Privacy Policy
This policy explains what data we collect, how AI-assisted processing works, and how retention and deletion requests are handled.
Information We Collect
We collect account profile data, intake submission details, uploaded diligence documents, generated analysis outputs, and activity/audit logs required to operate and secure the platform.
How We Use Information
We use submitted data to deliver deal evaluation workflows, generate AI-assisted diligence outputs, maintain platform security, meet legal obligations, and provide status communications.
AI Processing and Model Controls
Confidential documents may be processed by enterprise AI providers strictly for diligence workflows. Submitted confidential data is not used to train or fine-tune foundation models.
AI-generated outputs are treated as confidential and governed by the same access restrictions as source materials.
Security Controls
Baseline safeguards include TLS 1.2+ in transit, AES-256 encryption in production data stores, role-based access controls, and audit logging for sensitive document actions. Subprocessors are expected to maintain equivalent enterprise security controls.
Retention, Return, and Deletion Rights
Data is retained only as needed for active diligence operations, legal obligations, and auditability. Subject to governing agreement and law, users may request return or deletion of source documents and related outputs. For access, correction, deletion, or return requests, contact privacy@droplight.io.