Contact us if you require a signed Data Processing Agreement.

A summary of ClauseBase's security features is provided below.

Architecture

Clause9 and ClauseBuddy are single-page applications (SPA) that can only be accessed through a secure (HTTPS) connection, either a modern standalone browser (Clause9), or as an MS Word or Outlook plugin (ClauseBuddy). The applications rely on JavaScript at client-side to interact with centrally hosted data on a single server. A secured WebSockets connection (wss://…) to the server is persistently maintained by each user’s browser, to allow for real-time interactions; if a user's firewall blocks Websockets, then AJAX polling is used as a fallback. Any time the connection is interrupted, the browser will store the current working session in its memory, and then block the user from continuing, so as to prevent data loss. All data exchanged between the browser and the server is encrypted, strongly compressed, and protected against Cross-Site Request Forgery (CSRF) attacks.

At client side, all working data is exclusively kept within the temporary JavaScript environment. The only data that is permanently stored consists of an HMAC (SHA-512) encrypted cookie (less than 100 bytes, expiry after 3 months, to allow for automatic re-connection) and a handful of trivial preference cookies, each typically less than 30 bytes, that store the position of a user’s window layout. Login cookies can be centrally invalidated on a per-user basis, so as to force a new login if user devices or passwords would be compromised.

User & file management

A separate administrator account is created for each customer, to allow for centralized user, template and layout management. Files are stored on the server in a folder-like structure, where access rights (read and/or write) can be set on a per-folder basis.

Passwords in Clause9

User passwords must have a minimum of 8 characters, are checked for minimum complexity using Zxcvbn (rejecting common passwords, patterns, …) and are stored in the database with a salted hash (BCrypt combined with SHA-512) against rainbow table attacks. API-keys for Clause9 consist of 36 characters are generated on a per-user basis (password-based key derivation function 2 with Blake2b-512). Logins are optionally, on a per-user basis, secured by two-factor authentication, using industry-standard one- time password generator apps, such as Authy, Microsoft Authenticator or Google Authenticator. After 10 failed login attempts, the user will be automatically blocked for an increasing number of minutes, to stall brute-force attacks. It is also possible to connect through SSO via Azure.

Security codes in ClauseBuddy

ClauseBuddy allows login through "security codes": randomly generated codes of 28 characters that cannot be chosen by the user, can be made subject to expiry dates, and can be easily revoked by administrators. It is also possible to connect through SSO via Azure.

Servers

Two dedicated production Linux servers are hosted by the German hosting company Hetzner, with whom a formal GDPR data processing agreement is concluded. These servers are physically located in data centres in two different cities in Germany. Each runs 100% on wind and hydropower, has ISO certification (audit report available on request), is guarded by on-site security guards, biometric readers, connected with redundant fibre, and has redundant configurations for all critical systems. The server can only be accessed by ClauseBase administrators, through an encrypted SSH connection secured with a strong password. For business continuity reasons, a failover server is also hosted by Hetzner, in Germany. Additionally, we use cloud servers from French hosting company Scaleway (Paris), for hourly database backups.

Database structure

Each jurisdiction and special combination of templating languages receives its own databases and subdomain (e.g., nl.clausebase.com for the Netherlands, en.clausebase.com for the United Kingdom). Enterprise customers requiring data isolation can request their own dedicated virtual machine and associated custom subdomain, which is then hosted on a physical machine in Germany with data at rest encryption through encrypted disk partitions.

Pentest

Pentests are conducted each year by an accredited independent security consultant, the results can be inspected and orally discussed when desired. The last pentest was performed in January 2024.

Backups

A backup for the entire database is performed an hourly basis, with an encrypted version of the backup stored by another Hetzner data centre (even hours) and by Scaleway (uneven hours), with offsite keys. To allow for exceptional access to historical versions, most changes to clauses and templates are also stored in a version-log that retains data for up to one month. Databases with precedents ("Truffle Hunt") are subject to a separate backup policy, with backups every week. Finally, an offline copy (resistant against ransomware) is created every two weeks. Backups are removed after 6 months.

Data retention

In most typical usage scenarios (question & answer templates), any business data inserted into templates is only kept within the JavaScript environment of the client-side browser. When a .PDF or .DOCX file is generated by the server, any such business data sent to the server using the secure WebSockets-connection is deleted from the server environment in a period between 60 – 120 seconds after the file was generated.

Logging

We have installed a central logging solution for log analysis and intrusion, threat & vulnerability detection, with BitDefender agents running on our servers and laptops. We closely monitor the MITRE ATT&CK knowledge base. Logs are kept for 18 months.

Uptime

The uptime of all our public servers is available at . Private instances for specific clients receive their own status page.

Encryption of answers

Users can optionally store their answers in an encrypted format (ChaCha cipher).

Client-side document generation

With a few limitations, it is also possible to generate Clause9 documents completely on the client-side, for those situations where customers really do not want any client-side sensitive data to ever touch the ClauseBase server.

Auto-delete

Users can store business data (answers to template questions) on the platform but are strongly advised to only do so on a temporary basis. To facilitate a fine-grained balance between business needs and data security, users can flag folders to automatically delete their contents after a user-defined number of days.

Development

ClauseBase is developed by a tightly controlled team of experienced JVM-targeted developers that take into account best security practices, such as WASP (SQL attacks, CRLF injections, XSS attacks, enterprise-grade security components, etc.). All ClauseBase staff members use desktop and/or mobile devices with strong encryption. All communication and data storage is done through the highly secure Microsoft O365 environment.

ISO27001

Since September 2023, ClauseBase is ISO27001:2022 certified, covering all controls of the standard. The certificate can be downloaded below:

ClauseBase is operated by ClauseBase BV, with registered office at Alfons Stesselstraat 9, 3012 Wilsele, Belgium and registered with the Belgian Crossroads Bank for Enterprises under company number 0723.768.270 (hereafter: “ClauseBase” or “we”).

This Privacy Statement explains how ClauseBase, as the data controller, uses any personal information about the users of our products Clause9 and ClauseBuddy. For most topics, more detailed information can be found on the webpages elsewhere on this site.

1. Which categories of personal data do we collect?

Profile data

When you create your profile to use Clause9 or ClauseBuddy, you are required to give information that allows us to identify you as a legitimate user. This includes your name, username, email address, password and any information you fill out on our website (e.g. when booking a training session).

Furthermore, we also retain information about your organisation and groups of which you are a member (if your administrator designated you to a specific group).

Account data

We also process information specific to your account, such as your account rights (e.g.: as a regular user or an administrator), your ‘favourites’ (i.e.: the files and folders you include in your shortlist), your language and legal domain preferences, your personal styling (e.g.: font, layout, page settings, etc…) and an optional API key, which allows a third party server to send requests to ClauseBase’s server on the basis of your account.

For each clause/template/answer-set set you create, we also track the “owner” of the clause/template/answer-set and the access rights.

Contact data

When you subscribe to our newsletter, you enter your email address so that we can contact you and provide you with updates. We only store your email address and your first and last name, if you choose to provide it.

Logging data

For data security reasons, we keep logs of virtually all the actions you take in Clause9/ClauseBuddy that cause your browser or Word plugin to perform actions on a server. Examples include: saving a clause, moving a clause to another folder, deleting a clause, exporting a document, changing your preferences, performing a search, logging in or out, changing your password, submitting an AI prompt, uploading a document in Clause Hunt, etc.

Through advanced log analytics, those logs allow us to:

• detect hacking attempts (e.g., repeated login attempts)

• detect problems at our servers

• provide you with support when things are not working

User statistics

Parts of the logs we keep are also used to provide each customer with data analytics on how ClauseBuddy and Clause9 are used (e.g., how many documents were exported, who are the most active users, how many clauses were updated, which clauses are most popular, and so on). In the screenshot below, you can see an example of the statistics that we make available based on the logs we keep. Those statistics can be accessed by every customer’s administrator through the administrator interface of ClauseBuddy.

For customers who have special contractual arrangements with us, some log events may also be used for invoicing purposes (e.g., to determine the invoicing amount, based on the number of exported documents or stored clauses/templates).

