Privacy Policy

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, firm name, job title, and authentication credentials managed through Auth0. If you sign in via SSO, we receive profile information from your identity provider.

1.2 Diligence Data

We process documents, data room files, and information from connected integrations (CRMs, code repositories, financial systems, HR platforms) that you explicitly authorize. This data is used solely to generate diligence findings within your workspace.

1.3 Usage & Analytics

We collect anonymized usage data including pages visited, features used, agent runs triggered, and performance metrics to improve the platform. We do not sell or share this data with third parties for advertising purposes.

1.4 Technical Data

We automatically collect IP addresses, browser type, device information, and access timestamps for security monitoring and fraud prevention.

2. How We Use Your Information

• To provide, operate, and maintain the RunDD platform
• To process diligence workstreams using AI agents on your behalf
• To authenticate users and enforce access controls
• To send transactional communications (findings, alerts, reports)
• To improve platform performance, reliability, and features
• To comply with legal obligations and prevent fraud

3. Data Isolation & Multi-Tenancy

Each client organization receives a dedicated PostgreSQL database schema and vector database namespace. Your diligence data is logically and cryptographically isolated from other tenants. We never commingle client data across organizations, and our AI agents only access data within your authorized workspace.

4. Data Sharing & Third Parties

We do not sell your personal information or diligence data. We share data only with:

• Infrastructure providers (AWS, Vercel) for hosting and compute — under strict data processing agreements
• AI model providers (Anthropic, OpenAI) for inference — data is not used for model training and is subject to zero-retention agreements
• Auth0 for identity and access management
• Legal or regulatory authorities when required by law, subpoena, or to protect our rights

5. Data Retention

Diligence project data is retained according to your workspace's configured retention policy (90, 180, or 365 days). Account information is retained for as long as your account is active. You may request deletion of your data at any time by contacting privacy@rundd.ai.

6. Security

We implement industry-standard security measures including AES-256 encryption at rest, TLS 1.3 encryption in transit, SOC 2 Type II certified controls, regular penetration testing, and role-based access controls. See our Security page for details.

7. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or port your personal data, restrict or object to processing, and withdraw consent. To exercise any of these rights, contact us at privacy@rundd.ai.

8. International Data Transfers

RunDD processes data in the United States and European Union. For transfers from the EEA/UK, we rely on Standard Contractual Clauses and appropriate safeguards under GDPR. Enterprise customers may request region-specific data residency.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and by posting the updated policy on this page with a revised “Last updated” date.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at: