Terms & Conditions

Scope

These Terms & Conditions govern use of the CMIForge software service, including related hosting, storage, support, maintenance, and administrative functions. They are intended to describe the baseline relationship between CMIForge as the service provider and the subscribing customer as the controller or owner of customer-entered data.

Unless a separately negotiated agreement says otherwise, these terms apply to use of the hosted CMIForge application, support interactions, product maintenance, and the handling of customer data within the service.

Customer Data

The customer retains ownership of its customer data, including intake submissions, client records, matter records, party records, attachments, search history, workflow history, and user-entered content stored in CMIForge.

• CMIForge processes customer data only to provide, secure, maintain, support, and improve the service.
• Customer data is not treated as a product asset that CMIForge owns outright.
• Customer remains responsible for the legality, accuracy, and authorized use of the data it uploads or enters into the service.

No Sale Of Data

CMIForge does not sell customer data. CMIForge does not rent customer data, trade customer data for marketing benefit, or disclose customer data to third parties for their independent advertising or profiling purposes.

Disclosures made to hosting providers, storage providers, monitoring vendors, identity providers, support tools, backup tools, legal advisors, auditors, or other service providers acting on CMIForge's behalf are not considered a sale of customer data when used solely to operate the service.

Security

CMIForge will use commercially reasonable administrative, technical, and organizational safeguards designed to protect customer data from unauthorized access, use, alteration, or disclosure.

• Security measures may include role-based access controls, authentication controls, encryption in transit, environment separation, logging, patching, and access review practices.
• CMIForge may monitor service health, performance, errors, and security events for operational and protective purposes.
• No hosted service can guarantee absolute security, and the customer acknowledges that residual risk exists in all cloud-based systems.

Operational Access For Support And Maintenance

Authorized CMIForge personnel may access customer data when reasonably necessary to operate the service. That may include access for maintenance, troubleshooting, customer-requested support, migration work, bug diagnosis, performance tuning, backup verification, security investigation, abuse prevention, and legal compliance.

• Access should be limited to personnel with a legitimate business need.
• CMIForge should use reasonable efforts to limit the scope and duration of access to what is required for the operational task.
• Where practical, support and maintenance activity should prefer metadata, logs, configuration inspection, or least-privileged access before deeper content review.

If customer requests hands-on troubleshooting, the customer authorizes CMIForge to review relevant records, attachments, workflows, logs, or configuration needed to address the reported issue.

Cloud Providers And Subprocessors

CMIForge may use third-party infrastructure and service providers to deliver the platform, including hosting, database, storage, identity, email, telemetry, monitoring, and support tooling providers. In the current product shape, this may include Azure-based infrastructure and related cloud services.

• Such providers may process customer data only as needed to support the service.
• CMIForge remains responsible for managing those providers in a manner consistent with its service obligations.
• Customer understands that cloud operators and service vendors may technically have the ability to access underlying systems or stored data as part of infrastructure administration, incident response, or lawful process.

Retention And Deletion

Customer data will generally remain in the service until deleted by the customer, deleted by authorized workflow within the product, or removed according to termination, retention, or legal requirements.

• Backups, logs, cached copies, and disaster-recovery replicas may persist for a limited period after live deletion.
• CMIForge may retain limited operational records needed for billing history, security investigation, abuse prevention, legal obligations, or dispute resolution.
• Upon service termination, the parties should follow the applicable agreement for data export, deletion timing, and archival handling.

Confidentiality

CMIForge will treat non-public customer data as confidential information and will not disclose it except as required to provide the service, as authorized by the customer, as required by law, or as necessary to protect the service, its users, or the public.

Customer is responsible for deciding what information is appropriate to place into the platform and for configuring internal access rights within the service.

Acceptable Use

The customer may not use CMIForge in a manner that is unlawful, infringes rights, compromises service security, or attempts to bypass access controls. CMIForge may suspend or limit access where reasonably necessary to investigate security issues, prevent abuse, or comply with legal obligations.

Customer remains responsible for its own user conduct, local compliance obligations, and internal governance over the content entered into the platform.

Changes To Terms

CMIForge may revise these terms from time to time as the product matures, cloud architecture changes, security controls evolve, or legal requirements change. Material changes should be communicated through the service, release communications, or contract-update channels.

Last updated: June 16, 2026 · Product version 20260616.1