This explains your rights and obligations when using our platform.Read more
This explains how we will look after your data.Read more
This explains what we expect from users in terms of reasonable usage of the platform.Read more
This explains our backup policy to keep data safe.Read more
Acceptable Use Policy means ThoughtRiver’s acceptable use policy as amended from time to time here.
Account means the Customer’s account on the Platform.
Agreement means the Order together with these Terms.
Associated Company means a corporate body controlling, controlled by or under common control with the Customer.
Authorised Users means the employees, agents and independent contractors of (i) the Customer; and (ii) the Customer’s Associated Companies, who are authorised by the Customer to use the Platform (and as limited to the permitted number set out in the Order).
Back up Policy means ThoughtRiver’s back-up policy as amended from time to time here.
Business Day means any day which is not a Saturday, Sunday or public holiday in the Support Timezone.
Confidential Information means information that is proprietary or confidential and is either clearly labelled as such, identified as such or by its nature can reasonably be considered to be confidential information.
Contract means terms that are executed or intended to be executed together as a discrete contract including versions thereof. The following are separate contracts: variations, waivers, change notes, statements of work, related agreements such as side letters and other contracts which taken together document a transaction.
Core Contract Description Framework means all properties, related machine learning interpretation and risk models provided as part of the Platform together with any Training Data used to generate such items.
Customer means the customer identified as such in the Order.
Customer Data means the data (including but not limited to contracts, the Customer’s own risk policies and properties) created by the Customer and inputted by Authorised Users into the Platform excluding the ThoughtRiver Processing Data, Labelled Training Data, Derivative Works and ThoughtRiver Out Of The Box (OOTB) Policies.
Data Processing Addendum means the addendum setting out the way in which ThoughtRiver processes personal data, as amended from time to time here.
Derivative Works means any and all software derivative work produced by ThoughtRiver and/or by the operation of the Platform.
Documentation means any documentation supplied by ThoughtRiver to the Customer under this Agreement.
Fees means the fees payable under clause 6 of these terms.
Free Trial means the length of time for which the Customer can access and use the Platform free of charge as stated in the Order.
Intellectual Property Rights means all intellectual property rights including, but not limited to, patents, trade secrets, trade marks, service marks, trade names, copyrights and other rights in works of authorship (including rights in computer software), moral and artists’ rights, design rights, domain names, know-how and database rights and whether any of the foregoing are registered or unregistered and all rights or forms of protection of a similar nature in any country.
Labelled Training Data means Training Data manually labelled with the intent of training the Platform to improve the Output and whether labelled by ThoughtRiver and/or the Customer.
Licensed Data means the data licensed to ThoughtRiver by the Customer pursuant to clause11.3 and shall include without limitation Training Data and anonymised contract text but shall not include any Customer risk policies or properties.
Order means the order form to which these terms are attached.
Order Month means a calendar month, or part thereof, occurring during an Order Term.
Order Term means the period identified as such in the Order. If no such period is given, the Order Term shall be deemed to be 12 months.
Output means all data or information provided by the Platform in reports, screens, downloads, files, charts or other formats.
Platform means the platform available at
<region>.thoughtriver.review or any other address notified to the Customer by ThoughtRiver, including the Core Contract Description Framework, ThoughtRiver Out Of The Box (OOTB) Policies, Software and Documentation.
Privacy and Security Policy means ThoughtRiver’s policy for privacy and security as amended from time to time here.
Software means the software applications provided by ThoughtRiver as part of the Platform under this Agreement.
Start Date means the date identified as such in the Order.
Support Timezone means the timezone identified as such in the Order.
Term means the period commencing on the Start Date and ending on the last day of the final Order Term unless terminated earlier in accordance with clause 15.
ThoughtRiver Out Of The Box (OOTB) Policies means the risk policies created by ThoughtRiver and marked as such on the Platform including any Derivative Works thereof.
ThoughtRiver Processing Data means statistical, textual correlative and activity-based data captured by the Platform in the course of usage by Authorised Users and all derivative data which is used by ThoughtRiver to improve the intuition, accuracy and sophistication of the Platform.