Use of Large Language Models (LLMs)

ClauseBuddy and Clause9 integrate with LLMs such as ChatGPT and GPT4, in the following areas:

• Drafting an outline of new documents

• Drafting a new clause according to your instructions

• Redrafting a new clause according to your instructions

• Summarising and explaining text submitted by you

We do not use OpenAI — instead, we make use of Microsoft’s version of those LLMs, which does not reuse your data to train the AI.

We do not store the prompt you submit to an LLM (e.g., to specify how to redraft a certain clause); we merely pass on your prompt to Microsoft, and get back the results. Do note that Microsoft stores your prompt for a limited amount of time, to exceptionally track down server errors and/or prevent illegal content. .

Personal data within the content you create & upload

The ClauseBase platform stores the different types of legal content you upload, which may contain personal data. For example, each clause, template or answer-set that you store, may itself include personal data. For example:

• when you create a template, it may contain a clause that refers to one or more signatures ar your organisation (e.g., in the signature or contacts block)

• when you store an answer-set to a Q&A for an employment agreement, you will likely store various personal data elements about the employee (e.g., name, address, salary, function title, commencement date, etc.)

• when you upload MS Word documents into the module, the contents of those documents will be stored on the ClauseBase platform, to allow you to easily search through it and insert clauses from there.

Cookies

ClauseBase uses cookies on . We use cookies there to make our site work properly and to help us understand how you interact with it. Some cookies are essential for core functionality, while others are used for analytics and personalisation to improve your experience. You can accept all cookies, reject non-essential ones, or manage your preferences at any time, using a refined selection operated by .

For our applications (e.g.: , , , etc.), ClauseBase uses a cookie (called “token”) to store the fact that a certain user ID was effectively authorised to login. These cookies are encrypted and automatically expire after 30 days. Some cookies also store trivial data, e.g. language preferences and the position of scroll bars.

2. Why do we process your personal data?

ClauseBase primarily processes your personal data to allow you to make use our software for the intended purposes — e.g., to allow you to login securely, upload clauses / templates, export DOCS files, etc. Formally speaking, the primary purpose for “processing” such elements of personal data (in the sense of the GDPR) is therefore to execute our contract with you.

We process log files to:

• protect our servers (and your data!) against malware and hacking attempts, through log analytics

• provide you with support, e.g. to investigate why something does not seem to work.

• provide each customer’s administrators with usage statistics, e.g. about most active users or most popular clauses (see above)

• invoice certain customers, e.g. if the licensing contract is based on the number of documents being generated

We also process log files to get analytics on which features are (not) popular among our users, where users struggle with our software, etc. in order to to allow us to improve our software. In these circumstances, the legal basis for our processing activities is our legitimate interest to provide the best possible service to our users.

With respect to personal data stored within clauses/templates/answer-sets: we never sell or otherwise make available such personal data to third parties, such as data brokers or other customers.

3. How long do we store your personal data?

ClauseBase will not store your information longer than is necessary for the purpose of providing the services of the ClauseBase Platform. This means that your personal data will be deleted upon termination of the agreement through which you are granted access to the Platform.

Log files are deleted after 180 days, to allow for “post-mortem” incident research.

However, it is important to note that we may need to retain certain identification information and information on use of the platform in the interest of any potential claims. In any case, we will not retain your personal data for longer than 10 years after the termination of the abovementioned agreement.

4. What are your rights in relation to your personal data?

If you want to invoke your rights, please file your request to us via an e-mail to [email protected].

Access right: You have the right to access your personal information processed by us.

Right of rectification and the right to erasure: At all times, you have the possibility to rectify or erase your personal data, provided that the applicable legal requirements are met. In the event of errors, we will, upon notification, immediately correct our information about you. Personal data will be erased when the legal requirements are met. Excluded from erasure are only the data we still require to enforce our rights and claims, as well as the data we must store for a longer period of time due to a statutory obligation.

Restriction of the processing: If the applicable legal provisions are met, you can require us to restrict the processing of your personal data. This means that your personal data will only be stored and not actively used anymore, unless you give consent for further use. Excluded from restriction are the personal data needed for the exercise or defence of legal claims.

Objection to the processing of data: Furthermore, you have the right to at all times object to the processing of your personal data by us. We will cease to process your personal data, unless we can demonstrate compelling legitimate grounds for further processing (according to the applicable legal provisions) that outweigh your objection rights. You can also choose at any time to stop receiving marketing communication from us like our newsletter. To do so, simply unsubscribe by clicking the designated button at the bottom of every marketing email.

Right to lodge a complaint with the supervisory authorities: You have the right to lodge a complaint with the supervisory authority. Therefore, you can contact the data protection authority that is competent for your place of residence. For Belgium, this is:

Gegevensbeschermingautoriteit / Data Protection Authority / L’Autorité de Protection des Données Drukpersstraat 35, 1000 Brussel Tel.: +32 (0)2 274 48 00 Fax: +32 (0)2 274 48 35 E-mail: [email protected]

5. Who will receive your personal data?

ClauseBase’s server is hosted by one of Europe’s premium hosting facilities, physically located in a datacentre in the European Union. This datacentre hosts the information set out above, but the server can only be accessed by ClauseBase administrators, through an encrypted VPN connection secured with a strong password. The hosting party in question also does not transfer personal data outside of the European Economic Area.

ClauseBase may from time to time work with third parties to deliver an optimal service to you and your organisation. ClauseBase shall never sell information to these third parties or disclose your personal data in an unauthorised manner. Where you provide your personal data to such a third party, this Privacy Statement shall not apply and we instead refer to the privacy statement of the third party in question.

ClauseBase avoids involving subcontractors as much as possible: to enhance our level of data protection offered to you, we try to host as much as we can ourselves, and only resort to third party hosting when self-hosting is unavailable. When necessary, we carefully select subcontractors and, according to ISO 27001, audit all critical ones.

6. Changes to this Privacy Statement

ClauseBase reserves the right to amend this Privacy Statement from time to time. We will place any updates thereof on . This Privacy Statement was last modified and revised on 5 December 2020.

7. Which security measures do we apply?

See for an up-to-date overview.

8. Handling and Responding to Law Enforcement Disclosure Requests

ClauseBase recognises the importance of maintaining the integrity and security of user data stored in our systems. Accordingly, we have established stringent procedures for handling data disclosure requests from law enforcement authorities to ensure compliance with legal obligations, while also protecting our users’ rights.

On receiving a disclosure request from law enforcement, our privacy manager is notified immediately. The privacy manager can be reached at , and his contact details can be shared with law enforcement to facilitate communication. Our policy is to respond to any such request within two business days.

Before proceeding with any data disclosure, we meticulously verify the legitimacy of the request. This process is undertaken by our legal team, which has extensive expertise in data protection. In case of unlawful or dubious requests, we reserve the right to deny the request.

In line with our commitment to transparency, unless legally prohibited, we provide notification to users whose data is subject to a disclosure request. This notification includes details of the request, subject to any legal restrictions or prohibitions on such communication.

All received and processed law enforcement disclosure requests are documented in our Information Security Management System (ISMS) as per ISO 27001 standards. These records are maintained for a duration of ten years, which aligns with the statutory claim period under Belgian law.

This approach aims to ensure a balance between complying with our legal obligations and protecting the privacy rights of our users, whilst also maintaining the confidentiality, integrity, and availability of our information assets. We remain committed to the principles of data minimisation and proportionality when responding to any such requests.

9. Contact information

For any further data protection related inquiries, please contact us at [email protected].

Updates

5 December 2020: changed the email address to and clarified that (a) IP addresses are merely temporarily stored; and (b) we register the fact that users were using our services at a certain moment in time.

13 July 2022: clarification that no cookies are used on the public-facing websites.

11 June 2023:

• Updated the text to reflect the new naming scheme (company name “ClauseBase”, versus the product names “Clause9” and “ClauseBuddy”)

• Addition of logging data

• Removed the reference to www.clausebuddy.com, as this domain name actively redirects to www.clausebase.com

• Include more information about the new feature to expose data statistics to customer administrators

24 February 2024:

Moved the privacy policy to , and added significantly more detailed information through various sub pages.

20 August 2025:

Updated the cookies section to reflect that the new www.clausebase.com now use cookies, managed through Cookiebot.

25 October 2025:

`Rectified terminology towards "privacy manager" in section 8.

