Proof Diligence Privacy Policy

This Privacy Policy explains how Proof Diligence Ltd ("we", "us", "our") collects, uses, and protects your information when you use our platform. We are committed to GDPR compliance and protecting user privacy.

1. Data Controller

Proof Diligence Ltd is the data controller for the personal data processed through our platform. Contact: info@proofdiligence.com.

2. What Data We Collect

Account Data

Name and email address (for account creation)
Company or fund name (optional)

Business Data Submitted by Startups

When a startup is invited for evaluation, they may voluntarily submit:

Pitch decks and business plans
Financial models and projections
Code repository access (read-only)
Go-to-market strategy documents
Data room documents (legal agreements, cap tables, IP documentation)
Founder professional profiles (publicly available information)
Company registration details

What We Do NOT Collect

We do not collect, request, or process:

Personal identity documents (passports, national IDs, driver's licenses)
Social security or tax identification numbers of individuals
Biometric data
Personal bank account or credit card details of individuals
Health or medical information
Criminal records
Any special category data under GDPR Article 9

All data we process is business-related information voluntarily provided by users.

Technical Data

IP address and browser type (for security and analytics)
Usage data (pages visited, features used)
Authentication data (login sessions)

3. Legal Basis for Processing (GDPR)

We process data based on the following legal bases:

Contract performance - processing necessary to provide our service (Article 6(1)(b))
Legitimate interest - analytics and platform improvement (Article 6(1)(f))
Consent - marketing emails, where applicable (Article 6(1)(a))

4. How We Use Your Data

To provide due diligence analysis and reports
To communicate with you about your account and reports
To improve our platform and analysis quality
To send service-related notifications
To comply with legal obligations

We do NOT:

Sell your data to third parties
Share startup data between different investors
Use startup materials for any purpose other than the requested evaluation
Process data for automated decision-making that produces legal effects

5. Data Sharing

We share data only in these limited cases:

With the requesting investor - the diligence report is shared with the investor who requested it
With the evaluated startup - startups receive their own assessment report
Service providers - we use Supabase (database hosting) and Resend (email delivery), both GDPR-compliant
Legal requirements - if required by law or court order

We do not share data with advertisers, data brokers, or any other third parties.

6. Data Security

All data is encrypted at rest and in transit (TLS/SSL)
Access to startup materials is restricted to authorized personnel only
We use role-based access controls
Regular security reviews of our infrastructure

7. Data Retention

Account data - retained while your account is active, deleted within 30 days of account closure
Startup materials - retained for the duration of the evaluation, then for up to 12 months for reference. Startups can request earlier deletion.
Diligence reports - retained for up to 24 months for the investor's reference
Technical logs - retained for up to 90 days

8. Your Rights (GDPR)

Under GDPR, you have the right to:

Access - request a copy of your personal data
Rectification - correct inaccurate data
Erasure - request deletion of your data ("right to be forgotten")
Restriction - restrict processing of your data
Portability - receive your data in a portable format
Object - object to processing based on legitimate interest
Withdraw consent - withdraw consent for marketing communications at any time

To exercise any of these rights, contact us at info@proofdiligence.com. We will respond within 30 days.

9. Cookies

We use essential cookies for authentication and session management. See our Cookie Policy for details.

10. International Transfers

Our servers are hosted within the EU/EEA. If data is transferred outside the EEA, we ensure appropriate safeguards are in place (Standard Contractual Clauses or adequacy decisions).

11. Children

Our platform is not intended for individuals under 18. We do not knowingly collect data from minors.

12. Changes to This Policy

We may update this policy from time to time. We will notify registered users of material changes via email.

13. Contact and Complaints

For privacy questions or to exercise your rights: info@proofdiligence.com

If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO).