Legal
Privacy Policy
Last updated: April 19, 2026
1. What we collect
Account data: name, email, hashed password, role within each workspace.
Workspace data: company name, cap table records, financial statements, valuation inputs and outputs, narrative content, uploaded documents, audit-trail metadata.
Usage data: pages visited, actions taken, IP address, browser user-agent, timestamps. Used to operate the Service, debug issues, and prevent abuse.
Workspace data: company name, cap table records, financial statements, valuation inputs and outputs, narrative content, uploaded documents, audit-trail metadata.
Usage data: pages visited, actions taken, IP address, browser user-agent, timestamps. Used to operate the Service, debug issues, and prevent abuse.
2. How we use it
We use your data to (a) provide and improve the Service, (b) authenticate you, (c) send transactional emails (verification, password reset, review notifications), (d) comply with legal obligations, and (e) protect the security of the Service. We do not use your workspace data for advertising and we do not sell it.
3. AI processing
Some features (e.g. narrative generation, peer benchmarking suggestions) call AI models hosted by our infrastructure provider. Inputs sent to these models are not used to train third-party foundation models and are not retained by the model provider beyond the request.
4. Subprocessors
We use a small number of trusted infrastructure providers to host the database, send emails, and process AI requests. A current list is available on request from privacy@projectdiamond.example. All subprocessors are bound by data protection terms at least as protective as this policy.
5. Security
All data is encrypted in transit (TLS 1.2+) and at rest. Workspace data is isolated using row-level security on the database layer. Access by our personnel is restricted and audit-logged. Passwords are hashed and we screen new passwords against known breach databases.
6. Retention
Workspace data is retained for as long as your subscription is active. On account closure, workspace data is available for export for 30 days, then permanently deleted within 90 days unless legal obligations require longer retention. Audit logs may be retained longer where required by law.
7. Your rights
Depending on your jurisdiction (including under GDPR and CCPA), you may have rights to access, correct, delete, or export your personal data, and to object to certain processing. To exercise these rights, email privacy@projectdiamond.example.
8. International transfers
Your data may be processed in jurisdictions other than your own. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.
9. Cookies
We use strictly necessary cookies for authentication and session management. We do not use third-party advertising or tracking cookies on the application surface.
10. Changes
We will notify you of material changes by email or in-app notice. Continued use after the effective date constitutes acceptance.
11. Contact
Privacy questions: email privacy@projectdiamond.example or visit our contact page.