AI for Document Insights


Today's privacy and security regulations are constantly changing across different regions, making it difficult for your team to keep up. As a privacy or security reviewer, you need to find ways to work quickly and efficiently, without sacrificing thoroughness. This ensures new features from your product development teams can launch on time.

An inevitable and important aspect of the review process is manual document review. Working with external vendors often means reviewing lengthy legal and compliance documents, like contracts, data processing agreements, and SOC 2 reports.

TerraTrue's AI helps you review documents faster by summarizing key points and identifying potential issues. This acts as a valuable check alongside your manual review. The AI Insights lead to:

Efficiency through minimizing human error and  ensuring critical information isn't missed. Through AI scanning of documents, users can distill potential risks and see areas of concern quickly, speeding up your review process and freeing up valuable time to anticipate and mitigate potential threats.

Productivity and cost reduction achieved through the automated synthesis of insights and exceptions. This helps your teams reclaim time wasted on repetitive tasks, instead allowing them to focus on higher-value activities like developing strategic risk-reduction plans. The information extracted can be used across multiple workflows and audits, significantly reducing operational burden and eliminating the inefficiency in reviewing the same documents repeatedly.

Accuracy and better risk management through identifying relevant information such as exceptions, expiration dates, and data types. This leads to more accurate results that lead to better informed decision-making. 

Enabling TerraTrue AI

A TerraTrue Administrator in your org can navigate to Org Settings > AI Settings and turn the toggle switch “Enable Document Insights” on. That is all you need to get started!

When enabled, TerraTrue AI will do the following:

1. Automatically scans document attachments associated directly with a launch, a third party profile, or in file attachment question responses of a launch creation workflow, launch summary workflow, Data Spec, privacy assessment or a third party assessment.

2. If the scanned documents are detected to be any of the following, then TerraTrue will attempt to generate AI insights from the document.

  • Service Organization Control Reports (SOC-2, SOC-1, or SOC-3)
  • Contracts
    • Data Processing Addendum documents (DPA)
    • Standard Contractual Agreements (SCC)

After enabling the capability, TerraTrue will scan matching documents that were added in the last 90 days. Completing the scan of this backlog can take a few hours. Also, any new uploaded document attachment will trigger the AI scan described, if the document type matches what we currently support. The scan happens automatically after the document is uploaded and if it is detected to be free of malware.

Daily Limit

Your org will have a limit of up to 75 scanned documents per day. Please contact your Customer Success Manager if you are interested in exceeding this limit. This daily limit does not apply to the catch-up processing of previously uploaded documents.


The user uploading a document does not have to wait for the AI Insights to display. Whenever the AI Insights for any document are ready, an in-app notification will be sent to relevant users, informing them that the AI Insights are available.

The following recipients will be automatically notified:

Location of the Attachment Recepients
 Launch User who uploaded the attachment, Launch Manager, members of the review teams.
 Third Party Profile Third Party Manager
Launch Summary and Creation Workflows Workflow Respondent, Launch Manager,, members of the review teams.
 Data Spec Data Spec respondent, members of the review teams.
Privacy Assessment Workflows Assessment respondent, Privacy Manager, , members of the review teams.
Third Party Assessments Third Party Manager, Third Party Assessment Viewer


Viewing the AI Insights

1. The floating, overlay “AI Insights” button on the launch or Third Party profile provides access to the document insights.

Clicking on this button slides in an “AI Insights” panel that has a brief summary of every document that has insights. If there are multiple document attachments, you can scan the summaries across the multiple documents. Clicking on any one summary leads to a display of more detailed AI Insights for that specific document.


2. If documents are attached directly to the launch, once generated, the AI Insights are also available from clicking on the document, right in the Attachment subsection in the right column of the Launch summary page. This will show the insights for that document.



3. If documents are attached to the Third Party, AI Insights are also available from clicking on the document, right in the Attachment tab of the Third Party Profile. This will show the insights for that document.



If an AI Insight for the document exists, beside the name of the document, we present a yellow TerraTrue AI Insights icon. Clicking on this icon slides in an AI Insights panel for this document.


This panel displays:

  • The date the insights were extracted.
  • The automatically detected type of the document
  • A summarization of the document
  • A generated analysis that depends on the type of the document.

Every section has a copy icon to conveniently copy the text for reuse via paste in the application or elsewhere.

At the bottom of the panel, you can provide us feedback on whether you found the generated Insights useful or not and provide additional written feedback. Our Customer Success team is receptive to all feedback received and we will use it to improve the results and usefulness of the AI scan over time.

Summarization and Insights Provided

SOC-2 Report Documents

We identify SOC-2 report documents if the name of the uploaded file matches any of the following patterns (case insensitive):

  • soc1, soc-1
  • soc2, soc-2
  • soc3, soc-3
  • service organization control

For example, all these file names will match and get scanned: “Company SOC 2 Type 2 2023.pdf”, “Company-SOC-2-Type-II-report.pdf”, “Company-Inc-Customer-Service-Platform-SOC-2-FINAL.pdf”

For the SOC-2 reports, these are the top level details provided by TerraTrue AI:

  • The name of the company reviewed in the report
  • The report period and scope
  • Whether the report includes additional trust criteria or frameworks such as Privacy or HIPPA.
  • The infrastructure – whether self-hosted or not from a large provider such as AWS, Azure, or GCP.
  • An auditor's  opinion

Further insights might include what kind of SOC audit the report is and if it is qualified, any disclaimers of interest, details on backup, encryption, incidents, subprocessors etc.


We identify Contract documents if the name of the uploaded file matches any of the following patterns (case insensitive):

  • dpa
  • data processing
  • data processing policy
  • contract
  • scc
  • standard contractual
  • agreement
  • renewal

For example, all these file names will match and get scanned: “CompanyX-Data-Processing-Addendum.pdf”, “company dpa 2020.pdf”, “Company Data Processing Addendum (April 2018 v2)”, “Company-Data-Processing-Agreement.pdf”

For Contracts, these are the top level details provided by TerraTrue AI:

  • The name of the company that provided the document
  • The effective period of the contract, including an expiration date
  • The type of document this is
  • Who signed this document

Further insights might include information on data subjects, data transfer, the purpose of processing, the role of subprocessors etc.


  1. Does TerraTrue train models used for AI Insights using customer attachment data?

    TerraTrue prioritizes your privacy. We never use customer attachment data to train our models. Data extracted from the documents you attach is solely for your use.
  2. What AI Insights content or attachment data does TerraTrue share with other customers

    Attachment insights are never shared with other customers. They're stored securely in the same cloud environment as your other data, ensuring robust protection.
  1. What is the data retention policy for this information?

    Attachment Insights are available for as long as you keep the attachments themselves in the system.

  2. Who has access to the AI-generated content?

    Your organization’s users have access to AI-generated content data in line with current access controls surrounding attachments and their related entities. 


Was this article helpful?
1 out of 1 found this helpful