About ClauseBase

ClauseBase hosts an online platform ("the ClauseBase Platform") for drafting & reviewing legal documents. It features two applications: Clause9 (accessed through a browser), and ClauseBuddy (MS Word & Outlook plug-in). Together, they allow users to automate, draft, redraft & review legal documents.

ClauseBase engages the following entities to carry out specific processing activities related to the use of the ClauseBase platform.

You may register (by ) to stay up to date on intended changes to this list by clicking the button below and filling out your contact information.

Optional LLM suppliers

The following three suppliers of LLM technology can be optionally chosen by the customer, instead of (or in addition to) Microsoft's GPT4o as the default LLM.

To be clear: ClauseBase does not impose the use of these providers — they are entirely optional, and some customers will in fact want to actively refrain from certain of these LLM vendors due tocustomers' internal compliance constraints. In fact, customers can even specify in detail within the software which LLM must be used for which modules & user-profiles.

Other suppliers

While they do not process personal data or confidential information from our customers, we can also list the following third parties on which we rely:

Updates

• 2nd April 2021: Move from Combell NV (hosting provider) to Upcloud Ltd.

• February 2023: Move from TeamLeader NV to Odoo NV for Communication, CRM & Project Management

• July 2023: Addition of Mailbox.org and Elastic.co; updates to Upcloud (only encrypted backups) and DigitalOcean (no more backups)

• February 2024: Moved the location to

Changes

You can subscribe to the updates to this list of subprocessor, in order to receive an automatic email from us. Please visit to subscribe.

Everyone who uses Clause9 or ClauseBuddy on a non-anonymous basis will have a user profile. This user profile is centrally stored in our database.

General

The user profile contains the following data:

• first name and last name

• unique identifier number

• organisation (typically a law firm or company)

• email address

• hashed password (see explanation )

• rights enabled or disabled for the user (e.g., whether the user is allowed to use ClauseBuddy's templates, create clauses, use Generative AI, etc.)

• personal preferences (see )

• layout settings in Clause9 (see )

• whether the user is a ClauseBuddy curator

• whether the user's account is disabled

• groups to which the user belongs

• the user's Azure ID (when using Single Sign On to login)

• optional tags assigned to the user by the user's administrator (typically used to show or hide certain clauses or questions in a Q&A)

Password

We do not store a user's password as such. Instead, in accordance with general security practices, we store . In practice, this means that nobody — neither we nor a hacker — can guess your password.

In ClauseBuddy, users log in through a security code: a randomly generated code of 28 characters that cannot be chosen by the user, can be made subject to expiry dates, and can be easily revoked by administrators.

For both ClauseBuddy and Clause9, it is also possible to connect through SSO via Azure.

API key

If customers are licensed to use the API, then the API key of relevant users is stored as a salted hash. API keys must be regenerated if they are lost of compromised, because there is no way to retrieve them.

Preferences

The following preferences are saved for each user:

• enabled languages and their order of preference

• enabled currencies and their order of preference

General

Logs are kept for the following types of usage, for invoicing purposes:

• translation requests: user ID, timestamp and number of characters. The actual query and the answer returned by DeepL is not saved.

The ClauseBase platform stores log-data for four different purposes:

• Security, e.g. to detect attacks by malicious actors and availability, e.g. to detect whether servers would reach capacity limitations. ClauseBase is ISO 27001 certified, and central logging is an important requirement under this certification scheme. Similarly, the logs also allow to detect abuse, e.g. to trace whether customers would store illegal information.

• Provide support to users, e.g. to investigate why something does not seem to work.

• Invoicing and usage limitations, e.g. to track the number of translations and LLM requests submitted by customers, and to track the number of DOCX/PDF documents exported by customers (e.g., to invoice customers who are licensing the platform on a per-export basis)

• Customer usage, e.g. to check which features are popular and which customers are actively using the platform

Location

Log data is either stored locally on the relevant server (e.g., in Germany, for enterprise customers), or centrally on our central logging server in Amsterdam.

Inspections

The centralised log data is frequently inspected by the ClauseBase team, through a variety of dashboards, such as the one below.

Only metadata

Care is taken that the logs, in general, only contain metadata. In the few instances where it is relevant from a logging/security perspective to store non-metadata, that data is encrypted by the ClauseBase platform instance before being inserted into the log file.

A sample event looks as follows:

Data being logged

Central logs for server requests

Every time the user performs an action at the server (e.g., opening a Clause9 Q&A, storing a clause in ClauseBuddy, redrafting text using ClauseBuddy's AI features, etc.), this event gets logged in the central log. These central logs are kept for 18 months.

Temporary logs

Important internal API events

During a period of 1 month, the full content of the most important events (+ user ID and timestamp) are being logged into a temporary log at each server:

• Updates to files and folders

• Updates to documents and Q&As

• Clauses sent to curators

• Updates to user account details

Each night, the logs older than one month are being deleted.

Platform usage

During one month, the mere fact that a user is using the ClauseBase platform gets logged into a separate table of the secondary PostgreSQL database of each instance.

Each night, the logs older than one month are being deleted.

Invoice-related logging

In each platform instance's secondary PostgreSQL database, logs are kept for invoicing purposes, as explained .

These logs are kept for 7 years, i.e. the term under Belgian law during which invoices can be contested.

Crash logs

When an internal API event crashes or generators an error, an email with relevant details gets sent to ClauseBase developer team, for analysis.

General

Within ClauseBase, we only use providers with headquarters within Europe* to handle non-trivial customer data for European customers.

In other words, we go beyond the strict requirements of both the GDPR and current market practices, which only require that data is stored inside of the EEA. We go several steps further, so that we don't even want to work with providers outside Europe.

There are only two exceptions to the "European providers" rule: Microsoft (for our internal use of Office 365, as well as our customer's use of Azure GPT-4) and Apple (for the laptops and iPhones we use).

Server locations

Our primary servers are physically located in Germany, with specific servers in other jurisdictions at the request of enterprise customers. Some secondary servers for specific processing tasks (e.g. PDF conversion, discussion forum, etc.) are located in Amsterdam and Finland.

Our encrypted backups are stored in different data centres across Germany and France.

Does ClauseBase use my data for training AI models?

Short answer: NO

ClauseBase is not in the business of creating its own AI model, so we do not use your data at all for AI modelling / training / finetuning

The ClauseBase platform keeps certain data stored for a short while, for operational reasons.

Converted PDF-files

The conversion of PDF-files is quite resource-insensitive and may even take several minutes for PDF-files with many pages and/or poor quality (e.g., scans). Moreover, the same PDF-file is often simultaneously used in different corners of the platform during the same day.

For this reason, PDF-files that are converted into an MS Word-file internally, are temporarily stored on the ClauseBase-server for 8 hours since their last usage. This is currently the case for PDF-files that are uploaded in Doc Chat, Multi Document Table, Truffle Hunt, Text Compare, Bulk Compare, Bulk Operations and Summarise.

The ClauseBase platform makes use of Large Language Models (LLMs) in many different contexts, which are described on the next page.

Service provider used: Microsoft (Azure) by default

ClauseBase currently uses GPT-4o as the default LLM, hosted by Microsoft Azure, except if:

• the customer would opt for any optional alternative LLM vendor offered by ClauseBase, such as OpenAI, Noxtua, Mistral or Anthropic (Claude)

• a customer would use his own key for any of the vendors

Microsoft is not in the business of developing of GPT, so can in very strong language that it does not reuse any customer data for improving either GPT or any of its own products, and does not share customer data with OpenAI. These confidentiality guarantees are similar to how Microsoft will never reuse a customer’s DOCX-files that are stored in its Office 365 cloud.

Moreover, since mid March 2025, ClauseBase was granted the by Microsoft, meaning that Microsoft will not store any content submitted to the LLMs, not even for "abuse monitoring" (e.g., to check whether users are looking for tips to hide a body in their garden, or request recipes to build bombs).

Xayn offers very , which should not be surprising for an LLM created by, hosted in and targeted at Europe.

Similar guarantees — although less explicit than Microsoft and Xayn — are made by the optional vendors that the customer can choose:

LLM server locations

We currently make use of the following Microsoft Azure servers for GPT:

• Sweden, for enterprise customers in Europe

• France, for users in the United Kingdom, and for our non-enterprise customers in countries in Europe other than for Belgium, Germany & Switzerland

• United States East, for our enterprise customers in the United States

• Australia East, for enterprise customers in Australia

In Azure, we use the "Data Zone Standard" setting, so that it may happen that within the same big geographical zone, the server location gets dynamically rerouted, based on traffic consumption at Microsoft (so that, for example, the Swedish server gets used by users that would normally use France, in case of heavy traffic). To be clear: , this setting doesn't allow data to go across boundaries of the large region, e.g. data from within Europe will remain in Europe, and data within the US will remain in the US.

