Our commitment to keeping
your data safe and secure
Our Company and Product
DiligenceVault is a response to the investment management industry’s complex, manually intensive and information heavy due diligence processes. Data security and data privacy compliance is integral part of our offering that empowers institutional and wealth investors and asset managers worldwide, enabling them to effortlessly navigate the due diligence complexities of ETFs, Mutual Funds, Hedge Funds, and Private Markets strategies.
DiligenceVault’s product and services are accessible through user-friendly web-based platform, robust application programming interfaces (APIs), and seamless extensions.
Security & Data Privacy Compliance
Security Operations Center (SOC-2)
Our SOC 2 certificate assures clients of our stringent security measures, validating our commitment to protecting sensitive data and maintaining the highest standards of information security.
International Organization for Standardization (ISO)
Our ISO 27001 certificate demonstrates our unwavering dedication to information security management. With a robust framework in place, we prioritize the protection of your organization.
General Data Protection Regulation (GDPR)
We are dedicated to GDPR compliance and provide various data portability and management tools. Dive deeper by reaching out to us and gaining access to review our certificate and Data Processing Agreement.
Connect with us to request our data security overview, data privacy compliance documents, control reports and certificates, and security DDQ.Connect with Us
Security & Data Privacy Architecture
A secure and purpose-built product architecture leverages industry best practices and is designed with controls at each layer of data access
DiligenceVault’s application controls include:
Independent penetration testing
ISO 27001 and SOC 2 Type II compliance
Secure coding standards
System updates and patches
USER ACCESS CONTROLS
DiligenceVault’s advanced access controls include:
Advanced password criteria
IP Address whitelisting
DATA SECURITY & PRIVACY CONTROLS
DiligenceVault’s data protection controls include:
Business continuity and disaster recovery framework
Confidentiality of your data
Encryption in transit and at rest
SOC 2 Type II certified data centers and sub-processor
Well-documented incident response plan
DiligenceVault Privacy Standards
Frequently Asked Questions
DiligenceVault’s clients are the controller. DiligenceVault is the data processor.
A user’s email address, name, and IP address are personal data that are required by DiligenceVault for account creation and account security. These are the categories of PII which is processed by DiligenceVault. In addition, our clients may retain phone # and other personal data on the platform.
The data and documents added to the platform are owned by DiligenceVault clients and the users who enter the data. DiligenceVault does not monetize or sell your data.
No, full stop. We do not sell or share client and user content (data and documents) even after it is anonymized. This is against our business model and one of the reasons why DiligenceVault has the largest adoption in the industry.
Your submission is only viewed by members of your firms subject to internal permissions, as well as the firms with which you have shared the data or document. No one else can see your information.
For any data deletion requests, please contact email@example.com and we will coordinate a data deletion in partnership with the DiligenceVault client who invited you to the platform.
Yes, DiligenceVault has clients with headquarters in five EU countries, Switzerland, and the UK. DiligenceVault also has users in over 40 EU countries.
The CLOUD Act amends U.S. law to make clear that law enforcement may compel U.S.-based service providers to disclose data that is in their “possession, custody, or control” regardless of where the data is located. This law, however, does not change any of the legal and privacy protections that previously applied to law enforcement requests for data, and those protections continue to apply. DiligenceVault adheres to the same principles and customer commitments related to government demands for user data.
Please note that DiligenceVault has never received legal demands for customer data, and has never shared this data with anyone other than the customer who owns the data.
Will DiligenceVault notify its customers when law enforcement or another governmental entity requests their data?
Yes. DiligenceVault will give prior notice to its customers of any third-party requests for their data, except where prohibited by law.
DiligenceVault is only available as a SaaS platform which is a universal platform for all users globally. This single implementation creates a central diligence network across all users eliminating duplication and friction of responding to multiple portals for asset managers, and provides the highest quality of data to investor clients.
No, DiligenceVault is not available as a white-labeled solution for the reasons mentioned above. This ensures that we minimize the friction of multiple portals and duplication of diligence efforts while maintaining efficient reuse of data and the overall industry adoption.