// Trust & Security Report

    ROSS Intelligence, Inc. logo

    ROSS Intelligence, Inc.

    AI-powered legal research platform (case law / statutes search) for law firms; also offered an academic-access tier. Company ceased commercial operations on January 31, 2021 after settlement/litigation costs from a Thomson Reuters copyright suit over Westlaw training data; the corporate website and legacy policy pages remain online but are not being maintained.

    Certifications held

    0

    Maturity

    Unknown

    Trains on your data

    Unknown

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 9 unconfirmed / not-held certifications
    SOC 2 (Type 1/2)
    NOT CONFIRMED

    No public evidence. No trust center or security page exists on rossintelligence.com; the privacy policy makes no mention of SOC 2.

    source: rossintelligence.com
    ISO 27001
    NOT CONFIRMED

    No public evidence. Not referenced anywhere on the vendor's site.

    source: rossintelligence.com
    HIPAA
    NOT CONFIRMED

    No public evidence. ROSS is a legal-research tool for law firms, not a healthcare product; no HIPAA claim is made anywhere on the site.

    source: rossintelligence.com
    GDPR (posture)
    NOT CONFIRMED

    Privacy policy discusses cross-border data transfer generally but does not name GDPR, a lawful-basis framework, or EU representative/DPO contact: "We take administrative, technical and physical measures to safeguard your Personal Information against unauthorized access." No GDPR-specific commitments (SCCs, EU rep, right-to-erasure workflow) are documented.

    source: rossintelligence.com
    PCI DSS
    NOT CONFIRMED

    No public evidence. Not referenced anywhere on the vendor's site.

    source: rossintelligence.com
    ISO 27017/27018/27701
    NOT CONFIRMED

    No public evidence.

    source: rossintelligence.com
    ISO/IEC 42001 (AI management)
    NOT CONFIRMED

    No public evidence. This standard postdates the company's 2021 operational shutdown.

    source: rossintelligence.com
    CSA STAR / CSA STAR AI
    NOT CONFIRMED

    No public evidence.

    source: rossintelligence.com
    FedRAMP
    NOT CONFIRMED

    No public evidence.

    source: rossintelligence.com

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Not offered

    Data region

    Not specified. Privacy policy references international data transfers in general terms but names no specific storage region or transfer mechanism (no SCCs, adequacy decision, or EU representative named).

    No public statement on whether customer research queries/documents were used to train ROSS's AI models, and no customer-facing opt-out is documented. Separately and materially: ROSS's underlying legal-AI model was itself found by a US federal court (Feb. 2025, Thomson Reuters v. ROSS Intelligence, D. Del.) to have been trained on Westlaw headnotes without a license, in a ruling that rejected ROSS's fair-use defense. This is a training-data provenance/IP issue about the vendor's own model, not a statement about customer data, but it is directly relevant to any AI-governance review of this vendor.

    // Security controls

    Encryption in transit

    Not documented. No mention of TLS/HTTPS or encryption anywhere on the vendor's public pages.

    rossintelligence.com

    Encryption at rest

    Not documented.

    rossintelligence.com

    General security commitment

    "We take administrative, technical and physical measures to safeguard your Personal Information against unauthorized access." The same policy also disclaims: "no website, platform or application is completely secure. We cannot guarantee that unauthorized access, hacking, data loss or breaches of its security will never occur."

    rossintelligence.com

    Trust center / security page

    None found. No dedicated security or trust page exists on rossintelligence.com or blog.rossintelligence.com.

    rossintelligence.com

    Operational status

    Company ceased active commercial operations on January 31, 2021, citing the cost of the Thomson Reuters litigation (independent reporting, not a vendor-domain statement). The corporate site is still reachable and its policy pages are still linked, but the privacy policy is dated August 4, 2020 and the About Us page footer reads "© ROSS Intelligence, Inc. 2014–2020", indicating the site has not been maintained since before the shutdown. Any security or compliance posture described below reflects a frozen, unmaintained snapshot, not an actively operated product.

    abajournal.com

    // Products & data scope

    ROSS legal research platformAI legal research (case law, statutes, regulations search) for law firms

    data: Law firm user accounts, search queries, and uploaded/researched legal documents per the general privacy policy (name, email, phone, username/password, payment info, areas of interest).

    Core commercial product; company is no longer operating/selling this product as of Jan 2021 per independent reporting.

    Academic AccessFree/discounted legal research access for students

    data: Same account data model as the commercial product.

    Listed on legacy marketing pages (rossintelligence.com/academic-access); status unverified given the company's 2021 shutdown.

    // What to watch

    • Company appears to have ceased commercial operations on January 31, 2021 (independent reporting) after a Thomson Reuters copyright lawsuit; the corporate website persists but is a stale/unmaintained snapshot (privacy policy dated Aug 2020, footer copyright reads 2014–2020). Listing this vendor as an active, purchasable AI tool without a clear "discontinued/defunct" caveat would mislead directory users.
    • No trust center, security page, or named compliance certifications anywhere on the vendor's own domain — all certs graded held=false on absence of evidence, consistent with a small/legacy vendor rather than an over-claim.
    • In Feb. 2025 a federal court (Thomson Reuters v. ROSS Intelligence, D. Del.) ruled ROSS infringed Thomson Reuters' Westlaw copyrights by using Westlaw headnotes to train its AI, rejecting the fair-use defense. This is an AI-training-data provenance/IP finding about the vendor's own model (not customer data) but is material to any AI-governance assessment and should be disclosed if this vendor is listed.
    • Identity check: evidence and all fetched pages consistently resolve to rossintelligence.com / www.rossintelligence.com / blog.rossintelligence.com, the same entity referenced in the Thomson Reuters litigation and press coverage. No conflation risk identified with a similarly named company (e.g., Rossum.ai, a document-processing vendor, appeared in search noise but was excluded).

    // At a glance

    Pricing model

    Not verifiable; legacy site lists a Pricing page but no current, confirmed pricing (company inactive since 2021).

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on ROSS Intelligence, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    rossintelligence.com

    > Browse all vendor trust reports