# ndaflow - AI-powered NDA review & secure automated B2B NDA checks

SaaS legal operations platform designed to automate the lifecycle of third-party Non-Disclosure Agreements (NDAs). Created by an experienced London-based fintech solicitor who built the legal functions from zero at ComplyAdvantage and Risk Ledger (and spent years at leading law firms like Mayer Brown, Herbert Smith Freehills and Paul Hastings), helping startups, commercial teams, and fractional general counsels accelerate deals without compromising on risk management.

## Ideal Customer Profile (ICP)
- **B2B & Fintech Startups**: Fast-scaling businesses needing to sign NDAs without legal department bottlenecks.
- **Commercial & Sales Teams**: Enabling sales and partnerships departments to self-serve routine NDA compliance.
- **Fractional General Counsels (GCs)**: Providing external legal advisors a structured risk-assessment backstop.

## Core Features
- **Playbook-Based Risk Engine**: Automates compliance checks against a tested legal playbook (liability caps, mutual obligations, indemnities, non-solicits, and jurisdiction selection).
- **Three Verdict Tiers**:
  - `sign`: Terms that don't contain clauses that the playbook considers worth slowing down deal cycles to negotiate, i.e. "clean enough".
  - `placeholders`: Clean terms but requires data completion (e.g., date, company details).
  - `changes_required`: Higher-risk issues detected that merit some attention.
- **Automatic Revision Chains**: Upload counterparty markups to compare, assess, and verify whether previous compliance issues have been solved.
- **Counterparty Email Draft Generator**: Auto-compiles professional legal markup feedback emails in strict sentence case.

## Architecture, Security & Privacy
- **Hosting & Infrastructure**: A single-page application hosted on Cloudflare and Google Cloud Platform, with client data hosted in europe-west2 (London).
- **Encryption**: Full data encryption in transit and at rest.
- **AI Inference**: Handled via Application Default Credentials (ADC) Vertex AI Gemini API calls using Google's Global endpoint.
- **Data Privacy**: Uploaded documents are processed in memory and are not used to train third-party AI models.
- **Single Sign-On (SSO)**: Supports native Google and Microsoft OAuth2 SSO authentication, automatically linking existing password accounts by verified email.

## Pricing & Credits
- **Output-Focused**: No recurring subscription fees; pay-as-you-go top-up model.
- **Credit Validity**: Unused free monthly quota resets at the end of each billing cycle; purchased top-up credits are intended for use within 12 months.