Everything you need to get from sign-in to your first contract review, explained once. Concepts, privacy architecture, billing, team, and the things that go wrong — and how to fix them.
BarZero is AI contract review and creation. One thing, done well. Here’s the fastest path from a brand-new account to your first real result.
OAuth is the only way in. We don’t offer email+password because we never want your password on our servers — see the signin page for the full rationale.
Sign inFirst-time sign-in drops you into the welcome flow. It asks for your display name, firm name, and role so the workspace can address you correctly. Nothing in the wizard leaves your browser except the minimal profile fields needed to render the UI.
Start the wizardZen, Ensemble, Realm, or Orbit — Z·E·R·O. The beta discount (50% off for life) is still live, so self-serve tiers are currently half price for the lifetime of the subscription. Compare on the pricing page and check out through Stripe.
Compare plansOpen the Contracts workspace and drop in a .docx, .txt, .md, or .pdf. Claude streams clause-by-clause analysis, pulls out defined terms, flags risks, and produces an exportable review. The document text never touches our database — it’s in memory for the milliseconds the model is reading it, then gone.
Open ContractsBatch review processes a whole folder of contracts against one playbook position and review type. Each contract runs through the same clause-level analysis as a single-doc review, items are linked by a shared batchId, and the run concludes with an aggregate index report.
Batches run in one of two modes. Only tab-open mode ships in this release.
/reviewed subfolder, an email digest, a customer webhook, or back into the browser workspace.When a batch completes, BarZero produces an aggregate index: a markdown document that lists every reviewed contract with its headline finding, plus links into each full review. The v1 aggregate is built client-side from the per-contract analyses already in your browser (no extra API call). A Claude-powered cross-contract synthesis pass — shared risks, unusual clauses, playbook deviations across the batch — lands in a future release.
Every contract in a batch counts against your plan’s monthly page quota the same way a single-document review does. Before a batch starts, the dialog shows an estimate of total pages and the worst-case overage cost (assumes every page goes to overage). If the estimate exceeds your remaining quota, BarZero prompts for overage opt-in at the per-request boundary the same way a single-doc overage prompt works today.
Batch review is available on Ensemble and higher. See pricing for tier details.
A few primitives make up the BarZero workspace. Learn these and the rest of the product reads itself.
.docx, .txt, .md, or .pdf and BarZero reviews it clause-by-clause with risk flagging, defined-term validation, and exportable redlines. Review mode (buyer, seller, neutral) and review type (NDA, MSA, employment, etc.) are prepended to the system prompt so Claude analyzes from the correct position. Metadata in Office documents is scrubbed client-side before upload. The full document text, your chat history, and the analysis all persist in IndexedDB, never on a BarZero server.BarZero’s privacy story isn’t a checkbox on a marketing page — it’s a technical shape. Three pieces do the actual work.
Every contract review runs against Anthropic’s Claude API under a Zero Data Retention agreement — always on, single code path. Anthropic does not log, store, or use your prompts or documents for training. Our own servers hold your payload in volatile memory for the milliseconds Claude is reading it and never write it to persistent storage. The response is streamed straight to your browser. The ZDR state is reported back on every request via the X-BarZero-ZDR response header.
Matters, contracts, and chat history all live in an IndexedDB database called BarZeroLocalDB, managed by Dexie. Close the tab, clear the database, and the data is gone from your browser. It was never anywhere else. The only things that touch a BarZero server are: your OAuth session and your billing metadata (plan, page usage counter, Stripe customer id) — never document content.
When end-to-end encrypted sync is enabled, a per-device AES-GCM key is generated in your browser and stored as a non-extractableCryptoKey in IndexedDB. “Non-extractable” is a WebCrypto guarantee: even JavaScript running on the page cannot read the raw key material — it can only use it to encrypt and decrypt. Payloads are encrypted before they touch the network. If you lose the device (and didn’t export a recovery key), the synced data is permanently unrecoverable — we literally cannot help you, which is the point.
For the full trust-center details (subprocessors, key rotation, certificate verification protocol, threat model), see the Security page. The legal prose is on /privacy.
Pricing is volume-tiered: pick the tier that matches your expected monthly page count. Seats are an orthogonal add-on — adding a seat gives another person access to the same shared page pool at $25/seat/month; it does not multiply the pool.
Anyone who subscribes during the beta window locks in 50% off for life. The discount is applied as a Stripe coupon with duration=forever on the subscription, so it persists through plan changes, seat adjustments, and billing period switches.
