Thistle
Product Philosophy Field Notes Trust Get Started

Master Subscription Agreement

Last Updated: July 1, 2026

This Master Subscription Agreement governs access to and use of Thistle by the customer identified in an order form, online checkout flow, written proposal, or other ordering document that references this Agreement.

This Agreement is between Thistle Software LLC, a Michigan limited liability company (“Thistle”), and the customer identified in the applicable Order Form (“Customer”).

Contents

  1. 1. Definitions
  2. 2. Agreement Structure
  3. 3. Access and Use
  4. 4. Account Administration
  5. 5. Fees, Billing, and Taxes
  6. 6. Term, Renewal, and Termination
  7. 7. Customer Data
  8. 8. Confidentiality
  9. 9. Privacy and Data Processing
  10. 10. Security
  11. 11. Legal Practice Responsibilities
  12. 12. AI and Automation Features
  13. 13. Integrations and Third-Party Services
  14. 14. Support, Maintenance, and Updates
  15. 15. Availability and Force Majeure
  16. 16. Warranties and Disclaimers
  17. 17. Limitation of Liability
  18. 18. Indemnification
  19. 19. Compliance and Legal Process
  20. 20. Intellectual Property and Feedback
  21. 21. Publicity
  22. 22. Changes to this Agreement
  23. 23. Assignment
  24. 24. Governing Law and Venue
  25. 25. Notices
  26. 26. Miscellaneous

1. Definitions

1.1 “Agreement” means this Master Subscription Agreement, together with each applicable Order Form and any policy, exhibit, or addendum expressly incorporated by reference.

1.2 “Authorized User” means an attorney, employee, contractor, administrator, or other internal user whom Customer permits to access the Services under Customer’s account.

1.3 “Client User” means a client or other external person whom Customer invites to access client-facing features of the Services, including a client portal.

1.4 “Confidential Information” means non-public information disclosed by or on behalf of one party to the other that is designated confidential or that reasonably should be understood to be confidential given its nature and the circumstances of disclosure. Confidential Information includes Customer Data and the non-public aspects of the Services.

Confidential Information does not include information that the receiving party can show: (a) is or becomes public without breach of this Agreement; (b) was already known without restriction before disclosure; (c) was independently developed without use of the disclosing party’s Confidential Information; or (d) was lawfully received from a third party without a duty of confidentiality.

1.5 “Customer Data” means all data, content, documents, messages, notes, matter information, contact information, billing information, calendar information, task information, client information, and other materials submitted to, stored in, transmitted through, or processed by the Services on behalf of Customer or its users.

1.6 “Effective Date” means the date Customer first accepts an Order Form, creates a paid account, begins a paid subscription, or otherwise begins using the Services under an ordering process that references this Agreement.

1.7 “Fees” means the subscription fees and other charges stated in the applicable Order Form.

1.8 “Order Form” means an ordering document, written proposal, online checkout flow, or other acceptance process that identifies Customer, the subscribed Services, the subscription term, the paid seat quantity if applicable, and the Fees.

1.9 “Security Overview” means Thistle’s public security page or other security documentation made available by Thistle that describes Thistle’s then-current security practices.

1.10 “Services” means Thistle’s hosted software-as-a-service platform, including the web application, related documentation, updates, and any Thistle-provided APIs or client-facing features made available to Customer.

1.11 “Subscription Term” means the initial term and any renewal term stated in the applicable Order Form.

2. Agreement Structure

2.1 Each Order Form is governed by this Agreement.

2.2 If there is a conflict among documents, the following order controls, but only to the extent of the conflict: (a) the applicable Order Form; (b) any executed data processing addendum; (c) this Agreement; and (d) any incorporated policy or exhibit.

2.3 An Order Form may modify this Agreement only if it expressly states that it is modifying this Agreement.

3. Access and Use

3.1 Subject to Customer’s payment of Fees and compliance with this Agreement, Thistle grants Customer a limited, non-exclusive, non-transferable, non-sublicensable right during the Subscription Term to access and use the Services for Customer’s internal law firm or legal-services operations.

3.2 Customer may permit Authorized Users to access the Services up to the number of paid seats stated in the applicable Order Form.

3.3 Client Users may access only client-facing areas of the Services. Client Users do not count as paid seats unless the Order Form expressly states otherwise.

3.4 Customer is responsible for all activity under its account, including activity by Authorized Users, Client Users, administrators, contractors, and any person using Customer-issued credentials.

3.5 Shared accounts are not recommended. If Customer permits more than one person to use the same login, Customer accepts the resulting reduction in security, auditability, attribution, and permission control. Customer remains responsible for all activity through any shared account.