Noxtua

Instead of Azure GPT4o, yYou can also opt for , Europe’s first sovereign Legal AI. Trained with legal texts labeled by experts, this sovereign European AI is specifically tailored to your needs as a law professional. This makes Noxtua your secure and independent European AI alternative.

Noxtua is operated by Xayn ,which hosts Noxtua on the .

Optional OpenAI

While Microsoft's version is technically almost identical to the one used by OpenAI, by default the ClauseBase platform does not make any use of OpenAI's services due to the poor confidentiality track record of OpenAI and our legal audience's concerns with respect to confidentiality.

However, customers can optionally choose for OpenAI, in addition to (or as a replacement for) Azure GPT4o. We offer finegrained controls that allow customers to choose which LLMs can be selected by their users, even mixing different modules and/or user profiles (e.g., "partners can use any LLM for any drafting task; senior lawyers can choose between Claude and Azure GPT4o; junior lawyers are only allowed to use Mistral, except for drafting new clausese").

However, customers can optionally use their own OpenAI subscription, if they wish — see below.

Customer's own subscription

Customers are free to use their own key (subscription) for LLms. In fact, ClauseBase actively encourages customers to do this, to get better capacity and direct invoicing from providers.

As stated above, ClauseBase also offers the possibility to customers to use other vendors than Microsoft, e.g. Meta's LLama (hosting possible in many locations), Xayn Noxtua, Anthropic Claude (US) or Mistral Large (France).

About the EU AI Act

As is evident from the description above, ClauseBase does not develop, fine-tune, or place any AI system on the market under its own name, it does not qualify as a importer, distributor or product manufacturer under the AI Act. ClauseBase solely integrates general-purpose AI models into its platform via third-party service providers, without modifying them in a way that would qualify ClauseBase as a provider under the EU AI Act.

Furthermore, the use of LLMs within ClauseBase is strictly limited to productivity-enhancing functions for legal professionals. It does not involve any applications that fall within the high-risk categories defined in Annex III of the AI Act.

Accordingly, ClauseBase qualifies solely as a deployer of general-purpose AI systems. In this capacity, it is committed to fulfilling the responsibilities imposed on deployers under the AI Act. This includes amongst others measures such as:

• Promoting an appropriate level of AI literacy among its employees and collaborators, aligned with their respective roles and responsibilities;

• Ensuring transparency for end-users regarding the intended use, capabilities, and limitations of AI-generated content.

Updates

• 28 July 2025: added a reference to the EU AI Act

• 2 April 2025: added explicit references for Noxtua

• 19 March 2025: added the Microsoft abuse monitoring exception

Version 20230207

‍[terminology was changed to reflect the merger between websites clausebuddy.com and clausebase.com, and to reflect that these Terms & Conditions only apply to the free version of ClauseBuddy]

These Terms and Conditions apply exclusively to the use of the free "ClauseBuddy" (free or paid), as provided by ClauseBase BV. These Terms and Conditions shall constitute the entire agreement between the Parties. The use of the paid version, whether or not combined with a separately purchased license to the Clause9 platform (also marketed through ) will be subject to separate Terms and Conditions. ClauseBuddy may also be combined with third party content offered through various channels, which may itself be subject to other terms & conditions.

1. Definitions

“Account” means the combination of a user's name, security code, underlying password, settings and personal files for the Customer;

“ClauseBase” means ClauseBase BV, Alfons Stesselstraat 9, 3012 Leuven, VAT BE0723.768.270, RPR Leuven;

“Customer” means the natural or legal person subscribing to a ClauseBuddy subscription;

“Commencement Date” means the date on which the Customer activates their Account;

“Data Protection Legislation” means the General Data Protection Regulation (GDPR) and any national implementation that apply to the Parties’ processing of personal data;

“Error” means a substantial, verifiable and reproducible non-conformity of the Platform with its User Guide;

“Force Majeure” means any cause beyond a Party’s reasonable control, such as acts of God, acts from authorities, war, fire, flood, explosion or civil commotion, electricity outages, telecom breakdowns (including “denial of service” attacks and similar unavailability of connections), strikes, failure of a third party, software bugs in third party software, industrial action, etc.;

“Hosted Data” means any electronic data (including clauses, legal metadata, logos, questions, etc.) stored in the Platform, after being uploaded by the Customer;

“Hosting Services” shall consist of storing the Hosted Data and software, serving page requests and web service invocations, and maintaining and updating the Platform;

“Platform” means the proprietary web-based application that is marketed as “ClauseBuddy”, as marketed through www.clausebuddy.com and made available in Microsoft's app stores. The Platform contains features such as: the storage of clauses and legal content; a search engine; and a content composition engine.

“Term” means the term of this Agreement, as calculated from the Commencement Date;

“Usage Fees” means the fees to be paid by the Customer to ClauseBase for the use of the Platform, in the paid subscription of ClauseBuddy;

“User Guide” means the manual for the Platform, as updated from time to time, and made available through .

2. ClauseBase Platform license

ClauseBase grants the Customer a non-exclusive, non-transferable right to use the Platform as described in the User Guide, and to enable the Customer to access and use the Platform during the Term.

3. Use of the Platform

3.1. The Customer shall use the Platform in accordance with the conditions and limitations set forth in this Agreement and shall not:

3.1.1. sublicense or otherwise make the Platform available to third parties, unless allowed in writing by ClauseBase;

3.1.2. attempt to gain unauthorized access to the other accounts, or related systems or networks of ClauseBase;

3.1.3. use the Platform in an unfair manner (e.g., with respect to storage or bandwidth), in light of the fact that this Platform is technically time-shared between various Customers;

3.1.4. use the Platform in an illegal manner (e.g. illegal content).

3.2. Despite the fact that the Platform may offer the Customer access to pre-written clauses & documents, ClauseBase does not act as a law firm, and ClauseBase does not offer the warranties customarily offered by law firms to their clients. The Customer also accepts that the compliance, validity and up-to-dateness of the aforementioned public clauses, as well as any other clauses that would be offered to the Customer by ClauseBase, is only guaranteed by ClauseBase if explicitly set forth on a signed order form.

3.3. The Customer shall have sole responsibility for the accuracy, quality, legality, reliability, and appropriateness of the Hosted Data. The Customer acknowledges that, even though the Platform is advertised as a tool to accelerate the drafting of various legal documents, such tool shall not relieve the Customer of reviewing the correctness, quality and appropriateness of the Hosted Data. The Customer shall be solely responsible to determine whether, how and where to use any Hosted Data. The Customer will duly test and periodically review the Hosted Data and contract drafting facilities offered through the Platform.

3.4. The Customer shall protect the confidentiality of its security code or that of its users, which are strictly personal and shall be solely used by the Customer themselves. It is strictly prohibited for multiple users to share a single security code. ClauseBase must be promptly notified if a user's security code is lost or exposed.

3.5. The Customer acknowledges that the ClauseBuddy subscription is subject to technical limitations (e.g., maximum amount of stored clauses, maximum languages) and changing feature sets, which will be communicated by ClauseBase through its website and which may be adjusted by ClauseBase at its sole discretion. For the paid version of ClauseBuddy, ClauseBase warrants that the overall level of features, will generally not degrade, even when remixes of features and limitations would be announced from time to time.

3.6. The Customer accepts that ClauseBase has the right to remove or block any Hosting Data which third parties or authorities assert is illegal or infringes upon the rights of others. To the extent possible, ClauseBase shall inform the Customer in advance.

3.7. During the Term, the Customer shall have the right to use the logo and trade name of the Platform to (i) indicate that Customer uses the Platform; (ii) indicate that the Customer is a customer of ClauseBase; or (iii) promote or provide information on the Platform, subject to the conditions that the use of the logo or trade name (a) does not jeopardize the reputation, image and goodwill of ClauseBase, and (b) does not lead to any confusion about the fact that the Platform is owned and operated by ClauseBase; and (c) does not lead to any confusion about the fact that ClauseBase and the Customer are two independent parties with a separate legal identity.