Training Data means a set of data that is fed into an algorithm to produce a trained model to improve the quality of the Output.
2.1 Clause, schedule and paragraph headings shall not affect the interpretation of this Agreement.
2.2 Unless the context otherwise requires, words in the singular shall include the plural and the plural shall include the singular
3. COMMENCEMENT AND SCOPE
3.1 Except where the Customer undertakes a Free Trial, this Agreement shall commence on the Start Date and shall continue until expiry of the Order Term. Where the Customer undertakes a Free Trial, the Agreement shall commence on the Start Date and end on the last day of the Free Trial or continue for the first Order Term as elected by the Customer under Clause 4.1.
4. FREE TRIAL
4.1 Where the Customer undertakes a Free Trial, this Agreement shall commence on the date the Order is signed and shall continue for the first Order Term unless:
4.2 Where the Customer terminates the Agreement during the Free Trial in accordance with clause 4.1.1 or 4.1.2, all Customer Data uploaded to the Platform during the Free Trial shall be permanently deleted by ThoughtRiver at the end of the Free Trial.
5.1 Subject to the Customer’s compliance with the terms of this Agreement, ThoughtRiver hereby grants to the Customer a non-exclusive, non-transferable right to permit the Authorised Users to access and use the Platform during the Term for internal business purposes and as an integrated component of managed services provided to the Customer’s legal services clients, subject always to the Acceptable Use Policy.
5.2 The Customer shall ensure that the Authorised Users use the Platform in accordance with the terms of this Agreement (including, without limitation, the Acceptable Use Policy) and their permitted access on the Platform. The Customer shall be liable for any Authorised User's breach of this Agreement.5.3 The Customer is granted a non-exclusive and non- transferable right to use parts of the ABBYY SDK solely in conjunction with the Platform and in accordance with this Agreement (including the specification here). This licence may be time- or function-limited and protected from unauthorised copying by means of a hardware or software protection key which is an integral part of the ABBYY SDK.
6.1 Unless otherwise stated in the Order, the Customer shall pay all Fees in advance in respect of the Order Term but shall not be required to pay any Fees until the end of any Free Trial.
7.1 The Customer shall pay the Fees to ThoughtRiver in accordance with this clause 7.
7.2 The Customer shall pay each invoice issued by ThoughtRiver no later than 30 days after the date of such invoice.
7.3 If ThoughtRiver has not received payment within 30 days after the due date, without prejudice to any other rights and remedies of ThoughtRiver:7.3.1 ThoughtRiver may, on notification to but without liability to the Customer, disable the Account until the outstanding fees are paid; and
7.3.2 interest shall accrue on a daily basis on such due amounts at an annual rate equal to 2% over the then current base lending rate of Barclays Bank plc from time to time, commencing on the due date and continuing until fully paid, whether before or after judgment.
7.4 The Fees shall be payable in pounds sterling unless otherwise set out in the Order and are exclusive of value-added tax, which where applicable shall be added to ThoughtRiver invoice(s) at the appropriate rate.
8.1 The Customer agrees and acknowledges that:
8.1.2 machine training may result in a deterioration of accuracy of the Output especially where the training is incorrect; and
8.1.3 the Platform uses predictive technology and user data input to identify provisions of contracts and generate risk assessments. The nature of this technology is that accuracy will improve over time but cannot be guaranteed and it is likely that mistakes will occur from time to time. ThoughtRiver does not provide any warranty or accept any liability of any kind in relation to such mistakes.
9. PROVISION OF PLATFORM
9.1 The Platform is provided to the Customer on an "as is" basis. The Customer assumes sole responsibility for the results obtained from its selection and use of the Platform and Output, and for decisions taken (automated or not) and/or conclusions drawn from such results.
9.2 ThoughtRiver warrants that it has all necessary licences, consents, and permissions necessary for the performance of its obligations under this Agreement. Save as set out in the preceding sentence, all warranties, representations, conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by applicable law, excluded from this Agreement.
