Drop legal docs.
Get a report.
Nothing leaves your browser.

Vaulytica is a deterministic linter for contracts. It runs hundreds of identical checks against your document, the boring exhaustive ones a tired human misses at 1 a.m., and hands back a Word file you can cite. Free. Open source. MIT. No account, no AI, no server. Drop something on me.

Drop a PDF or DOCX — up to four at once.
Vaulytica understands BAAs, DPAs, NDAs, MSAs, EU SCCs, the UK Addendum, vendor security exhibits, AI addenda, and certificates of insurance — and can compare pairs against each other. Analysis runs locally; nothing is uploaded.

Multiple files? Drop a folder or

What I check.

112 rules at launch across ten categories — 220 more in v3, 730 more in v4 (1,000+ in total). Every finding cites the rule by id and the source by URL.

Structural & formal

Party blocks, signatures, defined terms, cross-references, numbering, template placeholders.

STRUCT-001STRUCT-003STRUCT-005STRUCT-007STRUCT-009STRUCT-011

Financial terms

Word/numeral mismatches, currency consistency, usury, payment terms, MFN, caps.

FIN-001FIN-002FIN-003FIN-004FIN-005FIN-007

Temporal

Impossible dates, auto-renewal notice windows, survival, cure periods, post-expiry references.

TEMP-001TEMP-004TEMP-005TEMP-006TEMP-008TEMP-010

Risk allocation

Indemnity presence + mutuality + caps, LoL with exceptions, consequential waivers, insurance.

RISK-001RISK-002RISK-004RISK-005RISK-009RISK-013

Choice & venue

Governing law, forum, foreign-venue enforceability, arbitration, class waivers, jury waivers.

CHOICE-001CHOICE-004CHOICE-005CHOICE-006CHOICE-007CHOICE-008

Dark patterns

Unilateral modification rights, buried auto-renewal notices, asymmetric fee-shifting, forced arbitration.

DARK-001DARK-002DARK-003DARK-004

How this works.

Your file goes in on the left, runs through a deterministic rule engine fed by the Knowledge Base, comes back out on the right as a Word document. Nothing else moves.

What I do not do.

Why no AI?

Every other contract tool you can find right now leans on a language model. The pitch is the same everywhere: paste your contract, the AI summarizes, the AI flags risk, the AI suggests redlines. The output is fluent and confident and changes every time you run it. A junior associate can use that for research. A senior partner cannot sign off on it. An auditor cannot trace it. A client cannot reproduce it. The output is, by construction, uncitable.

Vaulytica is for the work the AI tools cannot do: exhaustive, identical, cited checking. The professional failure mode in contract review is not "I did not understand the indemnity clause." It is "I read eighty pages at midnight and missed that the auto-renewal triggers sixty days before expiry rather than thirty." A deterministic checklist runner catches that failure mode every time. A chatbot is neither exhaustive nor reproducible. If you want to chat with an AI about your contract, do; it is fine, just do not do it here.

Your privacy.

Vaulytica runs entirely in your browser. There is no server to send your file to, because there is no server. Open DevTools, open the Network tab, drop your contract, and confirm zero requests. Verify it yourself. The site is a static page on Cloudflare Pages, the code is on GitHub under MIT, and there is no analytics, no telemetry, no error reporting, no fonts from CDNs. Every byte your browser fetches comes from vaulytica.com.

Verify in DevTools · 30 seconds
  1. Open this page in Chrome, Firefox, or Safari.
  2. Press F12 (or ⌥⌘I on macOS) to open DevTools.
  3. Click the Network tab and check "Disable cache."
  4. Reload the page once to capture initial asset loads, then click Clear.
  5. Drop a contract onto the drop zone. Watch the network tab during analysis. There should be zero requests.

Where the rules come from.

Every rule cites at least one of these. Every source is free and public.

