus any title, department, or note the organization adds to its reviewer list), the decision you record — approve or reject, with any note you type on the decision page — and timestamps showing when review emails were sent to you and when your decision was recorded. Pishik stores this information on behalf of the organization that contacted you. Your review link is personal and single-use, it expires, and nothing is recorded until you confirm your decision.
To have your contact details removed, start with the organization that contacted you — the records belong to their workspace. You can also reach us through our support contact form and we will help coordinate. Privacy for reviewers has the details.
9. Your rights & choices
Depending on your location, you may have rights to access, correct, export, or delete your personal information, or to object to or restrict certain processing. You can update much of your information within the Service, and every workspace member can export their own data at any time — admins can export the entire workspace. Contact us to exercise other rights; we will respond consistent with applicable law. If you are a reviewer rather than an account holder, see Section 8.
10. International users
The Service may be operated and data processed in the United States and other countries. By using the Service, you consent to the transfer and processing of your information in those countries, which may have different data-protection laws than your own.
11. Children
The Service is not directed to children under 18 and is intended for business use. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.
12. Changes to this Policy
We may update this Policy from time to time. Material changes will be reflected by a new "Last updated" date, and where appropriate we will provide additional notice. We also record material changes to our legal documents in our release notes. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.
13. Contact
Questions or requests regarding privacy — including access, export, correction, or deletion requests? Reach us through the contact form in our Support Center. It goes straight to the team that runs Pishik.