9.3 ThoughtRiver shall provide the support set out in the Service Level Agreement as notified to the Customer from time to time. In the event that ThoughtRiver breaches its obligations under this clause, the Customer’s sole remedy shall be for ThoughtRiver to use best endeavours to restore the Platform availability promptly.
9.4 ThoughtRiver does not warrant that the Customer's use of the Platform will be uninterrupted or error-free or that the Platform and/or the Output will meet the Customer's requirements.
9.5 ThoughtRiver is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet.
9.6 The Customer shall comply with the Acceptable Use Policy.9.7 The Customer shall provide ThoughtRiver with all necessary co-operation in relation to this Agreement and all necessary access to such information as may be required by ThoughtRiver in order to provide the services, including but not limited to Customer Data, security access and configuration services.
10. CUSTOMER DATA
10.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
10.2 ThoughtRiver shall follow its archiving procedures for Customer Data as set out in its Back-Up Policy. In the event of any loss or damage to Customer Data caused by ThoughtRiver, the Customer's sole and exclusive remedy shall be for ThoughtRiver to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained under the Back-Up Policy. ThoughtRiver shall not be liable for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by ThoughtRiver to perform services related to Customer Data maintenance and back-up).
10.3 ThoughtRiver shall comply with the Privacy and Security Policy.
10.4 The processing of any personal data is governed by our Data Processing Addendum.
11. IPR OWNERSHIP
11.1 The Customer acknowledges and agrees that ThoughtRiver and/or its licensors own all Intellectual Property Rights in the Platform, Labelled Training Data and the Derivative Works. Except as expressly stated herein, this Agreement does not grant the Customer or the Authorised Users any rights to, or in, patents, copyright, database right, trade secrets, trade names, trade marks (whether registered or unregistered), or any other rights or licences in respect of the Platform or the ThoughtRiver Processing Data.
11.2 ThoughtRiver confirms that it has all the rights in relation to the Platform that are necessary to enable it to licence the use of the same to the Customer under, and in accordance with, the terms of this Agreement.11.3 Without prejudice to clause 11.1, the Customer shall own all intellectual property rights in the Customer Data. The Customer permits Licensed Data to be used as part of the Core Contract Description Framework and the Customer shall be deemed to have granted ThoughtRiver an irrevocable, perpetual, worldwide, royalty-free licence to store, display, use, copy, maintain, customise and provide such data as part of the Platform for use by ThoughtRiver and all customers and other users for any reasonable purpose associated with Platform usage, contract review, analysis, benchmarking and other such activities.
12.1 In connection with the performance of this Agreement, each party may be given access to the other party’s Confidential Information. A party's Confidential Information shall not include information that:
12.1.1 is or becomes publicly known other than through any act or omission of the receiving party;
12.1.2 was in the other party's lawful possession before the disclosure;
12.1.3 is lawfully disclosed to the receiving party by a third party without restriction on disclosure;
12.1.4 is independently developed by the receiving party, which independent development can be shown by written evidence; or
12.1.5 is required to be disclosed by law, by any court of competent jurisdiction or by any regulatory or administrative body.
12.2 Each party shall hold the other's Confidential Information in confidence and, unless required by law, not make the other's Confidential Information available to any third party, or use the other's Confidential Information for any purpose other than the implementation of this Agreement. If either party is required to disclose Confidential Information to any employee, agent or sub- contractor then it shall ensure that such relationships are governed by contractual terms relating to confidentiality which are no less onerous than in this Agreement.
12.3 Each party shall take all reasonable steps to ensure that the other's Confidential Information to which it has access is not disclosed or distributed by its employees or agents in violation of the terms of this Agreement.
12.4 Neither party shall be responsible for any loss, destruction, alteration or disclosure of Confidential Information caused by any third party.
12.5 ThoughtRiver acknowledges that the Customer Data is the Confidential Information of the Customer.12.6 This clause 12 shall survive termination of this Agreement, however, arising.
