Updated November 30th, 2021
Effective December 30th, 2021
DiligenceVault is a digital diligence platform that provides investors, asset managers and portfolio companies with the tools to centralize, streamline and digitize their due diligence processes and data.
At Diligence Vault, our mission is your mission. Our customers’ trust and partnership are very important to us.
This Policy also discusses your rights with respect to your information. As you use and interact with DiligenceVault’s Websites, Products, and Services, we process information from and about you in order to provide access to our Products and Services, an enhanced experience, and support. That means that we collect, use, transmit, store, share, and erase your information.
When we talk about “DiligenceVault,” “we,” “our,” or “us” in this policy, we are referring to Diligence Vault Corp., the company which provides the Services. When we talk about the “Services” in this policy, we are referring to our digital diligence platform. Our Services are currently available for use via a web browser.
Information We Collect and Receive
- Customer Data
Content and information submitted by users to the Service is referred to in this policy as “Customer Data.” As further explained below, Customer Data is controlled by the organization or other third party that created the diligence project (the “Customer”). Where DiligenceVault collects or processes Customer Data, it does so on behalf of a Customer.
If you join the platform and create an account, you are a “User”. If you are using the Service by invitation of a Customer, whether that Customer is your employer, another organization, or an individual, that Customer determines its own policies regarding storage, access, modification, deletion, sharing, and retention of Customer Data which may apply to your use of the Service. Please check with the Customer about the policies and settings it has in place.
For Customer Data, DiligenceVault is the processor/service provider (a provider that processes personal data on behalf of or at the direction of a controller, or other similar designation under the law) and our Customer (usually a company or organization) is the controller/business (the entity that decides how and why information is processed) of the information provided to DiligenceVault via use of DiligenceVault.
- Other Information
DiligenceVault may also collect and receive the following information, where DiligenceVault is the controller of the information.:
- Account creation information:
Information needed to create your account could include identifiers, such as first and last name and email address, your password for DiligenceVault, and information related to a third-party authentication identity provider, such as Google Authenticator
- Billing and other information:
For Customers that purchase a paid version of the Service, our corporate affiliates and our third party payment processors may collect and store billing address and credit card information on our behalf or we may do this ourselves.
- Services usage information:
This is information about how you are accessing and using the Service, which may include administrative and support communications with us and information about the diligence requests, people, features, content, and links you interact with, and the third party integrations you use (if any).
- Log data:
When you use the Service our servers automatically record information, including information that your browser sends whenever you visit a website. This log data may include your Internet Protocol address, the address of the web page you visited before using the Service, your browser type and settings, the date and time of your use of the Service, information about your browser configuration and plug-ins, language preferences, and cookie data.
- Device information:
We may collect information about the device on which you are using the Service, including the type of device, the operating system, device settings, application IDs, unique device identifiers, and crash data. Whether we collect some or all of this information often depends on the type of device you are using and its settings.
How We Use Your Information
We use your information to provide and improve the Service.
- Customer Data
DiligenceVault may access and use Customer Data as reasonably necessary and in accordance with Customer’s instructions to (a) provide, maintain and improve the Service; (b) to prevent or address service, security, technical issues or at a Customer’s request in connection with customer support matters; (c) as required by law and (d) as set forth in our agreement with the Customer or as expressly permitted in writing by the Customer.
Customer provides us with instructions on what to do with Customer Data. A Customer has many choices and control over Customer Data. For example, Customer may provision or deprovision access to the Service, enable or disable third party integrations, manage permissions, retention and export settings. These choices and instructions may result in the access, use, disclosure, modification or deletion of certain or all Customer Data.
- Other Information
We use other kinds of information in providing the Service. Specifically:
- To understand and improve our Service:
We carry out research and analyze trends to better understand how users are using the Service and improve them.
- To communicate with you by
- Responding to your requests:
If you contact us with a problem or question, we will use your information to respond.
- Sending emails:
We may send you Service and administrative emails and messages. We may also contact you to inform you about changes in our Service, our Service offerings, and important Service related notices, such as security and fraud notices. These emails and messages are considered part of the Service and you may not opt out of them. In addition, we sometimes send emails about new product features or other news about DiligenceVault. You can opt out of these at any time.
- Responding to your requests:
- Billing and account management:
We use account data to administer accounts and keep track of billing and payments.
- Communicating with you and marketing:
We often need to contact you for invoicing, account management, product updates, and other business reasons. We may also use your contact information for our own marketing or advertising purposes. You can opt out of these at any time.
- Investigating and preventing bad stuff from happening:
We work hard to keep the Service secure and to prevent abuse and fraud.
- To understand and improve our Service:
- This policy is not intended to place any limits on what we do with data that is aggregated and/or de-identified so it is no longer associated with an identifiable User or Customer of the Service.
Sharing and Disclosure
DiligenceVault may share information as follows:
- About you with the Customer:
There may be times when you contact DiligenceVault to help resolve an issue specific to a diligence project of which you are a respondent. In order to help resolve the issue and given our relationship with our Customer, we may share your concern with our Customer.
- With third party service providers and agents:
DiligenceVault does not disclose your personal information to third parties, except as described in this policy. We may engage third party companies or individuals, such as third party payment processors, to process information on our behalf. Please know that DiligenceVault will not sell your personal information.
- In the event of Business Transfers. If the ownership of all or substantially all of our business changes, or all or some of our assets are sold as part of a bankruptcy or other proceeding, we may transfer your information to the new owner so that the services can continue to operate. In such case, your information would remain subject to the promises and commitments contained in this Privacy Statement until the acquiring party updates it. If such transfer is subject to additional mandatory restrictions under applicable laws or agreements, DiligenceVault will comply with those restrictions.
Other Types of Disclosure
DiligenceVault may share or disclose Customer Data and other information as follows:
- To comply with laws:
To comply with legal or regulatory requirements and to respond to lawful requests, court orders and legal process.
- To enforce our rights, prevent fraud and for safety:
To protect and defend the rights, property, or safety of us or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud.
We may disclose or use aggregate or de-identified information. For example, we may share aggregated or de-identified information for business or research purposes like computing diligence workflow statistics, or partnering with research firms or academics to explore interesting questions about diligence trends.
DiligenceVault takes security seriously. We take various steps to protect information you provide to us from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the information we collect, process and store, and the current state of technology. We limit access to your personal information to authorized DiligenceVault employees or agents and, as described above in Disclosures of Your Personal Information to Third Parties, our service providers are held to stringent standards of privacy. We also maintain physical, electronic and procedural safeguards to protect the information against loss, misuse, damage or modification and unauthorized access or disclosure. Some of the other central features of our information security program are:
- The CISO designs, implements and provides oversight to our information security program
- The use of multiple layers of protection including use of firewalls and multi-factor controls
- Testing of the security and operability of platform as well as ongoing vulnerability management
- Internal and independent review of our security measures
- Monitoring of our systems infrastructure to detect weaknesses and potential intrusions
- Implementing controls to identify, authenticate and authorize access to various systems or sites
- Protecting information during transmission and at rest through various means including encryption
We will retain your information for the period necessary to fulfill the purposes outlined in this Privacy Statement, to make our Services available to you, or as instructed by you, unless a longer retention period is required or permitted by law.
We may change this policy from time to time, and if we do we will post any changes on this page. If you continue to use the Services after those changes are in effect, you agree to the revised policy.
DiligenceVault 1230 Avenue of the Americas, 15th Fl, New York, NY 10020