Legal

Privacy Policy

Draft · June 2026 · pending legal review

This is a working draft prepared as a starting point. It is not legal advice and has not been finalized by counsel. Language, scope, and obligations will be reviewed and revised before this policy takes effect.

11River is a suite of legal technology tools built by 11Insight (together, "11River," "we," "us"). Our products serve law firms, claims administrators, and the teams that run legal notice, class action and mass tort settlements, claims processing, settlement distribution, and restructuring matters. This policy explains what information we handle, why, and the choices you have.

1. Our two roles

Because of the industry we serve, it helps to separate two situations:

When we act as a service provider (processor). When a customer uses 11River to administer a matter, they may upload or generate information about claimants, class members, and cases. We process that information on the customer's behalf and under their instructions. The customer is responsible for that information as the controller, and their own privacy notice governs how it is collected from individuals.
When we act for ourselves (controller). For account registration, billing, support, and improving our products, we decide how and why information is used. This policy primarily describes that activity.

2. Information we collect

Information you give us

Account and organization details: name, work email, firm or organization, role, and login credentials managed through our identity provider.
Billing details processed through our payment provider. We do not store full card numbers.
Support requests and any information you choose to include in them.

Matter and case content

Documents, dockets, notes, claim records, distribution models, and related material that you upload or create in the product. This may include personal information about claimants and class members where a customer chooses to process it through 11River.

Information collected automatically

Usage and device data such as pages visited, features used, browser type, approximate location derived from IP address, and timestamps.
Cookies and similar technologies used to keep you signed in, remember preferences, and understand product usage.

3. How we use information

To provide, maintain, and secure the suite and the specific tools you use.
To authenticate users, enforce access controls, and keep organizations separated from one another.
To process payments and manage subscriptions.
To respond to support requests and communicate about the service.
To monitor for abuse, troubleshoot, and improve performance and reliability.
To meet legal and regulatory obligations.

We do not sell personal information.

4. Artificial intelligence

Several tools use AI to summarize documents, draft text, answer questions, and model outcomes. To do this, relevant content may be sent to trusted model providers that process it on our behalf. We do not permit that content to be used to train third party public models. AI output can be wrong or incomplete and is intended to support, not replace, professional judgment. Customers remain responsible for reviewing AI assisted work before relying on it.

5. How we share information

Service providers (subprocessors) that host our infrastructure, manage identity and authentication, process payments, deliver email, and provide AI model capabilities. They may access information only as needed to perform their function.
Within your organization, according to the roles and permissions your administrators configure.
Legal and safety reasons, such as complying with a valid legal request or protecting our rights, users, or the public.
Business transfers, if 11River is involved in a merger, acquisition, or sale of assets, subject to this policy.

A current list of subprocessors is available on request and will be linked here when finalized.

6. Data retention

We keep information for as long as an account is active and as needed to provide the service, then for a reasonable period afterward to meet legal, accounting, and dispute resolution needs. Customers can request export or deletion of their workspace data, subject to legal holds and obligations that may apply to litigation and settlement records.

7. Security

We use technical and organizational safeguards to protect information, including encryption in transit and at rest, role based access controls, and separation between organizations. See our Security page for more detail. No system is perfectly secure, and we cannot guarantee absolute security.

8. Your rights and choices

Depending on where you live, you may have rights to access, correct, delete, or port your personal information, to object to or restrict certain processing, and to withdraw consent. Where 11River acts as a service provider, please direct these requests to the customer that controls the relevant data, and we will assist them. You can reach us using the contact details below, and we will respond consistent with applicable law, including the GDPR and the CCPA and CPRA where they apply.

9. International transfers

We may process information in the United States and other countries. Where required, we use appropriate safeguards for cross border transfers.

10. Children

The suite is built for professional and business use and is not directed to children. We do not knowingly collect personal information from children.

11. Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the date above and, where appropriate, provide additional notice.

12. Contact us

11River, an 11Insight company. Las Vegas, Nevada and Huntington Beach, California.
Privacy questions: privacy@11river.app