13. IPR INDEMNITY
13.1 ThoughtRiver shall indemnify the Customer against any claim that the use or possession of the Platform in accordance with the provisions of this Agreement infringes the copyright of any third party provided that:
13.1.1 ThoughtRiver is given prompt and complete control of such claim;
13.1.2 the Customer does not (whether through action or inaction) prejudice ThoughtRiver's defence of such claim;
13.1.3 the Customer (at ThoughtRiver's expense) gives ThoughtRiver reasonable assistance with such claim;
13.1.4 the claim does not arise as a result of the use of the Platform in combination with any material not supplied or approved in writing by ThoughtRiver; and
13.1.5 The Customer immediately suspends use of the Platform after notice of any alleged infringement from ThoughtRiver or any appropriate authority
13.2 ThoughtRiver shall have the right to replace or change all or part of the Platform in order to avoid any infringement or suspected infringement of the Intellectual Property Rights of any third party.
13.3 The provisions of this clause 13 state the entire liability of ThoughtRiver to the Customer under this Agreement in respect of the infringement of the Intellectual Property Rights of any third party.
14. LIMITATION OF LIABILITY
14.1 This clause 14 sets out the entire liability of each party (including any liability for the acts or omissions of its employees, agents and sub-contractors) to the other party:
14.1.1 arising under or in connection with this Agreement;
14.1.2 in relation to ThoughtRiver’s liability, in respect of any use made by the Customer and Authorised Users of the Platform or any part of them; and
14.1.3 in respect of any representation, statement or tortious act or omission (including negligence) arising under or in connection with this Agreement.
14.2 Nothing in this Agreement excludes the liability of a party:
14.2.2 in relation to the Customer, the Customer’s liability to pay the Fees which shall be in addition to the amounts set out in clause 14.3 below.
14.3 Subject to clauses 14.1 and 14.2:
14.3.2 save in respect of liability arising under clause 13, a party’s total aggregate liability in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with or under this Agreement shall be limited to £1000 during any Free Trial and the total Fees payable during the Order Term.
15. TERM AND TERMINATION
15.1 Except where the Customer undertakes a Free Trial, this Agreement shall commence on the Start Date and continue for the first Order Term.
15.3 Either party may terminate this Agreement with immediate effect by giving written notice to the other party if:
15.3.1 the other party fails to pay any amount due under this Agreement on or by the due date for payment and remains in default 30 days after being notified in writing to make such payment;
15.3.2 the other party commits a material breach of any other term of this Agreement which is irremediable or (if such breach is remediable) the other party fails to remedy within 30 days after being notified in writing to do so; or
15.3.3 the other party suspends, or threatens to suspend, payment of its debts or is unable to pay its debts as they fall due or admits inability to pay its debts or is deemed unable to pay its debts, is declared insolvent, is wound up or has an administrator appointed.
15.4 On expiry or termination of this Agreement for any reason:
15.4.2 each party shall return all equipment, property and other items belonging to the other party;
15.4.3 subject to any rights granted under clause 11.3 and without prejudice to clause 4.2, ThoughtRiver shall destroy the Customer Data, save where the Customer provides written notice to ThoughtRiver to return a copy of the Customer Data in its possession .The Customer shall pay reasonable expenses incurred by ThoughtRiver in returning Customer Data; and
15.4.4 any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination shall not be affected or prejudiced.
16.1 A party shall have no liability to the other party under this Agreement if it is prevented from or delayed in performing its obligations under this Agreement, or from carrying on its business, by acts, events, omissions or accidents beyond its reasonable control provided that the affected party is notified of such an event and its expected duration.
16.7 The Customer hereby agrees that ThoughtRiver shall be entitled to make reference to the Customer’s usage of the Platform on its website, in its marketing materials, and in discussions.
16.8 This Agreement does not confer any rights on any person or party (other than the parties to this Agreement and, where applicable, their successors and permitted assigns).16.9 In the event of a conflict between any provision in these terms and that of any Order Form, the terms in the Order Form shall prevail.
17. ENTIRE AGREEMENT
17.1 This Agreement, and any documents referred to in it, constitute the whole agreement between the parties and supersede any previous arrangement, understanding or agreement between them, written or otherwise, relating to the subject matter they cover.
