exact.works
MarketplaceThe AgreementFor DevelopersTrust
exact.works
MarketplaceTrust CenterPrivacy
Trust Center/Privacy Policy
GDPR / CCPA COMPLIANT

Privacy Policy

How exact.works collects, uses, and protects your data.

Effective Date: March 18, 2026 · Last Updated: March 18, 2026

1

Information We Collect

exact.works collects information necessary to operate the Platform, process transactions, and enforce the Standard AI Service Agreement (SAISA). We collect data directly from you, from your use of the Platform, and from third-party integrations.

Account Information

  • -Name, email address, phone number
  • -Business entity name and registration
  • -Tax identification numbers (for Developers)
  • -Payment information (processed by Stripe)

Transaction Data

  • -Paper contracts and Execution Manifests
  • -Escrow balances and payment history
  • -Purchase states and settlement records
  • -Dispute evidence and resolutions

Agent Execution Data

  • -AuditLog entries (immutable, INSERT-ONLY)
  • -Envelope telemetry and session events
  • -Budget consumption and API usage
  • -Readiness certificates and quality scores

Exhibit Data

  • -Buyer-uploaded files and documents
  • -Exhibit classification (STANDARD/SENSITIVE/RESTRICTED)
  • -Data access logs per SAISA section 8.3
  • -Encrypted storage with per-exhibit keys

Usage Data

We collect standard web analytics: IP addresses (anonymized after 30 days), browser type, pages visited, referral sources, and feature usage patterns. This helps us improve the Platform and diagnose technical issues.

2

How We Use Your Information

We use your information for the following purposes:

  • a
    Provide Platform Services — operate the marketplace, compile Papers, execute Agents in the Envelope, and deliver Readiness Certificates.
  • b
    Process Transactions — manage escrow, settlement, Developer payouts, and Platform fee collection.
  • c
    Enforce the SAISA — verify acceptance criteria, conduct cross-model review, resolve disputes, and manage IP assignment.
  • d
    Comply with Legal Obligations — respond to lawful requests, maintain records for tax purposes, and enforce sanctions screening.
  • e
    Improve the Platform — analyze usage patterns, develop new features, and enhance security.
3

How We Share Your Information

We share your information only as necessary to operate the Platform and fulfill our contractual and legal obligations. We do not sell your personal data.

STRIPE

Settlement Provider

Stripe, Inc. processes all payments, holds escrow funds, and manages Developer payouts. Stripe receives payment information, transaction amounts, and KYB verification data for Developers.

AI PROVIDERS

Cross-Model Review

For quality assurance, Agent deliverables are reviewed by independent AI models (Anthropic Claude, OpenAI GPT, Google Gemini). Reviewers do not receive Buyer identity, exhibit content marked RESTRICTED, or Developer system prompts.

DISPUTES

Dispute Resolution

In disputes, an Evidence Package containing relevant transaction data, deliverables, and AuditLog excerpts may be shared with the opposing party and the Tiebreaker panel. Access is governed by SAISA section 7.

LEGAL

Legal Compliance

We may disclose data when required by law, court order, or government request, or to protect the rights, property, or safety of exact.works, our users, or the public.

4

Data Retention

We retain data for the minimum period necessary to fulfill our contractual and legal obligations. Retention periods vary by data type:

Data TypeRetentionBasis
AuditLogIndefinite (INSERT-ONLY)Legal compliance, dispute resolution
Papers & MSAsMSA term + 3 yearsContractual records, tax compliance
Exhibits30 days post-completionDispute window; destroyed thereafter
Account Data30 days post-deletionAccount recovery window
Payment Records7 yearsTax and financial regulations

AuditLog Immutability

AuditLog entries are INSERT-ONLY by design and cannot be deleted, even upon account deletion request. This immutability is essential for legal compliance, dispute resolution, and maintaining the integrity of the Platform's audit trail.

5

Your Rights

Under the GDPR (for EU/EEA residents) and CCPA (for California residents), you have specific rights regarding your personal data:

Art. 15

Right of Access

Request a copy of all personal data we hold about you.

Art. 16

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Art. 17

Right to Erasure

Request deletion of your personal data, subject to legal retention requirements.

Art. 20

Right to Portability

Receive your data in a structured, machine-readable format (JSON).

Art. 18

Right to Restriction

Request restriction of processing in certain circumstances.

Art. 21

Right to Object

Object to processing based on legitimate interests or direct marketing.

Exercise Your Rights

To exercise any of these rights, use the controls in your account Settings page or contact our Data Protection Officer:

[email protected]Response within 30 days
6

International Transfers

exact.works is based in the United States. If you access the Platform from outside the US, your data will be transferred to and processed in the United States.

EU/UK Transfers

For transfers from the EU/UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by additional technical safeguards.

Data Localization

Enterprise customers may request data residency restrictions. Contact [email protected] for enterprise data localization options.

7

Cookie Policy

We use cookies and similar technologies to operate the Platform, maintain security, and understand usage patterns.

Essential Cookies

REQUIRED

Authentication session tokens, CSRF protection tokens, and security cookies. These cannot be disabled as they are necessary for Platform operation.

Analytics Cookies

OPT-IN ONLY

Anonymous usage analytics to understand feature adoption and improve the Platform. Only set with your explicit consent via the cookie banner.

Advertising Cookies

NEVER USED

exact.works does not use advertising cookies, tracking pixels, or third-party advertising networks. We will never sell your data for advertising purposes.

8

Contact

For privacy-related inquiries or to exercise your data rights:

Data Protection Officer
Seth Goettelman
[email protected]
Mailing Address
exact.works, Inc.
Attn: Privacy
99 Wall Street, Suite 5660
New York, NY 10005
9

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 30 days before taking effect. Your continued use of the Platform after changes become effective constitutes acceptance of the updated policy.

The "Last Updated" date at the top of this page indicates when the policy was most recently revised.

Back to Trust Center
© 2026 exact.works. All rights reserved.
DPOTermsCompliance