Legal
  • Privacy
    • Privacy Statement
    • Sub-processors
    • Data Processing Agreement
  • Data collected
    • Profile data
    • Logging data
    • Usage data
    • Stored data
  • Temporary data
  • Data Location
    • Geographical locations
  • Large Language Models
    • General
    • No training / finetuning
    • Usage in detail
  • Security
    • Summary of security features
  • Terms & Conditions
    • ClauseBuddy Free
    • Clause9 Enthusiast
Powered by GitBook
On this page
  • General
  • Password
  • API key
  • Preferences
Export as PDF
  1. Data collected

Profile data

PreviousData Processing AgreementNextLogging data

Last updated 10 months ago

Everyone who uses Clause9 or ClauseBuddy on a non-anonymous basis will have a user profile. This user profile is centrally stored in our database.

General

The user profile contains the following data:

  • first name and last name

  • unique identifier number

  • organisation (typically a law firm or company)

  • email address

  • hashed password (see explanation )

  • rights enabled or disabled for the user (e.g., whether the user is allowed to use ClauseBuddy's templates, create clauses, use Generative AI, etc.)

  • personal preferences (see )

  • layout settings in Clause9 (see )

  • whether the user is a ClauseBuddy curator

  • whether the user's account is disabled

  • groups to which the user belongs

  • the user's Azure ID (when using Single Sign On to login)

  • optional tags assigned to the user by the user's administrator (typically used to show or hide certain clauses or questions in a Q&A)

Password

In ClauseBuddy, users log in through a security code: a randomly generated code of 28 characters that cannot be chosen by the user, can be made subject to expiry dates, and can be easily revoked by administrators.

For both ClauseBuddy and Clause9, it is also possible to connect through SSO via Azure.

API key

If customers are licensed to use the API, then the API key of relevant users is stored as a salted hash. API keys must be regenerated if they are lost of compromised, because there is no way to retrieve them.

Preferences

The following preferences are saved for each user:

  • enabled languages and their order of preference

  • enabled currencies and their order of preference

We do not store a user's password as such. Instead, in accordance with general security practices, we store . In practice, this means that nobody — neither we nor a hacker — can guess your password.

a "hashed" version of a user's password, with "salt"
below
below
below