18.1 Any notice required to be given under this Agreement shall be in writing and shall be delivered by email (with receipt notification enabled and a physical copy of the email sent by first class post).
18.2 A notice delivered by email shall be deemed to have been received 24 hours after the relevant receipt notification has been received by the sender. A notice delivered by post shall be deemed received on the date of delivery or if delivered outside of business hours, on the next Business Day.18.3 For the purposes of this clause 18 the address of each party shall be:
18.3.1 for ThoughtRiver:
Chief Executive Officer at ThoughtRiver's registered office address
with a copy sent to: firstname.lastname@example.org
for the Customer, the address and contact details set out in the Order.
19. GOVERNING LAW
19.1 This Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of England and Wales.
20.1 Each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this Agreement or its subject matter or formation (including non-contractual disputes or claims).
During implementation, clients are provided with their own private data stores.
ThoughtRiver’s AI or Contextual Interpretation Engines are housed in our distributed architecture as shared services. During contract analysis:
Clients may request that ThoughtRiver perform machine learning training on their contracts to extend the capabilities of the out-of-the-box predictions. Where this occurs, a copy of the customer data will be taken into a separate private data store accessible by ThoughtRiver staff which will be used to develop a new iteration of the out-of-the-box prediction models. No data is added to this store without explicit client consent and there is no obligation to agree to this process. None of this data is accessible by any of ThoughtRiver clients.
The following client data is collected and stored by third party analytics providers who provide product analytics services to ThoughtRiver to support iterative product feature enhancement and customer success support for clients. The usage data is collected via all of ThoughtRiver’s applications (including the Microsoft Word Plug-In, Negotiations Application and Flow email connector):
The analytics provider logs additional information automatically. This includes geographic location, first-party cookies, data related to the device/browser, IP address, etc.
ThoughtRiver employs a fully managed security operations centre, intrusion detection / prevention and escalation / remediation plans. This is managed on our behalf byCloudDirectLtd, a Microsoft Gold Partner.
Penetration testing and secure code reviews are performed periodically by independent qualified experts and ethical hackers.
ThoughtRiveris also security-tested against industry standards at the application level.
All relevant employees are screened against criminal record checks.
This privacy and security policy was published in September 2021 and last updated in September 2021. ThoughtRiver may change this policy from time to time and when we do we will inform you via the Platform.
The terms used in this policy shall have the same meaning as defined in the ThoughtRiver Terms unless defined otherwise.
The Customer shall use all reasonable endeavours to prevent any unauthorised access to, or use of, the Platform and, in the event of any such actual or suspected unauthorised access or use, shall promptly notify ThoughtRiver.
"Controller", "Data Subject", "Personal Data", "Personal Data Breach" and "Processing" shall have the same meaning as in the Data Protection Law, and their cognate terms shall be construed accordingly.
Data Protection Law means the General Data Protection Regulation (EU) 2016/679 (GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as applicable) and any other relevant local laws relating to the protection of Personal Data, the privacy of individuals and the privacy of electronic communications.
EU Standard Contractual Clauses means the Standard Contractual Clauses approved by the European Commission in decision 2021/914.
UK International Data Transfer Addendum means the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses issued by the UK Information Commissioner, Version B1.0, in force 21 March 2022.
