Your data security is our priority
We understand that due diligence documents contain sensitive information. That's why we've built Dilimatic with security at its core.
TLS 1.3 + AES-256 Encryption
All data encrypted at rest and in transit
Secure Infrastructure
Built on SOC 2 Type II certified infrastructure
GDPR Compliant
Full compliance with EU data protection
Isolated Workspaces
Row-level security ensures your data never touches another customer's
Your data stays yours
Unlike generic AI tools, Dilimatic is built specifically for handling sensitive business documents. We implement strict data isolation and never use your documents for any purpose beyond generating your analysis.
Never used for AI training
Your documents are processed solely to generate your analysis. We do not use customer data for model training, fine-tuning, or any form of machine learning improvement.
Isolated workspaces
Each customer workspace is logically separated. Your data is never shared, mixed, or accessible by other customers.
Delete anytime
You maintain full control over your data. Delete individual analyses or your entire account at any time. Deletion completes within 30 days.
Data Lifecycle
Compliance & Privacy
We follow global privacy standards and regulations
GDPR
We comply with GDPR requirements including data minimization, right to deletion, and transparent processing.
- Data minimization
- Right to erasure
- Data portability
Data Processing
Clear terms on how we process your data, with full transparency on third-party services.
- Clear DPA available
- Sub-processor list
- Processing transparency
Data Retention
You control how long we keep your data. Delete analyses individually or remove everything at once.
- User-controlled retention
- Permanent deletion
- 30-day deletion window
Security FAQ
Is my data used to train your AI models?
No, never. Your documents are processed solely to generate your analysis. We do not use customer data for model training, fine-tuning, or any form of machine learning improvement.
Who can access my data?
Only you and team members you explicitly grant access to. Our engineering team has limited access for support purposes only, with all access logged and audited.
Where is my data stored?
Data is stored on SOC 2 certified infrastructure. EU data residency options are available for enterprise customers with specific compliance requirements. Contact us to discuss your data location needs.
Is Dilimatic SOC 2 certified?
Dilimatic is built on SOC 2 Type II certified infrastructure (Vercel, Supabase, Anthropic). We implement security controls aligned with SOC 2 principles and are actively working toward independent certification.
How is customer data segregated?
Customer data is logically separated at the database level using Row Level Security (RLS) policies. Each customer workspace has a unique identifier, and all database queries are automatically scoped to that workspace. This ensures that even in the unlikely event of a query logic error, data from one customer cannot be accessed by another customer.
Can I get security documentation for my compliance team?
Yes. Contact us via the form below for our security documentation, including our security practices overview and sub-processor list.
Is Dilimatic a replacement for professional due diligence?
No. Dilimatic is an AI-powered tool designed to assist and augment human analysts, not replace them. All outputs are generated by artificial intelligence and should be reviewed, validated, and verified by qualified professionals before making any investment decisions. Dilimatic does not provide financial, legal, or investment advice.
Enterprise Security Controls
Additional security measures for institutional customers
Access Controls & Authentication
Multi-layered access security
- Multi-factor authentication (MFA)
Required for all user accounts
- Role-based access control (RBAC)
Granular permissions based on team roles
- Session management
Automatic timeout after inactivity
- SSO integration (Enterprise)
Available for enterprise customers
Security Testing & Vulnerability Management
Proactive threat identification
- Automated vulnerability scanning
Continuous monitoring via GitHub Dependabot and infrastructure providers
- Dependency monitoring
Automated scanning and alerts for vulnerable dependencies
- Rapid security patching
Critical vulnerabilities prioritized and addressed promptly
- Security testing (Enterprise)
Penetration testing available for enterprise deployments
Reliability & Business Continuity
Enterprise-grade availability
- High availability architecture
Infrastructure providers maintain 99.9%+ uptime commitments
- Automated backup systems
Daily backups with point-in-time recovery to minimize data loss
- Global edge deployment
Application served from multiple locations worldwide for optimal performance
- Custom SLAs (Enterprise)
Uptime commitments and recovery guarantees available for enterprise customers
Data Location & Transfer
Transparent data handling practices
- Infrastructure location transparency
Data stored on SOC 2 certified infrastructure in secure data centers
- GDPR-compliant data transfers
Standard Contractual Clauses in place with infrastructure providers
- Sub-processor transparency
Complete list of third-party processors available on request
- Regional deployment options (Enterprise)
EU data residency and custom regional deployment available for enterprise customers
Enterprise Legal & Compliance
- Data Processing Addendum (DPA)
Available for enterprise customers upon request
- Custom terms and agreements
We work with legal teams to accommodate specific requirements
- Security documentation
Comprehensive security questionnaire responses available
Right to Audit & Verification
- Security questionnaires
We respond to standard security assessments
- Third-party audit rights (Enterprise)
Negotiable for enterprise customers
- Security documentation package
Available for procurement review