SaasGaurd

Wall of Shame followed by Hall of Fame
Vendors list
Features list
Diff Watch
Landing Page
AI Training
Personalized Vault
For our legal/procurement team

Chrome extension: download saasguard-extension.zip from the GitHub repo, unzip it, go to chrome://extensions → enable Developer Mode → Load unpacked → select the unzipped folder

https://drive.google.com/file/d/1591z5PEP6EoxirO67SEcjdyHZbNYnlTh/view?usp=sharing

Inspiration

We've all done it clicked "I agree" on a SaaS signup without reading a single line. It feels harmless until it isn't. A teammate gets locked into a 12-month contract they thought was monthly. A startup realizes their project management tool has been training AI on their client data for two years. A small business gets auto-renewed at 3x the price with a 7-day cancellation window buried on page 34. These aren't edge cases they're the norm. Legal teams at big companies have lawyers to catch this. Everyone else signs blind.

We wanted to build the thing that reads it for you.

What It Does

SaaSGuard is a full-stack contract intelligence platform that continuously monitors the Terms of Service, Privacy Policies, and Data Processing Agreements of 100+ popular SaaS tools and gives you the information you actually need to make decisions.

Public Dashboard Every monitored vendor gets a letter grade (A–F) across 8 risk dimensions: AI training on your data, auto-renewal traps, surprise price hikes, data residency, termination friction, liability caps, indemnification, and the right to silently change terms. The dashboard is sortable, searchable, and fully public no account required.

Vendor Detail Pages Click any vendor and get a clause-by-clause breakdown in plain English. Every clause shows the verbatim source quote, a severity score (1–5), a plain-English explanation, and why it matters to you specifically. A reading time banner shows you exactly how long their contract actually takes to read so you can feel the weight of what you skipped.

Litigation Layer Every red-flag clause is cross-referenced against a curated database of real lawsuits, FTC actions, and class action settlements. When a clause pattern matches a known case, we surface it: "This auto-renewal clause matches the one in the Adobe class action settled for $80M in 2024." We don't just warn you we show you the receipts.

AI Lawyer Chat Built directly into every vendor page, an AI assistant that has read the actual contract answers your questions in plain English. Ask it "Do they train AI on my data?", "Can they raise prices without warning?", or "What's the worst clause in here?" and get a real answer grounded in that vendor's specific terms not generic legal advice.

Diff Watch A daily crawler snapshots every monitored vendor's terms. When a vendor silently changes their Terms of Service, we catch it within 24 hours, summarize what changed in plain English, flag who is harmed, and assign a severity score from cosmetic to egregious. A public feed at /diffs shows every change we've ever caught, in order. Users can subscribe to any vendor and get emailed the moment their terms change.

Personalized Risk Wizard A four-question wizard captures your context: industry, whether you store customer PII, team size, and whether you use AI tools in your workflow. Based on your answers, every vendor's grade recalculates for your situation. A clause that's irrelevant for a solo blogger can be a HIPAA liability for a healthcare startup. Same contract, completely different verdict.

Cross-Vendor Comparison Pick 2 to 4 vendors and see them side by side across all 8 risk dimensions, with a plain-English recommendation for your specific context. Find out who trains AI on your recordings, who has surprise renewal clauses, where your data physically lives, and who's been sued for it.

Wall of Shame A public leaderboard of vendors ranked by clause hostility, complete with a full risk heatmap (every vendor across every risk category at a glance), a "Trending Worse" section showing vendors whose terms have gotten more hostile over the past year, and a Hall of Fame for the cleanest contracts in our database.

Action Layer For every flagged risk, we surface three concrete actions: a pre-written negotiation email to the vendor's sales team with a specific proposed clause change, a cancel reminder that tracks your subscription's auto-renewal window and pings you 30 days before it closes, and a block warning that fires through the extension before you can accept an F-rated tool.

Chrome Extension Installs a live grade badge on any monitored vendor's page the moment you land on it. Click the badge to see the worst clauses, subscribe to alerts, and jump to the full breakdown without leaving the page. For vendors not yet in our database, hit "Analyze this page" and our AI reads whatever legal text is on screen, grades it A–F, and flags risky clauses on the spot in about 30 seconds.

TrustPass For vendors that have earned an A or B grade, you can enable TrustPass. The next time you click "I agree" on their signup, the extension auto-accepts but only if the terms are byte-for-byte identical to what you previously agreed to. It's not blind trust. It's verified trust.

Vault Every time you click "I agree" anywhere, the extension snapshots the exact terms at that moment and stores them in your personal Vault. If the vendor changes their terms six months later, you have proof of what you actually agreed to on day one.

How We Built It

We built SaaSGuard as a monorepo with a clear separation between the data pipeline, the backend, and the two client surfaces (web dashboard and Chrome extension).

