Legal Documents
Last updated: December 2024
NDA Compatibility Statement
How DDP protects your confidential information obligations
Why Using DDP Typically Does Not Violate NDAs
Most commercial NDAs permit disclosure to service providers and data processors who are bound by equivalent confidentiality obligations. DDP operates as a data processor under a Data Processing Agreement, which means:
- We are bound by confidentiality obligations equivalent to or stricter than typical NDAs
- We process data solely to provide the service you requested
- We do not disclose, share, sell, or retain your confidential information
Technical Safeguards
⚠️ Important Recommendation
While DDP's technical and legal safeguards satisfy typical NDA "service provider" exceptions, every NDA is different. We recommend you:
- Review your specific NDA's definition of "permitted disclosures" or "authorized recipients"
- Check if your NDA permits sharing with service providers bound by confidentiality
- When in doubt, consult with your legal counsel
- Consider redacting party names if your NDA is unusually restrictive
Terms of Service
1. Service Description
Dude Diligence Pro ("DDP", "we", "our") provides automated document analysis and due diligence screening services. Our platform processes documents you upload to extract relevant information and cross-reference it against publicly available databases for risk assessment purposes.
2. Acceptable Use
You agree to use DDP only for lawful purposes related to legitimate business due diligence. You shall not:
- Upload documents you do not have the right to process
- Use the service to facilitate illegal activity
- Attempt to reverse-engineer or exploit our systems
- Misrepresent the results of our analysis
3. No Legal or Financial Advice
DDP provides informational screening services only. Our reports do not constitute legal, financial, or professional advice. Results should be used as one input in your due diligence process, not as the sole basis for business decisions. We recommend consulting qualified professionals for complex matters.
4. Accuracy & Limitations
While we strive for accuracy, DDP relies on third-party databases and AI-powered extraction. We do not guarantee the completeness or accuracy of results. False positives and false negatives may occur. Users should independently verify critical findings.
5. Liability Limitations
To the maximum extent permitted by law, DDP shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of the service. Our total liability shall not exceed the fees paid by you in the 12 months preceding any claim.
6. Subscription & Payments
Paid subscriptions are billed in advance on a monthly or annual basis. Refunds are provided on a case-by-case basis within 7 days of purchase. We reserve the right to modify pricing with 30 days notice to existing subscribers.
7. Termination
Either party may terminate this agreement at any time. Upon termination, your access to the service will cease. We reserve the right to suspend or terminate accounts that violate these terms.
8. Governing Law
These terms shall be governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to conflict of law principles.
Privacy Policy
1. Information We Collect
Account Information: Email address, name, company name (if provided), payment information.
Usage Data: Timestamps, feature usage, report generation counts, IP addresses.
Document Content: Processed temporarily in memory only. See "Document Handling" below.
2. Document Handling
This is critically important:
- ✓ Documents are processed in-memory only
- ✓ Documents are NOT saved to any permanent storage
- ✓ Documents are NOT used for AI training
- ✓ Document contents are NOT logged or recorded
- ✓ No human employee views your documents
- ✓ Documents are purged from memory immediately after processing
3. How We Use Information
- To provide and improve our services
- To process payments and manage subscriptions
- To communicate service updates and support
- To comply with legal obligations
- To detect and prevent fraud or abuse
4. Information Sharing
We do NOT sell your data. We may share information with:
- Payment processors (for billing only)
- Infrastructure providers (under strict DPAs)
- Law enforcement (only when legally required)
5. Data Security
We implement AES-256 encryption for data in transit and at rest, secure infrastructure on enterprise-grade cloud providers, regular security audits, and strict access controls. No system is 100% secure, but we employ industry-standard protections.
6. Your Rights (GDPR/CCPA)
Depending on your jurisdiction, you may have the right to:
- Access your personal data
- Correct inaccurate data
- Request deletion of your data
- Export your data
- Opt-out of marketing communications
Contact us at privacy@duediligence.pro to exercise these rights.
7. Cookies
We use essential cookies for authentication and site functionality. We use analytics cookies (Google Analytics) to understand usage patterns. You can disable non-essential cookies in your browser settings.
Data Processing Agreement (DPA)
This DPA is incorporated into and forms part of the Terms of Service between you ("Data Controller") and Dude Diligence Pro ("Data Processor").
1. Definitions
"Personal Data," "Processing," "Data Controller," and "Data Processor" have the meanings given in the EU General Data Protection Regulation (GDPR) and analogous terms under applicable data protection laws.
2. Scope of Processing
The Data Processor shall process Personal Data only:
- To provide the due diligence screening services requested
- In accordance with the Data Controller's documented instructions
- As required to comply with applicable law
3. Confidentiality
The Data Processor shall ensure that all personnel authorized to process Personal Data are bound by confidentiality obligations. The Data Processor shall treat all data uploaded by the Data Controller as Confidential Information and shall not disclose it to any third party except as required to provide the services or as required by law.
4. Security Measures
The Data Processor implements appropriate technical and organizational measures including:
- AES-256 encryption in transit and at rest
- In-memory processing with no persistent document storage
- Automated purging of processed documents
- Access controls and authentication
- Regular security assessments
- Incident response procedures
5. Sub-processors
The Data Controller authorizes the use of the following categories of sub-processors:
- Cloud infrastructure providers (AWS, Vercel)
- Payment processors (Stripe)
- AI processing services (Anthropic Claude API)
All sub-processors are bound by data processing agreements with equivalent protections.
6. Data Subject Rights
The Data Processor shall assist the Data Controller in responding to requests from data subjects exercising their rights under applicable data protection law, to the extent the Data Processor holds relevant data.
7. Data Breach Notification
The Data Processor shall notify the Data Controller without undue delay (and in any event within 72 hours) upon becoming aware of a Personal Data breach affecting the Data Controller's data.
8. Data Retention & Deletion
Documents: Not retained. Processed in-memory and purged immediately after analysis.
Reports: Available to the user during their session. Not stored server-side.
Account Data: Retained until account deletion is requested.
Upon termination or request, the Data Processor shall delete or return all Personal Data within 30 days.
9. International Transfers
Where Personal Data is transferred outside the EEA, the Data Processor ensures appropriate safeguards are in place, including Standard Contractual Clauses where applicable.
10. Audit Rights
Upon reasonable notice, the Data Processor shall make available information necessary to demonstrate compliance with this DPA. Enterprise customers may request third-party audit reports.
Questions About These Terms?
Contact our legal team for clarification or to request a signed DPA.