A solo seat
A shared playbook
A firm's region
Enterprise reach
The page meter counts pages with at least 20 characters of non-whitespace textafter OCR or text extraction. Empty separator pages, blank title pages, and pages that didn’t OCR cleanly do notcount. For formats without native page boundaries (DOCX, TXT, Markdown), one “page” is approximately 2,500 non-whitespace characters — so a single one-page NDA counts as 1 page, a ten-page MSA counts as ten. The count is alwayscomputed on the server from the document you actually sent — a client-supplied page count is kept in the wire format for telemetry only and never trusted for billing.
General chat does not burn pages — only contract reviews are metered.
When a scan would push your month’s page count over the included quota, BarZero blocks the request and returns a structured opt-in prompt showing exactly how many overage pages this scan would cost and at what rate. You have to actively opt into overage for the current billing cycle before the scan will run. Overage is billed through Stripe’s metered-billing API as pages are scanned.
Seat changes go through the Stripe Customer Portal, which you can open from the Settings page. Seats are prorated automatically for the remainder of the current period. The shared page pool stays the same — new seats get access, not extra capacity.
Cancellation is self-serve from the Settings page. Cancellations take effect immediately — we don’t hold your data hostage for a notice period. Your IndexedDB matters and contracts remain in your browser after cancellation; you can export them from Settings at any time.
Full comparison and checkout: /pricing.
Billing lives on an Organization, not a user. When you sign up, a personal org is auto-provisioned for you; invited teammates share the firm’s org and its shared page pool.
Go to the Settings page and send an invite by email. If the server has a RESEND_API_KEYconfigured, BarZero emails the invitation directly. If it doesn’t, the UI falls back to a copy-paste invite link you can send through any channel you trust — same acceptance flow either way.
Matters currently live in yourbrowser’s IndexedDB — there is no server-side matter store, and the Matter Navigator only sees your local data. That means today, matter sharing between team members is nota shipped feature. Teammates on the same org share the billing pool and the seat count, but each person’s matters and contracts are private to their device. Encrypted team-visible matter sync is on the roadmap; we’ll document it here when it ships, not before.
Both operations are in the Settings page. Leaving an org removes your access but does not delete your local IndexedDB data — your matters stay in your browser. Transferring ownership hands the billing contact role to another admin in the same org.
If the sign-in page bounces you back to itself, clear the session cookie and try again. Most OAuth-loop issues come from a stale session token after a deploy. If Google or GitHub reports a permissions error, make sure you granted the basic profile and email scopes — BarZero doesn’t ask for anything else. Persistent failures are almost always worth a support ticket because they usually indicate a misconfigured OAuth callback URL on our side.
The sidebar shows your plan and page cap from the JWT; the authoritative live meter lives on the Settings page under “Plan & usage”. If the sidebar and Settings disagree, sign out and back in to refresh the JWT — nothing else needs to happen.
All of your work lives in the BarZeroLocalDB IndexedDB database. Your browser’s dev tools let you delete it outright (Application → Storage → IndexedDB), which wipes every matter and contract on this device. The Settings page has a gentler “Clear local data” button that does the same thing with a confirmation prompt. Either path is irreversible — we don’t have a copy.
The Settings page has an export action that dumps every local table to a single JSON file. Keep it somewhere safe; it is unencrypted by default so treat it like you’d treat the underlying documents.
Anything not covered here? Open a ticket at /contact. We read every one.
BarZero keeps shortcuts intentionally minimal. These are the ones wired up today:
Close any open modal, menu, or smart-menu popup (matters create dialog, scrub report, help menu, feedback panel, etc.).
Submit from the chat composer (from the bottom composer or the top search bar).
Insert a newline inside the composer without submitting — useful for multi-paragraph messages.
Open the contextual smart menu on any explainable element — Claude tells you what that specific UI piece does and why.
A broader shortcut pass is on the roadmap. We’d rather ship four working shortcuts than promise twenty that don’t.
The BarZero HTTP API is currently internal. The workspace is a first-class client against it, and routes like /api/chat and /api/explainexist to power the UI — they are not a supported integration surface for customers yet, and the wire format is not covered by semver.
A documented external API (stable contracts, signed API keys, per- org rate limits, and Zero Data Retention enforcement for programmatic callers) is on the roadmap for Orbit customers. If you need it before it ships, talk to us — early-access slots exist and we’d rather design the public surface around real integrations than guess. Contact at /contact.