Privacy Policy

1. Introduction

ThirdProof.ai (“ThirdProof,” “we,” “us,” or “our”) is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our vendor risk intelligence platform and website at thirdproof.ai.

2. Information We Collect

Account Information: When you create an account, we collect your name, email address, organization name, and role.

Organization Data: We collect information about your organization including industry, size, compliance frameworks, and vendor risk program details that you provide during onboarding and platform use.

Investigation Data: When you submit a vendor investigation, we collect the vendor name, website, data access level, and investigation context you provide. We then query publicly available data sources on your behalf.

Usage Data: We automatically collect information about how you interact with our platform, including pages visited, features used, and timestamps.

3. How We Use Your Information

We use the information we collect to:

• Provide and maintain our vendor risk intelligence platform
• Conduct vendor investigations by querying publicly available data sources
• Generate risk reports tailored to your industry and compliance framework
• Improve our platform, including our AI synthesis and risk scoring models
• Communicate with you about your account, investigations, and platform updates
• Provide continuous monitoring alerts for your approved vendors

4. Data Sources

ThirdProof queries publicly available data sources to generate vendor risk assessments. These include sanctions databases, cyber risk scoring services, business registries, news archives, domain registrars, and other publicly accessible intelligence sources. We do not access private or confidential information about the vendors you investigate — all data is derived from public records and commercial APIs.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

• Service Providers: With third-party services that help us operate our platform (infrastructure, analytics, communication tools)
• AI Processing: We use Anthropic's Claude AI to synthesize investigation findings into risk narratives. Data sent to the AI model is limited to public vendor information and is not used to train AI models
• Legal Requirements: When required by law, regulation, or legal process
• Business Transfers: In connection with a merger, acquisition, or sale of assets

6. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS 1.3) and at rest, row-level security in our database, and regular security reviews. Our infrastructure is hosted on enterprise-grade cloud infrastructure with SOC 2 certified providers.

7. Data Retention

We retain your account data for as long as your account is active. Investigation data and reports are retained for the duration of your subscription and for 90 days after account closure, after which they are permanently deleted. You may request deletion of your data at any time by contacting us.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict processing of your data
• Data portability
• Withdraw consent where processing is based on consent

9. Cookies and Tracking

We use essential cookies required for authentication and platform functionality. We do not use third-party advertising cookies. We may use analytics tools to understand platform usage patterns.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and updating the “Last updated” date.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at privacy@thirdproof.ai.