3.6 Customer and its users may not:

  1. access or use the Services except as permitted by this Agreement;
  2. sell, resell, rent, lease, sublicense, or provide the Services to a third party, except for Client User access expressly permitted by this Agreement;
  3. reverse engineer, decompile, disassemble, or attempt to derive source code or underlying architecture, except to the extent such restriction is prohibited by law;
  4. bypass, disable, or interfere with security, authentication, permissions, or access controls;
  5. conduct penetration testing, vulnerability scanning, load testing, or security testing without Thistle’s prior written consent;
  6. upload malware, ransomware, malicious code, or unlawful content;
  7. use the Services to violate court rules, professional obligations, lawful orders, or third-party rights;
  8. use the Services in a way that disrupts, burdens, or harms the Services or other customers;
  9. scrape, crawl, harvest, or extract data from the Services except through intended functionality;
  10. use the Services for high-risk activities where failure could lead to death, personal injury, physical property damage, emergency-service failure, or operation of critical infrastructure; or
  11. remove proprietary notices from the Services or documentation.

3.7 Thistle reserves all rights not expressly granted.

4. Account Administration

4.1 Customer will designate one or more administrators. Administrators may configure account settings, manage users, assign roles and permissions, invite Client Users, and manage available integrations.

4.2 Customer is responsible for provisioning users, assigning appropriate permissions, maintaining accurate user information, and promptly disabling access for anyone who no longer requires access.

4.3 Customer is responsible for protecting credentials and devices used to access the Services. Customer will promptly notify Thistle of suspected unauthorized access involving Customer’s account.

4.4 The Services may include logs or activity history. Thistle does not guarantee that all activity will be logged, that logs will be complete, or that logs will be retained for any particular period unless an Order Form expressly says so.

4.5 Any onboarding, migration, configuration, or import assistance provided by Thistle will be described in the applicable Order Form or support policy. Customer remains responsible for verifying the accuracy and completeness of Customer Data after onboarding, migration, configuration, or import.

5. Fees, Billing, and Taxes

5.1 Customer will pay the Fees stated in the applicable Order Form.

5.2 Unless the Order Form states otherwise, subscription Fees are billed in advance.

5.3 Customer authorizes Thistle or its payment processor to charge the payment method provided by Customer for amounts due.

5.4 Unless the Order Form states otherwise, Fees are not prorated. Seat changes take effect at the beginning of the next billing cycle.

5.5 If Customer exceeds its paid seat quantity, Thistle may allow temporary continued access as a grace period. During that period, Customer must either reduce usage to the paid seat quantity or purchase additional seats.

5.6 Amounts not paid when due may accrue interest at the lesser of 1.5% per month or the maximum rate permitted by law.

5.7 Thistle may suspend access for nonpayment after reasonable notice. Where practical, Thistle will use reasonable efforts to avoid unnecessary disruption to Customer’s access to Customer Data during a good-faith payment dispute.

5.8 Fees are exclusive of taxes. Customer is responsible for sales, use, VAT, GST, and similar taxes, excluding taxes based on Thistle’s net income.

5.9 Thistle may use third-party payment processors. Thistle does not store full payment card information except as handled by its payment processor.

6. Term, Renewal, and Termination

6.1 This Agreement begins on the Effective Date and continues until all Order Forms have expired or been terminated.

6.2 Each Order Form begins on the start date stated in the Order Form and continues for the stated Subscription Term.

6.3 Unless the Order Form says otherwise, each subscription renews automatically for successive terms of the same length unless either party gives notice of non-renewal at least thirty days before the end of the then-current term.

6.4 Either party may terminate an Order Form for material breach if the breaching party does not cure the breach within thirty days after written notice. For nonpayment, the cure period is ten days.

6.5 Unless the Order Form permits earlier cancellation, Customer may terminate only by giving timely notice of non-renewal.

6.6 Upon expiration or termination: (a) Customer’s right to access the Services ends; (b) Customer remains responsible for Fees owed through the end of the applicable term; and (c) each party must return or destroy Confidential Information as required by this Agreement, subject to ordinary backup, legal, accounting, and compliance retention.

7. Customer Data

7.1 Customer owns Customer Data. Thistle does not acquire ownership of Customer Data.

7.2 Customer instructs Thistle to host, process, transmit, display, back up, and otherwise handle Customer Data as necessary to provide, secure, support, maintain, and improve the Services.

