Skip to main content

🏆 We are proud to be the only Legal AI vendor that shares their accuracy statistics. Read more.

Privacy Notice

ThoughtRiver (“We” “Us” “Our”) is a trading name of ThoughtRiver Limited, a company registered in England and Wales (registered number 10007469), our address is Building 1000, Cambridge Research Park, CB25 9PD. Our ICO registration no. is ZA221094.

ThoughtRiver provides software as a service for business users to review their contracts for risk and data insight.

This privacy notice explains the personal data we collect, how we use that personal data and the reasons we may need to disclose personal data to others.

We will update this policy from time to time so please check our website for any updates.

The role we have in relation to your personal data

Depending on the circumstances, ThoughtRiver may be a data controller of your personal data or a data processor.

In relation to personal data provided to us from customers to help manage their accounts or from prospective customers or employees who have shown interest in ThoughtRiver, we will be the data controller of that data.

In relation to personal data provided to us by our customers that relate to the services we provide to them, our customers are the data controllers and we are the data processor.

How we will use the personal data you give to us

How we use your personal data will depend on the reason you have provided it to us:

  • If you are a prospect customerwe will use information you provide us to let you know about the goods and services we offer. Our lawful basis to do this is because it’s in our legitimate interest to promote our business.
  • If you are a prospect employee, we will use information you provide us to provide you with information about the roles at ThoughtRiver in which you have expressed an interest or that we think may be of interest to you.  We do this under our legitimate interest to keep you up to date with your applications during our recruitment process.

We will also use the data we hold about you to:

  • administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes. We do this under our legitimate interest to improve our site and to ensure that content is presented in the most effective manner for you and for your computer; and
  • allow you to participate in interactive features of our service, when you choose to do so – we do this where you have provided your consent for us to do so.

If you are a prospect customer or employee, you may give us information about you by filling in forms on our website or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you enter details on our site (for example, via our “Contact Us” page or “Join Us” page), request our services, register to use our site, subscribe to our service, subscribe to our emails, complete a review or demo, participate in discussion boards or other social media functions on our site, enter a competition, promotion or survey and when you report a problem with our site. The information you give us may include your name, address, e-mail address and phone number and financial information. We may use third parties to contact you on our behalf but we will not pass your personal data to third parties for them to contact you in their own right. We do this under our legitimate interest to respond to your queries quickly and efficiently.

If you are a business user we will use the personal data you provide to us to provide the services to you, customise your use of the service and provide support in relation to the service. We do this in order to fulfil the contract between you and us.

Information we collect about you

With regard to each of your visits to our website we may automatically collect the following information:

  • technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information (if applicable), browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
  • information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), services and reviews you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page.

We do this under our legitimate interest to understand how you interact with us.

How we use cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer. We only use (and store) non-essential cookies on your computer's browser or hard drive if you provide your consent.





The _cfduid cookie helps Cloudflare detect malicious visitors to our Customers’ websites and minimizes blocking legitimate users. It may be placed on the devices of our customers' End Users to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It is necessary for supporting Cloudflare's security features.

30 days


The cookie is set by Cloudflare for rate limiting purposes.

30 days


This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.

2 years


This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.

24 hours


This cookies is installed by Google Universal Analytics to throttle the request rate to limit the colllection of data on high traffic sites.

1 minute


This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.

1 day


This cookie is set by Hotjar. When the Hotjar script executes we try to determine the most generic cookie path we should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, we try to store the _hjTLDTest cookie for different URL substring alternatives until it fails. After this check, the cookie is removed.



This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.

365 days


This cookie is set by Hotjar.

1 day


The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.

3 months


This cookie is used by LinkedIn to to make a probabilistic match of a user's identity outside the Designated Countries.

3 months


This cookie is used by LinkedIn to store the language preferences of a user to serve up content in that stored language the next time user visit the website.



This cookie is set by LinkedIn. The purpose of the cookie is to uniquely identify devices accessing LinkedIn to detect abuse on the platform

2 years


This cookie is provided by LinkedIn to ensure there is correct SameSite attribute for all cookies in that browser.

365 days


This cookie is set by LinkedIn to optimize data centre selection

24 hours


This cookie is set to let Hotjar know whether a visitor is included in the data sampling defined by the site's pageview limit.

30 minutes


This cookie is used to detect the first pageview session of a user. This is a True/False flag set by the cookie.

30 minutes


This cookie is set by Google to check if user’s browser supports cookies.

1 day


This cookie is used by LinkedIn to sync Ads ID.

30 days


This cookie is a browser ID cookie set by LinkedIn to save the state of 2FA of a logged in user.

2 years


You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site

How we can disclose the information you give us

We may share your personal information with any existing or future member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

We may share your information with selected third parties including:

  • Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you including without limitation companies who manage our mailing list and/or the fulfilment of orders of our products.
  • Analytics and search engine providers that assist us in our legitimate interest to improve and optimise our site.
  • In the event that we sell any business or assets, in which case we may disclose your personal data to the prospective buyer of such business or assets.
  • If ThoughtRiver or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of sale and other agreements; or to protect the rights, property, or safety of ThoughtRiver, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Where and how we store the data you give us

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice. We will always ensure anyone we use to process your data complies with the GDPR.

All information you provide to us is stored on our secure servers.

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

How long we will hold your personal data

We regularly review the data we hold and will only retain your personal information for as long as we need it. Please keep in mind that in some cases we are required to keep parts of your personal information for long periods of time to comply with our legal, accounting or regulatory requirements.

In order to keep this notice short and user friendly, we have not gone into specific retention periods however if you would like further information on how long we keep your data for please contact us at

What are your rights under data protection laws?

You have various other rights under applicable data protection laws, including the right to:

  • access your personal data (also known as a “subject access request”);
  • correct incomplete or inaccurate data we hold about you;
  • ask us to erase the personal data we hold about you;
  • ask us to restrict our handling of your personal data;
  • ask us to transfer your personal data to a third party; 
  • object to how we are using your personal data; and
  • withdraw your consent to us handling your personal data.

You also have the right to lodge a complaint with us or the Information Commissioner's Office, the supervisory authority for data protection issues in England and Wales. If you are based outside of England and Wales, you can find your relevant supervisory authority here.

Please keep in mind that privacy law is complicated, and these rights will not always be available to you all of the time.

How you can contact us about this Privacy Notice

Questions, comments and requests regarding this Privacy Notice are welcomed and should be addressed to

Data Protection Officer: Kirsty Alderton, VP, Operations.

Date: updated December 2022