Diligent Path

Legal

Privacy Policy

Last updated: April 22, 2026

Draft — Review with counsel before launch. This policy is a working template, customized for our stack and use case, but not yet reviewed by legal counsel. Final version pending attorney review.

1. Introduction

Diligent Path ("we," "us," "our") provides AI-powered due-diligence software for business buyers. This policy explains what personal and deal-related information we collect, how we use it, and the choices you have.

2. Information we collect

Account information

When you create an account, we collect your name, email address, company, and authentication credentials (via Clerk, our identity provider). We may collect billing information (credit card, address) via Stripe when you subscribe.

Deal content

You and invited sellers upload documents, notes, and Q&A into deal workspaces. This content is your proprietary information and is treated as confidential.

Usage data

We collect limited usage telemetry (page views, feature usage, errors) to improve the product. We do not track you across other websites.

3. How we use information

  • To provide and improve the Diligent Path service
  • To process payments and manage subscriptions
  • To authenticate users and prevent abuse
  • To send transactional emails (deal updates, seller invites, billing receipts)
  • To send product updates (with an unsubscribe option in every email)
  • To comply with legal obligations

4. AI and your documents

Documents and deal content are processed by AI models to power features like document analysis, red-flag detection, and Q&A generation. Key commitments:

  • No training on your data. Your documents are never used to train AI models — not ours, not our AI providers'.
  • Ephemeral analysis. AI processing runs in short-lived contexts. Documents are not retained by AI providers after analysis.
  • Tenant isolation. Each customer's data is isolated. No cross-tenant access, no shared context.

5. Third-party services

We use the following sub-processors to operate the service:

  • AWS — hosting and storage (US data centers)
  • Anthropic — AI model provider, under enterprise terms that prohibit training on customer data
  • Clerk — authentication and user management
  • Stripe — payment processing
  • Resend — transactional email delivery
  • Railway & Netlify — application hosting

6. Data sharing

We do not sell personal data. We share data with sub-processors (above) solely to operate the service, and may disclose data when legally compelled (subpoena, court order). We will notify you of any such request unless prohibited by law.

7. Data retention and deletion

Deal data is retained according to your subscription plan (Starter: 1 year; Professional: 5 years). On cancellation, you retain read-only access and export rights for 30 days. After 30 days, data is purged from active systems. Encrypted backups are retained 90 additional days for compliance, then permanently deleted.

8. Your rights

Depending on your jurisdiction (including GDPR and CCPA), you have rights to access, correct, delete, or export your personal data. Contact privacy@diligentpath.com to exercise these rights. We respond within 30 days.

9. Security

We encrypt data in transit (TLS 1.3) and at rest (AES-256). Access to production systems is restricted via SSO and role-based controls. We're pursuing SOC 2 Type II certification; our Security page has full details.

10. Children

Diligent Path is not intended for users under 18. We do not knowingly collect data from minors.

11. International users

Data is stored in the United States. By using Diligent Path, you consent to the transfer and processing of your information in the US. EU customers on Enterprise plans may request EU data residency.

12. Changes to this policy

We may update this policy over time. Material changes will be announced via email and on this page at least 30 days before taking effect.

13. Contact

Privacy questions: privacy@diligentpath.com
General: hello@diligentpath.com