7.3 Thistle personnel may access Customer Data only as reasonably necessary to provide support, maintain or secure the Services, comply with law, investigate abuse, prevent harm, or enforce this Agreement.

7.4 Customer is responsible for the accuracy, quality, legality, and appropriateness of Customer Data, including deadlines, matter information, client information, billing entries, notes, documents, and communications.

7.5 During the Subscription Term, Customer may export Customer Data using available export functionality.

7.6 For thirty days after expiration or termination, Thistle will make Customer Data reasonably available for export using Thistle’s standard export process. Thistle may condition custom export assistance or extraordinary support on payment of undisputed amounts owed, but Thistle will not intentionally withhold reasonably accessible Customer Data solely to pressure payment.

7.7 After the export period, Thistle may delete Customer Data from production systems within a commercially reasonable period, unless retention is required for legal, security, backup, dispute-resolution, accounting, or compliance purposes.

7.8 Backup copies may persist for a limited period under Thistle’s ordinary backup and disaster-recovery practices.

8. Confidentiality

8.1 The receiving party will use the disclosing party’s Confidential Information only to perform under this Agreement.

8.2 The receiving party will protect Confidential Information using reasonable care and at least the same care it uses for its own similar information.

8.3 The receiving party will disclose Confidential Information only to personnel, contractors, advisors, service providers, or agents who need to know it and are subject to confidentiality obligations.

8.4 If the receiving party is legally required to disclose Confidential Information, it will, to the extent legally permitted, give prompt notice and reasonably cooperate with efforts to limit disclosure or obtain protective treatment.

8.5 Unauthorized use or disclosure of Confidential Information may cause irreparable harm. The disclosing party may seek injunctive relief without posting bond, in addition to any other available remedies.

9. Privacy and Data Processing

9.1 Each party will comply with applicable privacy and data protection laws.

9.2 Customer is responsible for determining whether and how it may use the Services with personal information, confidential client information, privileged information, or regulated information.

9.3 Customer is responsible for providing required notices and obtaining required consents from clients, personnel, and other individuals whose information is processed through the Services.

9.4 To the extent Thistle processes personal data on behalf of Customer under an applicable privacy law, the parties will comply with Thistle’s data processing addendum if one is provided or executed.

9.5 Thistle may use subprocessors to provide the Services. Thistle remains responsible for its subprocessors’ performance to the extent required by applicable law and any applicable data processing addendum.

10. Security

10.1 Thistle will maintain commercially reasonable administrative, technical, and physical safeguards designed to protect Customer Data against unauthorized access, disclosure, alteration, and destruction.

10.2 Thistle’s security practices are described in its then-current Security Overview. The Security Overview is intended to explain Thistle’s security posture in practical terms and may be updated as Thistle’s infrastructure, controls, vendors, and practices mature.

10.3 Without limiting the general obligation in Section 10.1, Thistle’s safeguards may include, as applicable: encrypted HTTPS access; tenant-separated data; authenticated accounts; role-based permissions; separated staff and client portal access; protected document upload and storage workflows; backup and recovery practices; restricted administrative access; security-relevant logging; patching; vulnerability management; and incident response procedures.

10.4 Thistle may modify its security architecture, hosting configuration, subprocessors, storage systems, backup practices, or technical controls from time to time, provided that Thistle does not materially reduce the overall security of the Services during an active Subscription Term.

10.5 Thistle will notify Customer without undue delay after confirming a breach of security that results in unauthorized access to Customer Data. Initial notice may be limited if the investigation is ongoing, but Thistle will provide additional information as it becomes reasonably available.

10.6 Customer is responsible for the security of its own devices, networks, browsers, email accounts, passwords, personnel practices, downloaded files, exports, and user permissions. Customer is also responsible for promptly disabling access for users who no longer need access.

10.7 No hosted software system can be guaranteed to be completely secure, uninterrupted, or error-free.

11. Legal Practice Responsibilities

11.1 Thistle is not a law firm and does not provide legal advice.

11.2 The Services are case management, productivity, communication, billing, and administrative tools. They do not replace professional judgment.

11.3 Customer is solely responsible for legal work, legal advice, court filings, deadlines, calendaring decisions, supervision of personnel, conflicts checks, client communications, trust-account obligations, billing compliance, and compliance with rules of professional conduct.

11.4 Customer is responsible for verifying the accuracy of all dates, deadlines, messages, invoices, documents, task lists, reports, and other information in or generated through the Services.

12. AI and Automation Features

12.1 If Thistle offers AI-assisted or automation features, those features are optional unless the Order Form states otherwise.

