Tome Privacy & Confidentiality Policy
Your privacy is important to us. It is Tome's policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including across our website, www.tome.com, and other sites we own and operate. This privacy and confidentiality policy (the “Policy”) describes how we collect, store and use personal data and confidential information that you provide us, and provides information about your rights as a user.
This policy is effective as of September 30, 2022 and was last updated on May 8, 2023.
Information We Collect
Information we collect includes both (i) information you knowingly and actively provide us when using or participating in any of our services, which may include personally identifying or confidential information, and (ii) any information automatically sent by your devices in the course of accessing our products and services (collectively, “Information”).
Information We Collect About You
We collect several types of Information from and about our users, which may include one or more of the following:
- Personally identifying information such as first and last name, user name, e-mail address, physical address, telephone number, company name, role, professional history, and other identifiers by which you may be contacted online or offline;
- Information contained in the documents you provide to us; and
- Log and usage data.
Log and Usage Data
When you visit our website, our servers may automatically log the standard data provided by your web browser. It may include your device’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, other details about your visit, and technical details that occur in conjunction with any errors you may encounter.
Please be aware that while this Information may not be personally identifying by itself, it may be possible to combine it with other data to personally identify individual persons.
Legitimate Reasons for Processing Your Information
We collect and use your Information only when we have a legitimate reason for doing so. In which instance, we collect only Information that is reasonably necessary to provide our services to you.
Collection and Use of Your Information
We may collect Information from you when you do any of the following on our website:
- Sign up to receive updates from us via email or social media channels;
- Use a mobile device or web browser to access our content;
- Contact us via email, or on any similar technologies; or
- Upload documents to our system or send them to us via email.
We may collect, hold, use, and disclose this Information for the following purposes, although your Information will not be further processed in a manner that is incompatible with these purposes:
- To present, develop, improve, maintain and provide our website and its contents and services to you;
- To enable you to customize or personalize your experience of our website;
- To contact and communicate with you;
- For analytics, market research, and business development, including to operate and improve our website, associated applications, and associated social media platforms;
- For advertising and marketing, including to send you promotional information about our products and services and information about third parties that we consider may be of interest to you;
- To enable you to access and use our website, associated applications, and associated social media platforms;
- For internal record keeping and administrative purposes;
- To comply with our legal obligations and resolve any disputes that we may have; or
Please be aware that we may combine Information we collect about you with general Information or research data we receive from other trusted sources.
How We Protect Your Personal Data and Confidential Information
All documents uploaded to your Account are securely encrypted, stored in your Tome Vault only, and treated as confidential. Any Information that may be deemed confidential in your uploaded documents, including company names, investors names, investment terms, or specific numbers, is anonymized. Your Information is never sold to any third party and is only shared with third parties that are authorized to process your information and that are subject to written confidentiality agreements or are under an appropriate statutory obligation of confidentiality.
Your Tome Vault is only accessible by you, permitted account users (if you have an enterprise-level account), and authorized Tome employees. All authorized Tome employees follow internal policies and procedures designed to ensure that your Information is protected, including completing an annual security training and accessing your Information on secure devices only.
Tome will never sell your personal data or Information to any third party. The documents, including any confidential information contained therein, are used to generate your Tome Reports only. Further, Tome turns data derived from your documents into de-identified contract data or aggregate statistics. Anonymized data does not directly reference any specific customer, contract, or deal.
Tome uses machine learning to process your uploaded documents and to generate your Tome Reports. Our machine learning system primarily works by identifying similar contract language in thousands of anonymized, de-identified precedents. We continuously improve our systems both through research and development methods, and by training our systems on new precedents from aggregated, de-identified customer data. Your customer-specific models, if any, may only be trained on your confidential data with explicit consent. Otherwise, shared Tome AI models are trained only on anonymized data.
For further information on the specific security measures we are taking at Tome to ensure the safety and confidentiality of your personal data and uploaded documents, please reach out to us with any questions at email@example.com.
Security of Your Information
When we collect and process your Information, and while we retain this Information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use, or modification.
Although we will do our best to protect the Information you provide to us, we advise that no method of electronic transmission or storage is 100% secure, and no one can guarantee absolute data security.
You are responsible for selecting any password and its overall security strength, ensuring the security of your own Information within the bounds of our services.
How Long We Keep Your Information
We keep your Information only for as long as we need to. This time period may depend on what we are using your Information for, in accordance with this Policy. If your personal Information is no longer required, we will delete it or make it anonymous by removing all details that identify you.
However, if necessary, we may retain your Information for our compliance with a legal, accounting or reporting obligation, or for archiving purposes in the public interest, scientific, historical research or statistical purposes.
Disclosure of Information to Third Parties
We may disclose Information to:
- Third-party service providers for the purpose of enabling them to provide their services;
- Our employees, contractors, and/or related entities;
- Our existing or potential agents or business partners;
- Courts, tribunals, regulatory authorities, and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise, or defend our legal rights; or
- Third parties, including agents or sub-contractors, who assist us in providing information, products, services, or direct marketing.
Your Rights and Controlling Your Information
You always retain the right to withhold any Information from us, with the understanding that your experience of our website may be affected. We will not discriminate against you for exercising any of your rights over your Information. If you do provide us with Information, you understand that we will collect, hold, use and disclose it in accordance with this Policy. You retain the right to request details of any of the Information we hold about you.
If we receive Information about you from a third party, we will protect it as set out in this Policy. If you are a third party providing Information about somebody else, you represent and warrant that you have such person’s consent to provide the Information to us.
If you have previously agreed to your Information being used for direct marketing purposes, you may change your mind at any time. We will provide you with the ability to unsubscribe from our email database or opt out of communications. Please be aware we may need to request specific information from you to help us confirm your identity.
If you believe that any Information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us using the details provided in this Policy. We will take reasonable steps to correct any Information found to be inaccurate, incomplete, misleading, or out of date.
If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us at firstname.lastname@example.org and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.
We may use “cookies” to collect information about you and your activity across our site. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit, so we can understand how you use our site. This helps us serve you content based on preferences you have specified.
Limits of Our Policy
Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.
Changes to This Policy
At our discretion, we may change our Policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this Policy, we will post the changes here at the same link by which you are accessing this Policy.
For any questions or concerns regarding your privacy, you may contact us at email@example.com.