SEC EDGAR public domain

Real-world clause corpus sampled from EX-10 attachments to 10-K, 10-Q, 8-K, and S-1 filings.

efts.sec.gov

Cornell LII free use

Cross-references between the UCC and each state's enacted version, and state-code lookups.

law.cornell.edu

Common Paper CC BY 4.0

Canonical balanced-default reference clauses for NDA, SaaS, MSA, SOW, DPA, and more.

commonpaper.com

CUAD CC BY 4.0

510 contracts, 13,000+ expert annotations, 41 clause categories. Trains the deterministic classifier.

atticusprojectai.org

LEDGAR CC BY 4.0

80,000+ provisions across 100 clause categories. Broader training set for the classifier.

huggingface.co/lex_glue

US Code (LRC) public domain

Official US Code in USLM XML: Titles 9, 11, 15, 17, 18, 28, 35, and 41.

uscode.house.gov

eCFR public domain

Electronic Code of Federal Regulations: FTC (16), CFTC (17), IRS (26), Labor (29), HIPAA (45).

ecfr.gov

govinfo public domain

Bulk Federal Register, CFR, Public Laws, and Statute Compilations in XML.

govinfo.gov

Uniform Law Commission free use

UETA, UCC, UTSA, RUFADAA, and other uniform-act citations.

uniformlaws.org

awesome-legal CC0

Curated set of public legal templates: GitHub's BEIPA, Cooley offer letters, YC SAFEs.

github.com/ankane/awesome-legal

Atticus Project CC BY 4.0

Clause-type definitions and the broader Open Contract Dataset.

atticusprojectai.org

Open-Agreements MIT + CC BY

Fillable DOCX builds of Common Paper, Bonterms, and OpenAgreements templates.

github.com/open-agreements

FAQ.

Is this legal advice?
No. Vaulytica is a software tool. It is not a lawyer, it does not give legal advice, and using it does not create an attorney-client relationship with anyone. If something here matters, hire a lawyer.
Can I trust the report?
The report is the output of a deterministic rule engine, not a model. Given the same input file, the same engine version, and the same Deterministic Knowledge Base version, you will get the same report. Every finding cites a rule by id and a source by URL. The audit trail at the end of every report names every rule that ran, including the silent ones.
Do you train models on my data?
There is no server. Your contract never leaves the tab. Nothing is logged, nothing is uploaded, nothing is retained. Open DevTools, open the Network tab, and confirm zero requests during analysis.
Why no AI?
Probabilistic answers cannot be cited. A senior partner cannot sign off on a chatbot output. An auditor cannot trace it. A client cannot reproduce it. Vaulytica does the work AI tools cannot do: exhaustive, identical, cited checking.
How is the data kept current?
The Deterministic Knowledge Base is rebuilt weekly via a public GitHub Action that fetches from SEC EDGAR, the US Code, the eCFR, govinfo, Common Paper, CUAD, LEDGAR, and other free public sources. Every entry records its source URL, retrieval date, and license. The current DKB version is shown in the footer.
What contract types are supported?
At launch, twelve playbooks: Mutual NDA, Unilateral NDA, US Employment (at-will, exempt), Independent Contractor, SaaS Customer-side, SaaS Vendor-side, MSA, SOW, Commercial Lease (multi-tenant), Residential Lease (US), Consulting Agreement, and a Generic Fallback. The structural and financial rules run against any contract.
What if I find a bug?
Open an issue on GitHub. The repository is public and MIT-licensed. Reproducible bugs with a redacted fixture contract are fixed fast.
Can I add a rule?
Yes. See docs/adding-a-rule.md in the repository. Every new rule must cite at least one DKB entry by id, include a positive and negative test fixture, and pass the deterministic regression check.
Why MIT license?
MIT is the most permissive license most attorneys recognize on sight and removes any friction for someone who wants to fork the project, run it internally at a firm, or build a paid wrapper around it. The license invites that.
What about other languages?
English at launch. Legal language is jurisdiction-specific and "just translate it" is wrong. A future contributor with the right expertise can add another jurisdiction-language pair as a complete unit.

Stop hoping you didn't miss anything.
Prove you didn't.

Made with love by Clay Good GitHub