3.8. The Customer shall report any Errors immediately on detection through the helpdesk, in a well-documented way. At ClauseBase’s request, the Customer shall render assistance, in all fairness, for the diagnosis, the reproduction and correction of the Error.

3.9. The Customer agrees to indemnify ClauseBase, its representatives and employees against any and all damage, expenses and third-party claims arising out of the use by the Customer of the Platform in a manner that does not correspond with this Agreement.

4. Warranties

4.1. The Platform is made available to the Customer as-is, and may contain bugs and Errors. However, ClauseBase shall use commercially reasonable endeavours to match the features, functionalities, etc. with the User Guide.

4.2. The Customer acknowledges that the access to and use of the Platform may be suspended from time to time due to unanticipated or unscheduled downtime. To the extent possible, ClauseBase shall schedule planned downtime outside Belgian working hours.

4.3. In light of the software-as-a-service nature of the Platform, ClauseBase shall have the right at any moment to: (i) activate a new version of the Platform; (ii) add additional functionality to the Platform; (iii) modify internal or external functioning of the Platform, provided similar functionality is kept; or (iv) move its servers or networks to other locations or data centers within the European Union. ClauseBase shall undertake reasonable efforts to mitigate the impact on the use for Customer.

5. Term and termination

5.1. This Agreement comes into force on the Commencement Date, for an indefinite duration.

5.2. ClauseBase can terminate this Agreement with immediate effect without intervention of a judge by written notice to the Customer, if the Customer commits a material breach of this Agreement or if the Customer uses the Platform in a manner that ClauseBase believes in its sole discretion (but always acting reasonably) is harmful to the Platform or other users.

5.3. ClauseBase can introduce changes to this Agreement at any time. If the Customer does not agree with them, the Customer can terminate this Agreement for convenience at the latest one month before the change would become effective. In the absence of such termination by the Customer, the changes are deemed accepted by the Customer.

5.4. Each Party can terminate this Agreement without intervention of a judge with immediate effect on written notice: (i) if a receiver, administrator or similar officer is appointed over all or any part of the assets or undertaking of the other Party; (ii) if the other Party makes any arrangement for the benefit of its creditors; or (iii) if the other Party goes into liquidation save for the purposes of a genuine reconstruction.

5.5. After termination of this Agreement: (i) each Party shall return or destroy (or provide a certificate of having destroyed) the other Party’s Confidential Information; and (ii) ClauseBase shall, upon request by Customer made within thirty days after the effective date of termination, provide the Customer with limited access to the Platform, for the sole purpose of enabling the Customer to make a copy of the Hosted Data. After this period, ClauseBase shall have no obligation to maintain/provide any Hosted Data.

6. Confidentiality

6.1. “Confidential Information” means all confidential information of a Party (“Disclosing Party”) disclosed to the other Party (“Receiving Party”) in writing, that is designated as confidential or that reasonably should be understood to be confidential given its nature and the circumstances. Confidential Information shall not include: (i) information that is, or becomes, generally known to the public without breach of any obligation owed to the Disclosing Party; (ii) information known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party; (iii) information developed independently by the Receiving Party without breach of any obligation owed to the Disclosing Party; (iv) information received from a third party without breach of any obligation owed to the Disclosing Party; and (v) statistical information generated from the Hosted Data.

6.2. The Receiving Party shall not disclose or use Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement, except with the Disclosing Party’s prior permission.

6.3. Each Party agrees to protect the confidentiality of the Confidential Information of the other Party in the same manner that it protects the confidentiality of its own confidential information of like kind (but in no event using less than reasonable care).

6.4. If the Receiving Party is compelled by law to disclose Confidential Information of the Disclosing Party, it shall provide the Disclosing Party with prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at Disclosing Party’s cost, if the Disclosing Party wishes to contest the disclosure.

7. Data protection

7.1. In relation to the processing of any personal data in the profile data of each Account (such as the username, password, first name, last name and email address), ClauseBase qualifies as the “data controller” under the Data Protection Legislation.

7.2. In relation to the processing of any personal data contained in the Hosted Data, the following shall apply:

7.2.1. The primary purpose of the Platform is to store clauses, which – by their nature – should not contain any personal data, as they will typically contain placeholders that need to be completed by the Customer with actual data. The Customer accepts to respect this general positioning of the Platform and shall refrain from treating the Platform as a data storage solution, so as to minimize the amount of personal data that is stored on the Platform.

7.2.2. In relation to the processing of any personal data contained in the Hosted Data, the Customer shall be the “data controller” and ClauseBase shall be the “data processor”. ClauseBase shall only process such personal data: (i) in accordance with the instructions received from the Customer, which may be specific instructions or instructions of a general nature as set forth in this Agreement; (ii) to the extent, and in such manner, as is necessary for the provision of the Hosting Services, or as is required by law or any regulatory body.

7.2.3. Each Party shall comply with its respective obligations under Data Protection Legislation and shall not undertake any action that would cause the other Party to breach any of the Data Protection Legislation obligations. In particular, the Customer shall ensure that: (i) all instructions given by it to ClauseBase in respect of the Hosted Data will be in compliance with applicable data protection legislation; (ii) it has all required consents, licenses and approvals to use, disclose and/or transfer the personal data included in the Hosted Data.

8. Risk allocation

8.1. The total aggregate contractual and extracontractual liability of ClauseBase under this Agreement shall be limited to five (5) EUR. To the maximum extent allowed by applicable law, ClauseBase shall not be liable for indirect damage of any kind (such as loss of profits, loss of use, loss of customers, business interruption, third party claims, etc.) incurred by the Customer or third parties connected to the Customer.

8.2. Nothing in this Agreement shall exclude or limit either party’s liability for fraud or wilful misconduct.

8.3. The Customer explicitly accepts that the "Clause Hunt" module is designed to search through templates and model clauses, must only contain copies of data also stored elsewhere, and must not be used as a contract / document management tool. ClauseBase encourages the customer not to store any personal or confidential data in this module, and shall not be liable for any usage of this module outside the usage scenario described in this clause 8.3.

9. Miscellaneous

9.1. Neither Party shall be liable to the other for any delay in, or failure of, the performance of its obligations arising from Force Majeure. The Party affected by Force Majeure shall as soon as practicable, send to the other a written notice setting out the circumstances of the event and its anticipated effect, and shall use all reasonable endeavours to minimize the effect of any such circumstances. In case the Force Majeure affects ClauseBase then ClauseBase may terminate this Agreement with one month’s written notice without being liable for such termination.

9.2. Should any clause be found to be invalid/unenforceable, such clause shall be deemed severed from this Agreement, and the other clauses thereof shall remain in full force and effect. The Parties shall then negotiate in good faith, on a commercially reasonable efforts basis, to agree on alternative clauses with the same economic effect as intended by the Parties.

9.3. This Agreement shall be governed by and construed in accordance with Belgian law. Should any dispute arise, the Parties will endeavour to resolve it in good faith. If the dispute is not resolved within thirty days through such negotiations, each Party shall have the right to submit the unresolved issue to the courts of Leuven, which shall have exclusive jurisdiction to settle any such dispute.

‍

Update July 2023: addition of clause 8.3 regarding information stored in "Clause Hunt".

Version 20200506

These Terms and Conditions apply exclusively to the use of the ClauseBase Platform (subdomains of clausebase.com) as provided by ClauseBase to Customers with an Enthusiast Subscription. These Terms and Conditions shall constitute the entire Agreement between the Parties. If, at any point in time, ClauseBase introduces a separate platform designated to sharing/selling then such platform will be subject to separate Terms and Conditions (to be announced together with the respective sharing/selling platform).

In most cases, it is not a good idea to store personal data inside of clauses & templates, but some users nevertheless do.

For the sake of exhaustivity, we therefore also provide an extensive overview of all the types of data that gets stored on behalf of the users on the ClauseBase platform.

Clauses

Clauses are one of the most important data elements in the ClauseBase platform. They have an owner (user), filename, body and optionally a description, comments and attributes assigned to them. In Clause9, they can also have various other elements associated with them, see below.

Documents

Documents have a filename and owner (user).

• In Clause9, documents are collections of clauses, accompanied by information about how the clauses are structured internally (e.g., first clause 1001, then clause 2023, then clause 5001, then a subclause 5023, etc.). Documents can hold layout information.

