Legal
Privacy Policy
This Privacy Policy describes how Diligenco, Inc. ("Diligenco," "we," "us," or "our") collects, uses, and protects information about you when you use our platform and services. We take your privacy seriously, particularly given the sensitive nature of the financial documents our customers share with us.
1. Information We Collect
We collect information you provide directly to us when you create an account, use our platform, communicate with our team, or request support. This includes account registration data such as your name, work email address, firm name, role, and any other information you choose to provide during onboarding.
Our platform is designed for the analysis of financial documents. When you upload files to Diligenco — including confidential information memoranda (CIMs), financial statements, Excel workbooks, management presentations, legal agreements, and other deal-related materials — we collect and process those documents in order to deliver our services. These documents may contain highly sensitive financial, operational, and personal data about companies and individuals. We treat all uploaded documents as strictly confidential.
We also collect usage data about how you interact with the platform: which features you use, how often, the sequence of actions taken during a session, error events, and performance metrics. This data is collected in aggregate and at the individual session level for purposes described in this Policy.
Technical data is collected automatically when you access Diligenco, including your IP address, browser type and version, operating system, device identifiers, referral URLs, and session timestamps. This data helps us maintain platform security, diagnose technical issues, and understand how the platform is being accessed.
2. How We Use Your Information
The primary purpose for which we use your information is to provide, operate, and improve the Diligenco platform. This means using your account data to authenticate you, using your uploaded documents to perform the analytical functions you have requested, and using usage data to ensure the platform operates as intended.
We use AI and machine learning models to process uploaded documents as part of our core service. When you upload a document and request an analysis, your document data is transmitted to our processing infrastructure and, in some cases, to third-party AI model providers operating under strict data processing agreements. This processing is described in more detail in the AI Processing Disclosure section below.
We may use aggregated, de-identified usage data to improve the quality of our analytical outputs, identify areas where the platform underperforms, and prioritize product development. We do not use individual users' uploaded documents to train AI models without explicit, affirmative consent.
We use your contact information to send you transactional communications related to your account — confirmations, alerts, product updates relevant to your subscription, and support responses. We will not send you unsolicited marketing communications without your consent, and you may opt out of non-essential communications at any time.
We may use your information to detect and prevent fraud, abuse, and security incidents; to comply with applicable laws and regulations; and to enforce our Terms of Service.
3. AI Processing Disclosure
Diligenco's analytical capabilities are powered in part by large language models and other AI systems. When you upload a document and request an analysis, relevant portions of that document — or structured data extracted from it — may be transmitted to one or more third-party AI model providers in order to complete the requested analysis. These providers operate under contractual obligations that prohibit the use of your data for training their models.
Uploaded documents and the data derived from them are processed ephemerally for the purpose of generating analytical outputs. We do not retain the raw content of your documents in AI model provider systems beyond the duration of a single inference request. Once a request is complete, the input data is not stored by our AI processing infrastructure.
The structured outputs that Diligenco generates from your documents — financial summaries, extracted metrics, flagged risk items, and similar outputs — are stored on your behalf within your account so that you can access and refer to them over time. This storage is governed by our document retention practices described in the next section.
We make no representations that AI-generated outputs are free from error. All analytical outputs produced by Diligenco should be independently reviewed by a qualified professional before being used as the basis for any investment decision. The platform is a tool to assist and accelerate analysis, not a substitute for human judgment.
4. Document Storage and Retention
Documents you upload to Diligenco are stored on encrypted cloud infrastructure for as long as your account remains active or until you delete them. You retain full control over your uploaded files: you may delete individual documents, entire deal workspaces, or all documents associated with your account at any time from within the platform.
When you delete a document, it is marked for deletion and removed from active storage within 30 days. Backup copies maintained for disaster recovery purposes are purged on a rolling 90-day schedule. After that window, deleted documents are no longer recoverable.
If your subscription lapses or your account is terminated, we will retain your data for a period of 60 days to allow for account reactivation or data export. After that period, your account data and uploaded documents will be automatically and permanently deleted. We will notify you via the email address associated with your account before initiating this purge.
Certain metadata — such as the names of files that were uploaded and the dates on which analysis was performed — may be retained for longer periods for internal audit and compliance purposes, even after the underlying document content has been deleted. This metadata does not include the substantive contents of your deal documents.
6. Third-Party Services
Diligenco relies on a carefully selected set of third-party service providers to deliver our platform. These include AI model providers that power our analytical capabilities, cloud infrastructure providers that host our platform and store your data, authentication services that manage secure login, and analytics providers that help us understand platform usage.