1.1 If ThoughtRiver processes any Personal Data on the Customer's behalf when performing its obligations under the Terms, the parties record their intention that the Customer shall be the Data Controller and ThoughtRiver shall be a Data Processor and in any such case:
1.1.1 the Customer agrees that the Personal Data may be transferred or stored outside the European Economic Area (EEA) or the country or countries where the Customer and the Authorised Users are located so long as there is an adequate safeguard in accordance with the Data Protection Law;
1.1.2 the Customer shall ensure that the Customer is entitled to transfer the relevant Personal Data to ThoughtRiver so that ThoughtRiver may lawfully use, Process and transfer the Personal Data in accordance with the Terms (including the specification at the Annex);
1.1.3 ThoughtRiver shall ensure any persons authorised by ThoughtRiver to Process the Personal Data have committed themselves to confidentiality;
1.1.4 ThoughtRiver shall Process the Personal Data only in accordance with the Terms, the Data Protection Law and any lawful instructions reasonably given by the Customer from time to time (including as set out in the Annex). In the event that ThoughtRiver believes such instructions to be contrary to Data Protection Law then it will immediately notify the Customer;
1.1.5 in the event Union or Member State law requires ThoughtRiver to Process Personal Data otherwise in accordance with the Customer’s instructions, ThoughtRiver shall inform the Customer of that legal requirement before Processing, unless that law prohibits such information on important grounds of public interest; and
1.1.6 taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, each party shall take appropriate technical and organisational measures against unauthorised or unlawful Processing of the Personal Data or its accidental loss, destruction or damage (including, as appropriate, the measures referred to in Article 32(1) of the GDPR).
1.2 ThoughtRiver may use sub-processors in connection with the Processing anticipated in the Terms. Provided that any sub-processor shall be required to adhere to equivalent obligations as set out in this addendum, in particular the sub-processor shall be required to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of this addendum. ThoughtRiver shall be liable in accordance with this Terms for the acts and omissions of any such sub-processors.
1.4 Where ThoughtRiver uses sub-processors based outside of the UK or EU, the transfer of Personal Data to such sub-processors will at all times be governed by an appropriate safeguard.
1.5 EU Standard Contractual Clauses. The EU Standard Contractual Clauses will apply to Personal Data that is transferred from the EEA or Switzerland, either directly or via onward transfer, to any country or recipient outside the EEA or Switzerland that is not recognized as providing an adequate level of protection for Personal Data.
1.6 UK Data Transfer Addendum. The UK International Data Transfer Addendum will apply to Personal Data that is transferred from the United Kingdom, either directly or via onward transfer, to any country or recipient outside of the United Kingdom that is not recognized as providing an adequate level of protection for Personal Data.
DETAILS OF PROCESSING OF PERSONAL DATA
Summary of sub-processors who may process Personal Data for the purposes of the Agreement.
Terms used in this list shall have the same meaning as those given in the Terms and/or Data Processing Addendum as defined otherwise.
|Name||Location||Data Subjects||Framework||Categories of Personal Data||Processing Operations|
Name, IP address, email address and any other personal data included in a contract uploaded to the Platform
The provision of data centre infrastructure (incl. buildings, physical security, hvac, servers, storage, networks) and associated maintenance.
|On Direct Business Services Limited UK (“Cloud Direct”)||
Name, IP address, email address and any other personal data included in a contract uploaded to the Platform
1.The provision of technical operations for the Platform (incl. server builds, network configuration, availability and performance monitoring and remediation); and
2.The provision of a security operations centre for the Platform (incl. IDS setup and monitoring, escalation process and vulnerability scanning).
EU SCCs and UK Addendum
Occasionally transferring personal data in the provision of the SendGrid product (limited to the activation of the Customer’s account and password reset services for the Platform).
Authentication gateway. This service validates the user is permitted to access the system using username (email) and password with optional MFA.
Personal Data Transfers
ThoughtRiver may transfer personal data outside of the EU and UK where this is necessary in order to provide the services to you (details of which can be found in our DPA).
ThoughtRiver currently instructs only one sub-processor outside of the UK and EU: Twilio Inc.
Twilio provide the SendGrid service which acts as the password reset function for users on the ThoughtRiver platform. When a user requests a password reset, the user’s name and email address will be sent to Twilio for the purposes of resetting the user’s password.
While transfers from customers to ThoughtRiver are covered by the adequacy rules (and are therefore not restricted transfers), we recognise that onward transfers of personal data from ThoughtRiver to Twilio are restricted transfers.
In order to provide an adequate safeguard for such onward transfers, we have entered into a data protection addendum with Twilio which incorporates both the EU SCCs (for EU data) and the UK Addendum (for UK data). You can view these here.
We are therefore confident that the personal data of your users will be protected under our DPA with Twilio; however, please do not hesitate to contact us with any questions you may have.