The crawler runs on a daily GitHub Actions cron, using Playwright to fetch the Terms of Service, Privacy Policy, and DPA for every monitored vendor. Snapshots are stored in Supabase only when the content hash changes, keeping storage lean. When a meaningful diff is detected, the diff engine runs a semantic comparison and pipes it through Gemini 1.5 Flash to produce a plain-English summary with severity scoring.

The AI pipeline processes each document once and caches results permanently. Gemini extracts clauses into our 8 risk taxonomy with exact source quotes, scores severity, translates each clause into plain English, and outputs structured JSON validated with Zod. The litigation matching layer uses embedding similarity for a first-pass narrowing against our curated lawsuit database, then passes candidates to an LLM for confirmation. The personalization engine re-scores vendor grades in real time based on the user's four-question context profile.

The web app is Next.js 14 with the App Router, Tailwind CSS, and shadcn/ui components, deployed on Vercel. The Chrome extension is Manifest V3 with a React popup and a content script that injects the grade badge and block warning. Email alerts run through Resend.

Challenges We Ran Into

Anti-bot protection. Major SaaS vendors aggressively block crawlers. We had to build fingerprint randomization, request throttling, and fallback scraping strategies for vendors using Cloudflare or bot detection middleware.

LLM output reliability. Getting Gemini to consistently return well-structured JSON with exact source quotes and calibrated severity scores required significant prompt engineering chain-of-thought reasoning, strict output schemas, and multi-pass validation with Zod to catch and retry malformed outputs.

Meaningful diffs vs. noise. Not every content change is a meaningful legal change vendors reformat pages, fix typos, and update footers constantly. We built a pre-filter that runs a character-level diff before invoking the AI summarizer, so we only spend tokens on changes that actually matter.

Personalization at scale. Re-scoring every vendor's grade for a user's context without live LLM calls on every page load required pre-computing a base clause severity matrix and applying the personalization weights client-side so grades shift instantly in the wizard without a round trip.

What We Learned

Building SaaSGuard forced us to actually read a lot of SaaS contracts. That alone was eye-opening the gap between what users assume they're agreeing to and what the contracts actually say is enormous. We also learned how much signal is available in public legal data: court records, FTC press releases, and class action settlements are all publicly accessible and deeply underutilized by consumer tools.

On the technical side, we learned that prompt engineering for structured data extraction is its own discipline far more nuanced than prompting for prose. Getting an LLM to reliably quote exact source snippets, stay within a strict taxonomy, and produce consistent severity scores across thousands of different documents required more iteration than any other part of the stack.

What's Next

Real-time monitoring for user-submitted contracts (NDAs, MSAs, custom agreements), a Mass Audit feature that scans an entire company's SaaS stack via Google Workspace OAuth and expense card CSVs, and a receipt generator that emails you a plain-English PDF of what you agreed to the moment you sign up for anything.

Why SaaSGuard Is Different

Every existing tool in this space is built for lawyers, not users. Ironclad and Spellbook charge thousands per month and require a legal team to interpret the output. Terms of Service; Didn't Read is a volunteer-maintained wiki that covers a fraction of vendors, hasn't been updated consistently, and gives you a letter grade with no explanation, no clause-level breakdown, no alerts, and no way to act on what you find.

SaaSGuard is the first tool that does all of it in one place, for free, for the people actually clicking "I agree."

No other tool cross-references clauses against real lawsuit outcomes. No other tool re-scores vendor grades based on who you are and what you do. No other tool catches silent term changes and tells you in plain English who got hurt and how badly. No other tool drafts the negotiation email for you, tracks your auto-renewal window, snapshots your proof of agreement, or lets you auto-accept trusted vendors only when terms are provably unchanged.

We didn't build a legal research tool. We built a layer of protection that sits between every business and every SaaS contract they sign and does in seconds what a $400/hr lawyer would take hours to do.

Why We Should Win

We shipped a full-stack AI product in 7 days that solves a real problem affecting every business that uses software which is every business. The problem is not niche: SaaS spend is the fastest-growing operational cost for companies of every size, and the legal exposure buried in those contracts is almost universally ignored.

The depth of what we built is unusual for a hackathon. A production crawler with anti-bot handling. A multi-stage AI pipeline with structured output validation. A litigation database cross-referenced against real case law. A personalization engine that re-weights risk scores in real time. A Chrome extension with TrustPass and a Vault. A public Wall of Shame with a live risk heatmap. An AI lawyer that has actually read the contract. All of it free, all of it live, all of it working.

But more than the technical depth SaaSGuard is genuinely useful right now. You can go to saasgaurd.xyz today, look up the tool your company pays for, and learn something you didn't know about what you agreed to. That's the bar we held ourselves to: not "impressive for a hackathon" but "actually useful in the real world." We think we hit it.