All third-party providers with access to your data are bound by data processing agreements that restrict their ability to use your data for purposes other than providing the services they have been engaged to provide. We select providers based on their security practices and their contractual willingness to treat customer data with the same confidentiality we commit to in this Policy.
We do not sell your personal information to third parties. We do not share your uploaded documents with third parties except as necessary to deliver the analytical services you have requested, or as required by law. In the event that we are required by law, court order, or governmental authority to disclose information, we will notify you to the extent permitted by law prior to making any disclosure.
If Diligenco is acquired, merged with another company, or undergoes a change of control, your information may be transferred to the acquiring entity as part of that transaction. In such an event, we will notify you via email and provide you with an opportunity to delete your account and data before the transfer is completed.
7. Data Security
We take the security of your data seriously, particularly given that our customers routinely upload highly sensitive financial documents. We implement technical and organizational measures designed to protect your information against unauthorized access, alteration, disclosure, or destruction.
All data transmitted between your browser and our platform is encrypted in transit using TLS. Data stored on our infrastructure — including uploaded documents, extracted data, and account information — is encrypted at rest using industry-standard encryption. Access to production systems and customer data is restricted to a small number of authorized personnel and is governed by role-based access controls and audit logging.
We conduct regular reviews of our security practices and infrastructure configurations. Our team follows established security engineering practices including dependency management, vulnerability scanning, and incident response planning. In the event of a confirmed data breach that affects your personal information, we will notify you and applicable regulatory authorities as required by law.
No method of transmission over the internet or method of electronic storage is 100% secure. While we work hard to protect your information, we cannot guarantee absolute security. We encourage you to use a strong, unique password for your Diligenco account and to contact us immediately at privacy@diligen.co if you believe your account has been compromised.
8. User Rights
You have meaningful rights with respect to the personal information we hold about you. These rights include the right to access the personal information we hold about your account; the right to correct inaccurate information; the right to request deletion of your personal information and uploaded documents; and the right to receive a copy of your data in a portable, machine-readable format.
You may exercise most of these rights directly within the Diligenco platform. Your account settings allow you to update your profile information, delete individual documents or entire workspaces, and export your account data. For requests that cannot be fulfilled through the platform interface, you may contact us at privacy@diligen.co and we will respond within 30 days.
If you are located in a jurisdiction that provides specific data protection rights — such as the right to object to processing, the right to restriction of processing, or rights under the GDPR or CCPA — you may exercise those rights by contacting us at the address below. We will assess each request in accordance with applicable law and respond within the timeframe required by that law.
We will not discriminate against you for exercising any of these rights. If you choose to delete your account and data, we will process that request promptly and confirm completion in writing.
9. International Data Transfers
Diligenco is based in the United States, and our primary infrastructure is located in US-based data centers. If you access the platform from outside the United States, your information — including uploaded documents — will be transferred to, stored, and processed in the United States.
United States data protection laws may differ from those in your country of residence. By using the Diligenco platform, you acknowledge that your information will be processed in the United States in accordance with this Privacy Policy and applicable US law. If you have questions about how we handle cross-border data transfers or if your organization has specific requirements regarding data residency, please contact us at privacy@diligen.co to discuss available options.
10. Children's Privacy
The Diligenco platform is intended exclusively for use by professionals engaged in private market investment activity. It is not directed at individuals under the age of 18, and we do not knowingly collect personal information from anyone under 18 years of age.
If we become aware that we have inadvertently collected personal information from a person under 18, we will take prompt steps to delete that information from our systems. If you believe we may have collected information from a minor, please contact us at privacy@diligen.co.
11. Changes to This Policy
We may update this Privacy Policy from time to time as our practices evolve, as we add new features to the platform, or as applicable law changes. When we make material changes to this Policy, we will notify you by sending an email to the address associated with your account and by displaying a prominent notice within the platform at least 14 days before the changes take effect.
The "last updated" date at the top of this Policy indicates when it was most recently revised. We encourage you to review this Policy periodically to stay informed about how we handle your information. Your continued use of the platform after the effective date of any changes constitutes your acceptance of the updated Policy.
For material changes that significantly affect how we use your personal information or uploaded documents, we will seek your affirmative consent before applying those changes to information we have already collected.
12. Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact our privacy team at:
Diligenco, Inc.
Privacy Team: privacy@diligen.co
We aim to respond to all privacy-related inquiries within 5 business days. For time-sensitive matters, such as suspected unauthorized access to your account, please indicate the urgency in the subject line of your message.