Privacy Policy

Last updated: February 13, 2026

1. Introduction

Welcome to Dilimatic ("we," "our," or "us"). Dilimatic is a product operated by Kobalgo Inc., a company committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our due diligence analysis platform.

All references to "we," "us," or "our" in this Privacy Policy refer to Kobalgo Inc. By using Dilimatic, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

  • Account Information: Email address, name, and authentication credentials (managed by Clerk)
  • Usage Data: IP address, browser type, device information, access times
  • Payment Information: Billing details (processed securely by our payment provider)

2.2 Files and Documents

When you upload documents for analysis, we collect and process:

  • Document contents (encrypted at rest using AES-256-GCM)
  • File metadata (filename, size, type, upload timestamp)
  • Analysis results and AI-generated reports
  • Company names and analysis parameters you provide

2.3 Automatically Collected Information

We automatically collect:

  • Log data (timestamps, API calls, errors)
  • Audit logs (who accessed what, when, from where)
  • Performance metrics (processing times, token usage)

3. How We Use Your Information

We use your information to:

  • Provide, operate, and maintain our AI analysis service
  • Process your documents and generate due diligence reports
  • Manage your account and subscription
  • Send you service updates, security alerts, and administrative messages
  • Improve our service through usage analysis
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations and enforce our Terms of Service

4. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: All files encrypted at rest (AES-256-GCM) and in transit (HTTPS/TLS 1.3)
  • Access Control: Row-level security ensures users can only access their own data
  • Authentication: Secure login via Clerk with optional two-factor authentication
  • Audit Logging: All access and modifications are logged with IP addresses and timestamps
  • Rate Limiting: Protection against abuse to ensure system availability
  • Regular Backups: Daily automated backups with 7-day retention

Our staff only accesses User Content when strictly necessary to resolve technical issues or fulfill support requests. All such access is logged and governed by internal confidentiality agreements to ensure your data remains private.

5. Third-Party Service Providers

We use trusted third-party services that are SOC 2 Type II certified. We have strict Data Processing Agreements (DPAs) in place with each provider:

  • Anthropic: AI analysis engine. Note: Anthropic does NOT use your data for training their models. Your data is retained only for a short period to process the request.
  • Supabase: Supabase: Database and file storage (encrypted at rest). Your data is stored on servers located in West EU (Paris), France (AWS eu-west-3 region).
  • Clerk: Authentication and user management
  • Vercel: Hosting and infrastructure

These providers have access only to data necessary to perform their functions and are obligated to maintain confidentiality.

6. Workspace & Collaboration

Dilimatic is designed for team collaboration. If you are a member of a Team Workspace, the following privacy rules apply:

  • Workspace Data Visibility: Analyses explicitly shared with the team, along with any comments or annotations, are visible to all authorized members of that workspace.
  • Administrative Access: Workspace Administrators have the ability to access, monitor, or manage content within the workspace to ensure business continuity.
  • Data Segregation: We utilize Supabase's secure multi-tenant architecture and Row-Level Security (RLS) to ensure your team's data is strictly isolated from other organizations.
  • Activity Logging: Actions taken within a workspace (such as sharing reports or inviting members) are logged for security and audit purposes.

7. Data Retention

We retain your data as follows:

  • Active Accounts: Data retained while your account is active
  • Account Deletion: All data permanently deleted within 30 days of account deletion
  • Backup Copies: Deleted from backups within 90 days
  • Audit Logs: Retained for 12 months for security and compliance purposes

8. Your Privacy Rights

Under GDPR, CCPA, and similar laws, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Data Portability: Receive your data in a machine-readable format
  • Restriction: Request limitation of data processing
  • Objection: Object to processing of your data
  • Withdraw Consent: Opt out of data processing at any time

To exercise these rights, email us at privacy@kobalgo.ai or delete your account in Settings.

9. Cookies and Tracking

We use the following types of cookies:

  • Essential Cookies: Required for authentication and core functionality (cannot be disabled)
  • Analytics Cookies: Help us understand how you use our service (optional, requires consent)

You can manage cookie preferences through our cookie consent banner or your browser settings.

10. International Data Transfers

Our primary database is hosted in West EU (Paris), France (AWS eu-west-3 region), meaning your data is stored within the European Union. Some supporting services (such as authentication, hosting, and AI processing) involve providers based in the United States.

Where data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with all vendors
  • SOC 2 Type II certified infrastructure providers

11. Children's Privacy

Our service is not intended for anyone under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it immediately.

12. Data Breach Notification

In the event of a data breach affecting your personal information, we will:

  • Notify affected users within 72 hours of discovery
  • Report to relevant data protection authorities as required by law
  • Provide details on the nature of the breach and steps taken to mitigate harm
  • Offer guidance on protective measures you can take

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on this page with a new "Last updated" date
  • Sending an email notification to your registered email address
  • Displaying a prominent notice in our application

Your continued use of the service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Company: Kobalgo Inc.

Email: privacy@kobalgo.ai

Data Protection Officer: dpo@kobalgo.ai

Website: kobalgo.ai

Product: dilimatic.com

For EU residents: You also have the right to lodge a complaint with your local data protection authority.

← Back to Home

© 2026 Kobalgo Inc. All rights reserved.

Dilimatic is a product of Kobalgo Inc.