• In ClauseBuddy, documents contain the entire contents of a DOCX file.

Q&A answers

End-users can optionally save the answers to a Q&A into a separate file ("answer set"), typically to prevent that the answers would need to be entered again a few days later (e.g. while negotiations are still ongoing). Those answers can deal with any type of data deemed relevant by the template author, e.g. commencement date, salary, interest rates, optional clauses to be inserted, free text added to the contract, etc.

In Clause9, template authors can also specify that answers from anonymous users must be saved in an encrypted way, using a password chosen by the end-user (optionally associated with an expiry key).

Attributes

Clauses can have attributes assigned to them, i.e. predefined metadata types, such as "length", "pro buyer", "aggressive?", "industry", etc. The ClauseBase platform stores both the blueprint for such attributes as the effective value assigned to each clause.

Security-related data

Access bundles

Each file and folder in the ClauseBase platform can have its own access settings. Those settings are centrally stored as , and store the owner of the bundle an the actions allowed by each user or user group (e.g., "the corporate department can read files tagged with this access bundle, but cannot edit them").

Expiry date of folders

Folders can optionally be assigned a user-definable expiry term. Every night, the files stored in an expired folder will get automatically removed, to prevent accumulation of data.

Logins

For each login performed by a user, the ClauseBase platform will store the user ID, a unique random token and the expiry date. This record will be deleted upon logout.

SSO settings

If a customer account is protected with SSO, then relevant settings (login expiry, launch URL, return URL, certificate) are stored by the ClauseBase platform.

Clause9-specific items

Binders

Binders are collections of Documents. Similar to Documents in Clause9, they can also have custom styling information.

Global placeholders

Clause9 allows to define "placeholders" at the level of a customer, group or user. Those placeholders will be dynamically replaced with concrete values, typically for use in a Clause9 template or in disclaimer messages. A placeholder has a name and a data type assigned to it.

Recently used Q&As and documents

Clause9 keeps track of the most recently used Q&As and documents, to show them as a short-list towards the user. (A user can also manually clear this list.)

Sub-elements of clauses

Action buttons

A clause can host one or more "action buttons" for modifying a clause inside of the Clause9 Assemble Document environment. Stored data includes the name of the button, its position, the database query it optionally executes, the subclause(s) it inserts when clicked and the insertion method.

Audit trail

Enterprise customers can optionally activate auditing for clauses. This will cause each updated version of a clause to be separately and integrally stored by the platform, so as to see how the contents of clauses evolved over time. In addition the full contents of each clause, the audit trail also stores the timestamp of the event, the system function or user command that triggered it, and the associated user.

Cross-tags

Clauses can be associated with "cross-tags", i.e. cross-reference target elements.

Custom layouts

Clauses can have a custom styling associated with them.

Links to Concepts & other clauses

Clauses can optionally contain links to other clauses and to concepts, e.g. to indicate that a certain clause is an example of a certain legal concept.

Memos

Clauses can optionally have one or more memos with text associated with them; typically used in a Q&A to show additional legal information (e.g., case law or legal doctrine) relating to that clause.

Metadata: timestamp & owner

For each clause and each folder, the ClauseBase platform will store a timestamp of the last change, as well as the "owner" (user) of the clause/folder.

Status

In Clause9, clauses can be assigned a status (such as "validated" or "draft").

Versions

Clause9 can store related versions of a clause — e.g., a version that was used before some relevant legislation was changed, and a current version used after that change in legislation.

Concepts

For each Concept, essential elements such as its datafields, data-expressions, concept-labels and links to other concepts can be stored.

Bookmarks

Each user can store bookmarks ("favourites") to interesting folders.

Custom home pages

Administrators can create one or more customised home pages, and assign them to certain user groups. Those home pages store the following information: title, styling (hide title, alignment, border, background colour, width, height), layout (number and type of columns, region to occupy, header & footer, padding), expiration date, max. amount of files to show, specific files to show.

Custom branding

Enterprise customers can store deviating CSS styling and custom logos, to brand their Clause9 portal.

Layout objects

On the level of the customer, group, user and individual document, so-called layout objects can be stored. Those layout-objects contain a title and owner, as well as specific layout information (e.g., font, paragraph settings, numbering scheme, locale style, enumeration settings, cross-reference styling).

Spreadbases

Clause9 allows to create "spreadbases", i.e. integrated spreadsheets that host commonly used business information (such as addresses of legal entities or names of signatures) that may be relevant in Q&As. Spreadbases can host multiple types of records (numbers, texts, lists of texts, dates, durations, etc) and may therefore store substantial amounts of data.

Third party integrations

Clause9 can be integrated with various third party services, such as Contractify and Corporify. Such integrations can have their own access bundle to define which users can use those integrations. Depending on the service considered, a password, OAuth token or API key may also get stored.

ClauseBuddy specific items

Curator inboxes

In ClauseBuddy, so-called "curators" automatically get an inbox, where messages are being stored that get sent by other users. Those messages contain a timestamp, title, note, language, body (usually some interesting new clause or feedback related to a certain clause or template) and the name of the sender.

Doc Chat

Previous prompts and chat sessions are temporarily saved in the browser's LocalStorage.

Multi-document Table

Users can save (and even publish towards colleagues) the question sets they formulate, to foster easy reuse. It is very atypical for hose questions to contain any sensitive data.

Write & Rewrite

• Administrators can create default prompts for the entire organisation and/or specific groups.

• Users can save their own prompts on the server, to facilitate future reuse.

• Recent prompts get automatically saved in the embedded brower's LocalStorage.

Summarise

Users can save the structure of their summaries, to foster future reuse of that structure (e.g., which information gets extracted, in which other, ...).

Legal guides

In ClauseBuddy, users can store , which essentially consist of side-panels with information regarding the currently selected clause in a DOCX file. Legal guides have their own name and access bundle, and for each clause they refer to they can also store a comment to be displayed to end-users.

Review sets

In ClauseBuddy, users can create rule sets for . These rule sets store the following information for each rule set: title and optional access bundle to define who can edit & use the review rules. In each rule set, users can store requirements, each containing a title, body, associated actions to be undertaken by the end-user when the rule is not met: delete / highlight / comment / rewrite text, conditions when the requirement can be skipped, questions to be asked to the end-user.

Search folders

allow administrators to combine diverse folders into directories that users can easily browse with the Browse Quality Library module. Search folders have a name and an optional access bundle.

Style schemes

Users can store different (e.g., one scheme for short letters, one for contracts, one for internal memos, etc.), to facilitate automatic styling of clauses that get inserted into MS Word.

Those schemes store detailed settings that reflect the settings of an MS Word template, such as the style names used for headings/body/table paragraphs; text snippets to recognise templates.

Subscriptions

In ClauseBuddy, administrators can implement for external users (e.g., the clients of a law firm). For each subscription, the following data elements are being stored: the security code, expiry date, support email address and logo shown to the end-users.

Truffle Hunt baskets

The feature of ClauseBuddy allows users to upload entire PDF or DOCX files. Not only can those documents be easily searched in; clauses in those files also get automatically extracted and made available. The module allows users to create different folders ("baskets"), each with its own access bundle to define which user can read from and contribute to the basket.

Truffle Hunt only stores information from DOCX/PDF files uploaded by users (including the metadata found in the original files). However, in practice, significant amounts of confidential data may thus get stored on the ClauseBase servers in this way.

Bulk Operations

Users can store (and even publish towards colleagues) the sets of operations they have configured (e.g., "accept all changes; swap all footers containing X by Y; concatenate all files into one DOCX-file). Those saved operation-sets do not typically contain any sensitive information.

Updates

• 2 April 2025:

  • removed information relating to Bulk Import, as that module was deprecated

  • added information regarding various new modules added to ClauseBuddy (Doc Chat, Multi-Document Table, Write & Rewrite, Summarise, Bulk Operations)

How customer data gets passed to the LLM

The ClauseBase platform makes use of LLMs in very diverse situations. Because the use of LLMs involves quite some concerns from legal teams and compliance officers, we describe each individual usage of LLMs within ClauseBuddy, including the customer data that gets sent to the LLM.

