# Profile data Everyone who uses our products such as Clause9 or ClauseBuddy on a non-anonymous basis will have a user profile. This user profile is centrally stored in our database. ## General The user profile contains the following data: * first name and last name * unique identifier number * organisation (typically a law firm or company) * email address * hashed password (see explanation [below](#password)) * rights enabled or disabled for the user (e.g., whether the user is allowed to use ClauseBuddy's templates, create clauses, use Generative AI, etc.) * personal preferences (see [below](#preferences)) * layout settings in Clause9 (see [below](#layout-settings)) * whether the user is a ClauseBuddy curator * whether the user's account is disabled * groups to which the user belongs * the user's Azure ID (when using Single Sign On to login) * optional tags assigned to the user by the user's administrator (typically used to show or hide certain clauses or questions in a Q\&A) ## Password We do not store a user's password *as such*. Instead, in accordance with general security practices, we store [a "hashed" version of a user's password, with "salt"](https://www.okta.com/blog/2019/03/what-are-salted-passwords-and-password-hashing/). In practice, this means that nobody — neither we nor a hacker — can guess your password. In ClauseBuddy, users log in through a security code: a randomly generated code of 28 characters that cannot be chosen by the user, can be made subject to expiry dates, and can be easily revoked by administrators. For both ClauseBuddy and Clause9, it is also possible to connect through SSO via Azure. ### API key If customers are licensed to use the API, then the API key of relevant users is stored as a salted hash. API keys must be regenerated if they are lost or compromised, because there is no way to retrieve them. ## Preferences The following preferences are saved for each user: * enabled languages and their order of preference * enabled currencies and their order of preference --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://legal.clausebase.com/data-collected/profile-data.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.