other

Policies

Privacy & Security Policy

Client Data

  • Clients are provided with private data stores.
  • All uploaded contracts and data are stored in these dedicated stores.
  • ThoughtRiver may only access data with client permission (e.g. for support).
  • Client data is continually backed up to a secondary site.
  • All data is encrypted in transit and at rest with separate keys for each client.

Contextual Interpretation Engines

  • ThoughtRiver’s AI engines are shared services across clients.
  • Contract data is sent for predictions; results are stored back in client data stores.
  • Engines do not store client-identifiable data.
  • Clients may opt in to allow ML training on their contracts, which uses an isolated, private store.

Analytics

The following data is collected via all ThoughtRiver applications:

  • Domain name from user email (e.g. "thoughtriver" from user@thoughtriver.com)
  • User UUID, business role(s), sub-account accessed
  • Feature interaction events, length/frequency of use, time on contract interface
  • Third-party analytics log additional info: location, cookies, browser/device, IP, etc.

Acceptable Use Policy

Terms in this policy have the same meaning as in the ThoughtRiver Terms unless otherwise defined.

  • Use by Authorised Users must be reasonable for their role and experience.
  • Lexible Assistant is for contract/risk review only. Excessive use may lead to disablement.
  • Customers must maintain secure passwords for all Authorised Users.
  • No distribution of unlawful/illegal content or viruses. Violations may result in account suspension.
  • Customer shall not:
    • Copy/modify/frame/distribute the Platform or build similar products
    • Reverse engineer or compile any Platform component
    • Provide the Platform to third parties or commercially exploit it
    • Copy or clone Premium Risk Policies
  • Customer must prevent unauthorised access and report incidents promptly.
  • Customer is responsible for ensuring operating system compatibility with the Platform.

This policy was updated in March 2025 to address the release of Lexible Assistant.

Backup Policy

  • Daily incremental backups and weekly full backups are performed.
  • Data retention is 2 weeks.
  • Backups are stored in a second site within the same region as the main data centre.
  • Backups are segregated: each client’s virtual server is stored separately.

Changes to this Policy

This backup policy was published in September 2021 and last updated in November 2024. Changes will be communicated via the Platform.

Summary of Changes

Privacy and Security Policy

March 2024

  • Security operations managed directly by ThoughtRiver, not Cloud Direct
  • ISO27001 certification added to policy

April 2024

  • NDATriage trial launch triggered updates on how uploaded data is stored

November 2024

  • Removed NDATriage reference; minor updates to Analytics and Security sections

Backup Policy

November 2024

  • Singapore data centre reference removed

Get started

ThoughtRiver

PlaybooksAccuracyIntegrations & Security

Platform

Request a DemoPricingFAQs

Company

Our StoryResourcesCareersContact Us

Follow Us

LinkedIn

Copyright © Thoughtriver Ltd. 2016-2025. All rights reserved.

Privacy Notice | Terms of Use | Data Processing | Policies