Termscan

Inspiration Every single day, billions of people click "I Agree" on Terms of Service documents they've never read. And buried inside those walls of legal jargon are clauses that sell your data, trap you in auto-renewing subscriptions, strip your right to sue, and let companies delete your account without notice. The average ToS is 7,500 words long. Nobody reads them. Companies know that. They count on it. We built TermScan because the fine print shouldn't be a trap. If a company is going to ask for your rights, you should at least know which ones you're giving up and have a way to push back.

What it does TermScan is an AI-powered Terms of Service analyzer. You paste text, upload a PDF, or drop in an email notification about a ToS update and within 30 seconds, the AI reads every clause, flags the problematic ones across 12 risk categories (Data Selling, Forced Arbitration, Auto-Renewal Traps, Account Termination, and more), and scores each clause on a 1–10 severity scale with a plain-English explanation of why it matters.

But TermScan doesn't stop at telling you what's wrong. For every flagged clause, you can hit "Draft Negotiation Email" and the AI generates a professional, ready-to-send pushback email polite but firm along with practical tips for negotiating that specific type of clause. It turns awareness into action.

How we built it Frontend: SvelteKit 5 with Svelte runes ($state, $effect), Tailwind CSS v4 with a fully custom dark-theme design system (Space Grotesk typography, custom severity color tokens, animated transitions using Svelte's built-in transition:fly and transition:slide) Backend: SvelteKit API routes (+server.ts) running on Bun no separate backend, no database, fully stateless AI: Llama 3.3 70B Instruct via OpenRouter, using the OpenAI-compatible SDK with structured JSON output for both clause analysis and negotiation email generation PDF Processing: pdf-parse extracts text from uploaded PDFs server-side before passing to the AI Validation: Zod schemas validate all API inputs The entire app is a single SvelteKit project frontend and backend unified with zero external infrastructure dependencies beyond the OpenRouter API key.

Challenges we ran into Migrating from React 19 to Svelte 5: The original app was built with React, Framer Motion, Radix UI, React Query, and Wouter. Every component had to be rethought useState became $state() runes, AnimatePresence became Svelte transitions, Radix dialogs became custom slide-up panels, and React Query mutations became plain fetch() calls. The mental model shift from hooks to runes was the steepest part. Reactivity gotchas with $effect: The negotiation dialog had a subtle bug where reading and mutating $state in the same $effect tracking scope caused the fetch to not fire. Required untrack() to properly separate triggers from side effects a Svelte 5 footgun that doesn't exist in React. Killing the database: We initially ported the full PostgreSQL + Drizzle ORM setup, then realized it was total overkill for a stateless analyzer with no auth. Ripping it out and returning AI results directly simplified the entire architecture. Accomplishments that we're proud of The "Fight Back" feature: This is what sets TermScan apart. Most ToS analyzers just tell you what's bad. We generate a professional email you can actually send to the company to challenge specific clauses. It includes a subject line, a full email body, and negotiation tips. One click from "this clause is bad" to "here's the email to fight it." 30-second analysis: Paste 15,000 characters of legal jargon, get back a scored, categorized, explained breakdown in under 30 seconds. Zero infrastructure: No database, no auth, no background workers. One environment variable (the API key), bun install, bun run dev, and it works. Deploy anywhere SvelteKit runs. The design: Dark theme with the yo-yellow accent, stacked pill sections with parallax depth, severity-colored score badges, animated clause cards it looks like a product, not a hackathon project. What we learned Svelte 5 runes are genuinely simpler than React hooks once you internalize the model but the $effect footguns are real and under-documented. You don't need a database for everything. The instinct to persist data is strong, but for a tool like this, statelessness is a feature, not a limitation. Prompt engineering for structured legal analysis is harder than it looks. Getting the AI to consistently return properly categorized clauses with calibrated severity scores (not just "everything is dangerous") required careful system prompt iteration. SvelteKit's unified frontend + backend model eliminates an entire class of problems no CORS, no separate deploy, no API client codegen. One project, one deploy target. What's next for Termscan Browser extension: Detect ToS pages automatically and offer one-click analysis without leaving the site. Comparison mode: Scan two versions of a ToS side-by-side and highlight what changed especially useful when companies send "we've updated our Terms" emails. Clause database: Build a public, searchable index of flagged clauses across major companies so users can check a company's reputation before signing up. Batch analysis: Upload multiple documents at once and get a comparative risk report across services. Shareable reports: Generate a permanent link to your analysis results so you can share findings with others or reference them later.https://youtu.be/Tdpgoa6zpR4?si=kJq1VTc85QuS6G84