Note that for each of the situations described below, ClauseBase merely passes along the relevant data to the LLM. In other words, the ClauseBase platform does not store the customer data that it passes to the LLM, except if the user would afterwards deliberately store the results in ClauseBuddy's database.

Moreover (except for some administrative metadata for invoicing purposes) ClauseBase does not monitor any such data, does not want to monitor any such data, is not interested in monitoring any of it, does not know what passes through its system, let alone use it in any way. The customer is itself responsible for making sure that its users act responsibly.

For example, if the user selects two pages of highly confidential text from a share purchase agreement in an MS Word document, and asks ClauseBuddy to summarise that text, then ClauseBuddy will merely pass along that text to the LLM, and present the summary to the user. It is then up to the user to decide what to do with the text — e.g., the user may decide to copy that summary into some new Word document, or perhaps even to store the summary as a new "clause" in a ClauseBuddy library. However, except for what the user decides to do, ClauseBuddy does not remember either the initially selected text or the summary.

For each of the data flows described below, the scenario is basically as follows:

• The embedded browser in which ClauseBuddy is running sends some data (e.g., the selected text, the currently opened document, or some other uploaded file) to the ClauseBase-server.

• The ClauseBase-server logs some basic metadata (timestamp of the request, requesting user / customer, size of the request), to be used only for administrative purposes such as invoicing.

• The ClauseBase-server sends the request to the LLM, usually unmodified but sometimes with some additional information that had to be processed by the ClauseBase-server (e.g., when a DOCX-file was passed on, then it may be the case that that DOCX-file got split into clauses or otherwise converted in another format that allows for easier consumption by the LLM).

Clause9

Automatic filename for a clause

Users can instruct Clause9 to automatically draft the filename of a clause on the basis of the clause's contents. No data other than the current clause's contents gets sent to the LLM, in the currently selected language.

ClauseBuddy

Semantic vectors & reranking

Truffle Hunt, AutoSuggest and the Quality Library all rely upon semantic vectors and reranking when storing & processing clauses.

This means that the textual content of clauses gets converted into mathematical vectors (currently 1024-dimensions) that then get stored in a dedicated database table, to facilitate later "smart searches" that can then be requested by end-users, e.g. to retrieve a clause talking about "termination" even when the user would enter a query relating to "stopping the contract".

When performing a smart search, the ClauseBase servers also automatically "rerank" retrieved clauses based on their legal content. This means that the clauses get sent to a dedicated re-ranking server, which reorders them based on their semantic information. This ensures that users get more intelligent search results then what can be achieved by traditional search technology (that mostly relies on the relative frequencies of words).

Both the conversion to semantic vectors and the reranking make use of technologies that are also used within LLM operations. Even so, this does not involve the use of any LLM. Furthermore, for reasons of cost, data sovereignty, control and speed, ClauseBase selected open-source semantic databases and self-hosts the re-ranker and semantic conversions, on dedicated GPU-driven servers operated by ClauseBase. In other words, for none of these operations any outside service ever gets contacted.

"Process results with AI"

In Truffle Hunt, AutoSuggest and the Quality Library's Browse module there is a with an LLM.

Essentially, this button takes the current visible clauses and submits them to an LLM for further intelligent processing.

• Obviously, those clauses get submitted to the LLM. Note that in practice, due to capacity constraints and time constraints, only the top 100 clauses actually get submitted to the LLM.

• The user may also optionally submit an additional prompt with further explanations.

• The LLM will then filter and/or reorder the clauses, and return the internal IDs of the filtered/reordered clauses. For example, when 25 clauses would be submitted together with the user's request to "only retain clauses dealing with outsourcing" then the LLM will return the IDs of the clauses that meet that constraint.

Doc Chat

The Doc Chat module allows users to interactively "interrogate" an opened document — or one or more other PDF/DOCX files — with the help of LLMs.

With respect to data transmissions, Doc Chat acts as follows

• Be aware that LLMs have no short-term memory. This means that the entire chat conversation — i.e., both the user's own prompts, the LLM's answers and (where relevant, see the next bullets) the selected documents — will get resent to the LLM with each and every new question submitted to the LLM. In other words, what gets submitted to the LLM with each question naturally gets longer and longer.

• By default — for reasons of cost, speed and data protection — ClauseBuddy will only submit the currently selected text (if any) to the LLM. However, the LLM is requested to signal that it requires the entire document when the question asked by the user cannot be answered solely using the selected text and the chat conversation. Accordingly, the document will frequently (but not necessarily) get sent in its entirety to the LLM with follow-up questions.

• Note that it is also possible that the user selects multiple documents, instead of only the currently opened document, e.g. to ask questions about a contract and its amendments and/or annexes. All of these documents get sent together to the LLM.

Multi-document Table

The Multi-document Table functionality (accessible through the Doc Chat icon) allows users to ask a series of questions about multiple PDF/DOCX documents at once. The user can then export teh resulting table to DOCX or XLSX.

With respect to data transmissions, Multi-document Table does the following:

• Obviously, all documents selected (the currently opened document and uploaded DOCX/PDF files) will get sent to the LLM. In practice, they get sent separately (in separate rounds) to the LLM, in order to reduce the intellectual taxation of the LLM.

• Together with each document that gets sent, ClauseBuddy will send the list of questions formulated by the user. The LLM will then respond with:

  • Some answer it formulated.

Write & Rewrite module

This module consists of several submodules:

• Draft new text, on the basis of a prompt

• Redraft selection, where the currently selected text in MS Word gets redrafted on the basis of a prompt

• AutoCheck selection, where the currently selected text in MS Word gets amended to optimise it in favour of a certain party

• Polish selection, where the currently selected text in MS Word gets grammatically reviewed and changed

Common processing operations

The different modules operate differently, but from a data perspective, they share the following similarities:

• If a prompt can be drafted by the end-user, it will be sent to the LLM, together with the text currently selected in MS Word.

• For reasons of layout-optimisation, ClauseBuddy will also select the immediately surrounding paragraphs. Those get sent to the LLM in order to illustrate towards the LLM where the newly drafted (or redrafted) text will get inserted, what the numbering looks like, etc. In the background-prompt, the LLM is instructed to take into account those surrounding paragraphs.

• As is always the case, neither the LLM, nor the ClauseBase-servers store any of the information passed to it, except (as further detailed in the next paragraphs) that the prompts get temporarily or permanently stored.

"Find missing topics"

The Find missing topics button of the Draft submodule will send the entire document to the LLM, and asks the LLM to suggest interesting topics that could be added because they're currently missing.

"Automatic suggestions"

The Redraft submodule automatically provides suggestions on how to redraft the current selection. End-users can then click on those suggestions to have them inserted into the prompt.

In order to formulate those suggestions, the LLM gets a copy of the currently selected text in MS Word.

"Include document context"

The Draft and Redraft submodules also contain a checkbox Include document context.

As , this checkbox causes the opened document to get analysed (e.g., to extract the defined terms from the definition list) and summarised upfront by the LLM. The summary will then get passed along to subsequent draft/redraft instructions, in order to let them increase the quality of their ouput.

AutoCheck selection

As , before the optimisations (amendments) get sent to the LLM, the AutoCheck selection will send the entire document to the LLM in a prior phase, in order to extract the names of the relevant parties.

The idea is that the end-user will then choose the party for whom the optimisation must be performed. In the next stage, the selected text is then sent to the LLM in order to have it optimised to the advantage of the selected party.

Storing prompts

The Write & Rewrite submodules store prompts in various ways, at different levels. All of this storage happens within the browser or ClauseBase-servers, but of course those prompts do get sent to the LLMs at various points in time, as explained above.

• Administrators can create default prompts (either for the entire organisation, or only for specific groups of users) through the Admin > Write & Rewrite .

• Individual users can explicitly store their prompt explicitly through the "..." upper-right menu. These prompts are saved at the ClauseBase-server for each individual user.

• An individual user's recently used prompts are automatically tracked and stored within the user's browser, i.e. they are not saved at the ClauseBase-server and will be lost when the browser-storage would be reset.

Summarise

The Summarise module allows users to summarise selected text from the currently opened text, and/or summarise entire uploaded DOCX/PDF files.

The following data is processed by this module:

• Obviously, the text selected for summarisation (either in the currently opened document, or the DOCX/PDF file that gets uploaded) gets sent to the LLM. The LLM will create the summary, send it to the ClauseBase-server, which will on its turn stream the result to the end-user's ClauseBuddy instance.

