Privacy Policy

Last updated: January 13, 2026

1. Introduction

Welcome to Dilimatic ("we," "our," or "us"). Dilimatic is a product operated by Kobalgo Inc., a company committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our due diligence analysis platform.

All references to "we," "us," or "our" in this Privacy Policy refer to Kobalgo Inc. By using Dilimatic, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

  • Account Information: Email address, name, and authentication credentials (managed by Clerk)
  • Usage Data: IP address, browser type, device information, access times
  • Payment Information: Billing details (processed securely by our payment provider)

2.2 Files and Documents

When you upload documents for analysis, we collect and process:

  • Document contents (encrypted at rest using AES-256-GCM)
  • File metadata (filename, size, type, upload timestamp)
  • Analysis results and AI-generated reports
  • Company names and analysis parameters you provide

2.3 Automatically Collected Information

We automatically collect:

  • Log data (timestamps, API calls, errors)
  • Audit logs (who accessed what, when, from where)
  • Performance metrics (processing times, token usage)

3. How We Use Your Information

We use your information to:

  • Provide, operate, and maintain our AI analysis service
  • Process your documents and generate due diligence reports
  • Manage your account and subscription
  • Send you service updates, security alerts, and administrative messages
  • Improve our service through usage analysis
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations and enforce our Terms of Service

4. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: All files encrypted at rest (AES-256-GCM) and in transit (HTTPS/TLS 1.3)
  • Access Control: Row-level security ensures users can only access their own data
  • Authentication: Secure login via Clerk with optional two-factor authentication
  • Audit Logging: All access and modifications are logged with IP addresses and timestamps
  • Rate Limiting: Protection against abuse (3 uploads/5min, 10/hour, 50/day)
  • Regular Backups: Daily automated backups with 7-day retention

5. Third-Party Service Providers

We use trusted third-party services that are SOC 2 Type II certified:

  • Anthropic: AI analysis engine (does not use your data for training)
  • Supabase: Database and file storage (encrypted at rest)
  • Clerk: Authentication and user management
  • Vercel: Hosting and infrastructure

These providers have access only to data necessary to perform their functions and are obligated to maintain confidentiality.

6. Data Retention

We retain your data as follows:

  • Active Accounts: Data retained while your account is active
  • Account Deletion: All data permanently deleted within 30 days of account deletion
  • Backup Copies: Deleted from backups within 90 days
  • Audit Logs: Retained for 12 months for security and compliance purposes

7. Your Privacy Rights

Under GDPR and similar laws, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Data Portability: Receive your data in a machine-readable format
  • Restriction: Request limitation of data processing
  • Objection: Object to processing of your data
  • Withdraw Consent: Opt out of data processing at any time

To exercise these rights, email us at privacy@dilimatic.com or delete your account in Settings.

8. Cookies and Tracking

We use the following types of cookies:

  • Essential Cookies: Required for authentication and core functionality (cannot be disabled)
  • Analytics Cookies: Help us understand how you use our service (optional, requires consent)

You can manage cookie preferences through our cookie consent banner or your browser settings.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with all vendors
  • SOC 2 Type II certified infrastructure providers

10. Children's Privacy

Our service is not intended for anyone under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it immediately.

11. Data Breach Notification

In the event of a data breach affecting your personal information, we will:

  • Notify affected users within 72 hours of discovery
  • Report to relevant data protection authorities as required by law
  • Provide details on the nature of the breach and steps taken to mitigate harm
  • Offer guidance on protective measures you can take

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on this page with a new "Last updated" date
  • Sending an email notification to your registered email address
  • Displaying a prominent notice in our application

Your continued use of the service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Company: Kobalgo Inc.

Email: privacy@kobalgo.ai

Data Protection Officer: dpo@kobalgo.ai

Website: kobalgo.ai

Product: dilimatic.com

For EU residents: You also have the right to lodge a complaint with your local data protection authority.

← Back to Home