12.2 Thistle will not use Customer Data to train generalized models for other customers without Customer’s express opt-in consent.

12.3 Customer is responsible for human review of AI-assisted or automated outputs.

12.4 Customer may not rely solely on AI-assisted or automated outputs for legal conclusions, filings, deadlines, client advice, or professional obligations.

13. Integrations and Third-Party Services

13.1 The Services may integrate with third-party services such as email, calendar, payment processing, SMS, e-signature, document storage, or other tools.

13.2 Customer’s use of third-party services is governed by the third party’s terms and policies.

13.3 Thistle is not responsible for third-party services, third-party outages, third-party data handling, or changes made by third-party providers.

13.4 Customer authorizes Thistle to exchange Customer Data with third-party services enabled by Customer or its administrators.

14. Support, Maintenance, and Updates

14.1 Thistle will provide support as described in the applicable Order Form or support policy.

14.2 Thistle may update, modify, improve, or discontinue features from time to time.

14.3 Thistle will use commercially reasonable efforts to avoid materially reducing core functionality during an active Subscription Term.

14.4 Thistle may perform scheduled or emergency maintenance. Thistle will use reasonable efforts to provide advance notice of scheduled maintenance that is expected to materially affect availability.

15. Availability and Force Majeure

15.1 Thistle will use commercially reasonable efforts to make the Services available, excluding downtime caused by maintenance, third-party providers, internet failures, Customer systems, misuse, unauthorized access, security incidents, or events beyond Thistle’s reasonable control.

15.2 Neither party is liable for delay or failure caused by events beyond its reasonable control, including natural disasters, acts of government, labor disputes, internet or hosting failures, denial-of-service attacks, war, terrorism, civil unrest, utility failures, or failures of third-party providers.

16. Warranties and Disclaimers

16.1 Thistle warrants that the Services will materially conform to Thistle’s published documentation under normal use during the Subscription Term.

16.2 Customer’s exclusive remedy for breach of Section 16.1 is for Thistle to use commercially reasonable efforts to correct the nonconformity. If Thistle cannot reasonably correct it, either party may terminate the affected Order Form, and Thistle will refund prepaid Fees for the unused portion of the terminated term.

16.3 Except as expressly stated in this Agreement, the Services are provided “as is” and “as available.”

16.4 Thistle disclaims all implied warranties, including implied warranties of merchantability, fitness for a particular purpose, title, and non-infringement.

16.5 Beta, preview, experimental, or pre-release features are provided “as is,” may be changed or withdrawn at any time, and are excluded from any service warranty.

17. Limitation of Liability

17.1 Except for Excluded Claims and Enhanced Cap Claims, each party’s total liability arising out of or related to this Agreement will not exceed the Fees paid or payable by Customer under the applicable Order Form during the twelve months before the event giving rise to liability.

17.2 For Enhanced Cap Claims, each party’s total liability arising out of or related to this Agreement will not exceed the greater of: (a) two times the Fees paid or payable by Customer under the applicable Order Form during the twelve months before the event giving rise to liability; or (b) $25,000.

17.3 Except for Excluded Claims, neither party will be liable for indirect, incidental, special, consequential, exemplary, or punitive damages, or for lost profits, lost revenue, business interruption, loss of goodwill, or loss of data, even if advised of the possibility.

17.4 “Enhanced Cap Claims” means claims arising from: (a) a party’s breach of Section 8, Confidentiality; or (b) Thistle’s breach of Section 10, Security.

17.5 “Excluded Claims” means: (a) Customer’s payment obligations; (b) Customer’s breach of Section 3.6; (c) either party’s misuse of the other party’s intellectual property; and (d) indemnity obligations under Section 18.

17.6 The limitations in this Section apply to the maximum extent permitted by law, regardless of the legal theory of liability.

18. Indemnification

18.1 Thistle will defend Customer against a third-party claim alleging that the Services, as provided by Thistle and used as permitted by this Agreement, infringe a U.S. copyright, trademark, or trade secret right. Thistle will pay damages finally awarded by a court or settlement amounts approved by Thistle.

18.2 Thistle’s indemnity does not apply to claims arising from: (a) Customer Data; (b) Customer’s modification of the Services; (c) use of the Services with third-party products or services not provided by Thistle; (d) use after Thistle provides a non-infringing alternative; or (e) use in violation of this Agreement.

18.3 If an infringement claim is made or appears likely, Thistle may modify the Services, procure rights to continue using them, replace the affected functionality, or terminate the affected Services and refund prepaid Fees for the unused portion of the term. This is Customer’s exclusive remedy for infringement claims.