• When the resulting summary gets inserted into the opened DOCX-file, no ClauseBase-server is involved. Instead, when the Export gets used, the summary gets sent to the ClauseBase-server, which pastes the plain text into either a default base DOCX-file, or into the user's customer DOCX-base file for reporting.

• Users are able to store the structure of the summary (e.g., which data to extract, in which order, ...) to foster future reuse and/or sharing with colleagues. However, it is very atypical for this structure to contain any sensitive data.

Draft entire document

ClauseBuddy also allows users to draft an entire document on the basis of a prompt.

• Initially the LLM is provided with the first prompt of the user (e.g., "Draft me a short consultancy agreement between client X and counterparty Y").

• The LLM will subsequently draft a table of contents and this to ClauseBuddy.

• The user can then choose to fill individual clauses with either content from his own clause library (for which the LLM doe not get involved), or content drafted by the LLM following a new instruction. In the latter case, the LLM gets sent the new prompt.

• Users can also ask the LLM to provide suggestions for redrafting existing clauses within the table of contents, or for adding subclauses. In such case, the LLM gets sent the content of the current clause.

Smart Merge

The allows users to intelligently merge two clauses (or selections of text) in an intelligent way, with the help of an LLM. This module appears in various locations throughout ClauseBase, within the Insertion menu (typically a big round plus button).

Essentially, the Smart Merge operation sends two different clauses to the LLM and then asks the LLM to extract relevant legal features from each clause:

The LLM will then respond with those legal features, which get passed on to the ClauseBase-server, which then forwards them to ClauseBuddy.

The user can them "mix" those features and request the LLM to redraft a mixed version. When doing so, ClauseBuddy sends the original texts plus the selected & deselected legal features to the ClauseBase server, which passes this information to the LLM. The LLM then replies with a newly drafted clause, which gets forwarded by the ClauseBase server to ClauseBuddy:

Other than those clauses and some administrative information (timestamp and size of the clauses), no information is retained.

Deep Compare

The will intelligently line up the active document with some other document that the user uploads. The user can then more easily see the legal differences between various clauses.

In practice, the data flow is as follows:

• The first document gets split into clauses and then each of those clauses is submitted to the LLM, together with the request to provide a summary of that clause. The LLM will then pass on the summaries to the ClauseBase-server, which on its turn will pass on the summaries to ClauseBuddy.

• Next, the same is done for the second document.

• ClauseBuddy will then take the individual summaries and pass them back to the LLM, with the request to perform a lineup in order to find matching summaries. The LLM then sends back the alignment data (e.g., "clause X of document 1 matches with clauses Y and Z of document 2") to the ClauseBase-server, which on its turn passes that data to ClauseBuddy.

Automatic filename for a clause

Users can instruct ClauseBuddy to automatically draft the filename of a clause, on the basis of a summary of the clause's contents, by clicking on the "Summary" button.

Alternatively, users can click on the "Keywords" button to draft a filename as a set of five keywords.

In both cases, no customer data other than the current clause's contents gets sent to the LLM, in the currently selected language.

Anonymisation of a clause's body

Users can instruct ClauseBuddy to automatically anonymise the body of a clause, to remove typical confidential data (e.g., customer names, addresses, etc.).

Only the body of the currently selected clause will be sent to the LLM; no other customer data gets sent.

Automatically determine attributes

ClauseBuddy can automatically guess relevant "attributes" (metadata) for each clause.

When the "Automatic" button gets clicked, the currently selected clause body, as well as the list of all potentially relevant but yet unused attributes, gets sent to the LLM. The LLM will then respond with a subset of relevant attributes.

Change clause in the library

Users can ask the LLM to redraft clauses stored within ClauseBuddy, by submitting a prompt.

• The current contents of that clause will then get sent to the LLM, along with the prompt.

• Optionally, users may also ask the LLM to automatically or semi-automatically adapt the terminology of the clause, so that it gets aligned with the terminology of the currently opened document in MS Word. In such case:

  • the currently opened document in MS Word will be sent to the ClauseBase platform, in order to extract the relevant terminology.

Document review

ClauseBuddy's full document review feature allows users to request the LLM to review their currently opened document, on the basis of the user's own reviewing rules.

When performing such review, the document's contents will obviously be sent to the LLM, together with the rule set selected by the user.

No involvement of an LLM

For the avoidance of doubt: in the following scenarios, no LLM is involved. Instead, only the ClauseBase server is involved:

PDF conversion

When PDF-files get uploaded to ClauseBuddy, they must be converted into DOCX, because ClauseBuddy and the ClauseBase-servers cannot handle PDF-files directly.

The PDF-conversions are sent to a dedicated OCR-server . This OCR-server will receive the PDF-file, convert it to DOCX and then immediately forget the result. Other than the timestamp, some internal UUID, the amount of pages processed (for licensing reasons) and the success/failure of the operation, this server does not retain any information about the PDF-document submitted to it.

If the conversion was successful, the PDF-server will send the resulting DOCX-file to the ClauseBase-server that instructed the conversion. That ClauseBase-server will then only store some administrative information (UUID, requesting customer, timestamp, number of pages) and forget the rest of the file, and subsequently pass on the DOCX-file to the end-user's ClauseBuddy instance.

Proofreading & definitions

When the currently opened document is being proofread, or its definitions are being analysed, the entire document gets sent to the ClauseBase server. As will be evident on the basis of the speed of the analysis (usually less than a few seconds for even a 50 page document), this does not currently involve the use of any LLM.

Semantic Search

Users can search within their currently opened Word-document for text that is semantically related to a search term.

The contents of the entire document gets sent to the ClauseBase platform for semantic analysis. The ClauseBase platform has its own local semantic vector database, so does not involve any third party LLM in this analysis.

Truffle Hunt text extraction

ClauseBuddy can automatically extract clauses from uploaded documents (DOCX, PDF or scans). Those documents get sent to the ClauseBase platform for clause extraction purposes, but — as will also be evident from the high speed of analysis — no LLM is involved.

AutoSuggest

ClauseBuddy's AutoSuggest feature will present clauses that are semantically related to the currently selected clause in the currently opened MS Word document.

ClauseBuddy will sent the currently selected paragraph to the ClauseBase platform for analysis and semantic search, but no LLM gets involved. (Also here, speed is one of the determining factors: the search results are usually presented in less than 0.3 seconds).

Smart Templates

ClauseBuddy's Smart Templates feature only makes use of LLMs for automatically generating questions & so-called "cards" on the basis of the cyan-highlighted text fragments inside of the DOCX file that got uploaded to ClauseBase's server.

In this situation, paragraphs that contain cyan highlights may get sent to the LLM. (Behind the scenes, ClauseBuddy chooses a set of paragraphs: if several paragraphs contain a certain cyan-highlighted identifier, then maximum two of them will ultimately get sent to the LLM, in order to not overload the LLM.)

Text comparisons

The Text Compare and Bulk Compare options do not make use of any LLM. They rely on traditional text comparison algorithms to compare the uploaded texts, executed on a ClauseBase-server.

The various other text comparison options available throughout ClauseBuddy preferably perform the text comparison within the embedded browser's memory. However, when the comparison is made against text selected in MS Word, that comparison gets sent to the ClauseBase-server, in order to use exactly the same algorithm as the algorithm that would get used when the user executes the Insert with changes command (which inserts new text into the opened MS Word file with "track changes").

Bulk Operations

The Bulk Operations module allows users to perform various operations in bulk, i.e. on many paragraphs and even many documents at once. Examples include extracting text, replacing headers or footers, concatenating DOCX-files into one PDF-file, etc.

Currently, none of the many available processing operations involve the use of an LLM. Instead, they are all executed locally by a ClauseBase-server.

Clause9 templates

The advanced full-document automation features of Clause9 currently only use LLMs for automatically creating the title of a clause on the basis of that clause's contents.

For completing a template, the use of an LLM does not make much sense, as this would be too slow and too unpredictable.

Updates

• 19 March 2025: added the Microsoft abuse monitoring exception

• 2 April 2025: significant updates to this page in order to reflect the recent changes made to ClauseBuddy (Doc Chat, Write & Rewrite, Summarise, Bulk Operations, PDF conversion, semantic vectorisation & reranking).