18.4 Customer will defend Thistle against third-party claims arising from: (a) Customer Data; (b) Customer’s or its users’ use of the Services in violation of this Agreement or law; (c) Customer’s legal services, professional obligations, client relationships, or court filings; or (d) Customer’s violation of third-party rights. Customer will pay damages finally awarded by a court or settlement amounts approved by Customer.

18.5 The indemnified party must promptly notify the indemnifying party, reasonably cooperate, and allow the indemnifying party to control the defense and settlement. The indemnifying party may not settle a claim in a way that admits fault or imposes non-monetary obligations on the indemnified party without prior written consent.

19. Compliance and Legal Process

19.1 Customer will use the Services in compliance with applicable laws, rules, court orders, professional obligations, and client engagement terms.

19.2 Customer will not use the Services for unlawful, deceptive, abusive, infringing, or high-risk activities.

19.3 Thistle will respond to valid legal process as required by law. To the extent legally permitted, Thistle will provide Customer notice of legal requests seeking Customer Data and reasonably cooperate with Customer’s efforts to seek protective treatment.

19.4 Customer is responsible for preserving Customer Data when preservation is required by law, court order, professional obligation, or client instruction. Thistle is not responsible for identifying, applying, or managing legal holds unless an Order Form expressly says otherwise.

20. Intellectual Property and Feedback

20.1 Thistle owns and retains all right, title, and interest in the Services, software, documentation, interfaces, designs, workflows, know-how, and related intellectual property.

20.2 Customer owns Customer Data.

20.3 If Customer provides suggestions, comments, ideas, or feedback, Thistle may use them without restriction, compensation, or obligation, provided Thistle does not disclose Customer’s Confidential Information.

21. Publicity

21.1 Thistle may identify Customer as a customer only with Customer’s prior written consent.

21.2 Customer may revoke publicity consent prospectively by written notice.

22. Changes to this Agreement

22.1 Thistle may update this Agreement from time to time.

22.2 Updated terms will not materially reduce Customer’s rights during an active Subscription Term unless required by law, required for security, or accepted by Customer.

22.3 Updated terms will apply to renewal terms and new Order Forms.

23. Assignment

23.1 Customer may not assign this Agreement without Thistle’s prior written consent, except to an affiliate or in connection with a merger, reorganization, or sale of substantially all assets, provided the assignee agrees to be bound by this Agreement.

23.2 Thistle may assign this Agreement in connection with a merger, acquisition, reorganization, sale of substantially all assets, or transfer of the Services.

24. Governing Law and Venue

24.1 This Agreement is governed by the laws of the State of Michigan, excluding conflict-of-laws rules.

24.2 The state and federal courts located in or serving Bay County, Michigan will have exclusive jurisdiction over disputes arising out of or related to this Agreement, and each party consents to that jurisdiction and venue.

24.3 Either party may seek injunctive relief for unauthorized use of the Services, misuse of intellectual property, or breach of confidentiality in any court of competent jurisdiction.

25. Notices

25.1 Notices must be in writing and will be deemed given: (a) when delivered personally; (b) one business day after being sent by nationally recognized overnight courier; or (c) when sent by email to the notice address stated in the Order Form.

25.2 Notices of breach, termination, indemnity claims, or legal process must also be sent by overnight courier or certified mail to the physical notice address stated in the Order Form.

25.3 Thistle’s default notice email is michael@thistleltd.com unless an Order Form states otherwise.

25.4 Thistle’s default physical notice address is:

Thistle Software LLC
4900 Monteray Drive
Midland, Michigan 48642
United States

26. Miscellaneous

26.1 This Agreement is the entire agreement between the parties regarding the Services and supersedes prior or contemporaneous agreements on that subject.

26.2 If any provision is unenforceable, the remaining provisions remain in effect.

26.3 A waiver must be in writing and signed by the waiving party.

26.4 Neither party is an agent, partner, joint venturer, or fiduciary of the other.

26.5 Headings are for convenience only.

26.6 This Agreement may be accepted electronically. Electronic acceptance has the same effect as a signed writing.

26.7 Sections that by their nature should survive termination will survive, including payment obligations, confidentiality, data export and deletion provisions, intellectual property, disclaimers, limitations of liability, indemnities, governing law, venue, and notices.

Thistle

The system that quietly runs small-to-mid-sized firms.

Product

Overview Billing Client Portal

Company

Philosophy Field Notes Access

Trust

Overview Security Privacy Terms Changelog
© Thistle Software LLC. All rights reserved.
Filed. Tracked. Handled.