Privacy Policy

Anvesana AI Due Diligence Platform

Effective: 15 June 2026

Contents

  1. Who we are
  2. Data we collect
  3. Lawful basis
  4. How we use your data
  5. Sub-processors
  6. Data retention
  7. Your rights
  8. IP logging
  9. Cookies & storage
  10. Contact
This Privacy Policy covers how Anvesana collects, uses, and protects personal data. It is separate from our Terms and Conditions, which govern the contractual relationship between Anvesana and its clients.

1. Who We Are

Anvesana operates an AI-powered M&A due diligence platform ("Platform"). References to "we", "us", or "Anvesana" mean the Platform operator. (Registered entity name and address will be substituted here upon incorporation. Until that time, all data protection enquiries should be directed to the contact below.) For data protection enquiries: [email protected].

2. Data We Collect

2.1 Account and contact data

2.2 Engagement data

2.3 Technical data

2.4 Billing data

2.5 Consent records

3. Lawful Basis for Processing

For California residents (CCPA): we do not sell personal information. Data is disclosed only to service providers acting on our behalf under written contracts.

Deal documents uploaded to the Platform may contain personal data of third parties (e.g. employees of a target company, counterparties, or directors). The Client, as data controller of such data, is responsible for ensuring an appropriate legal basis exists for processing it through the Platform. Anvesana processes this data solely as a data processor acting on the Client's instructions and only to the extent necessary to deliver the due diligence analysis service.

4. How We Use Your Data

We do not use your engagement documents for model training. Where cloud-based AI inference is used, document text is transmitted to the AI provider (currently Anthropic Inc.) under their Data Processing Agreement and is not used for model training. Where local scoring is active, no external transmission occurs. No document content is shared with any other third party other than as set out in Section 5.

5. Sub-processors

6. Data Retention

7. Your Rights

7.1 Access and portability

Request a machine-readable export of all personal data we hold. Use GET /api/v1/account/export with your API key, or email [email protected].

7.2 Erasure

Request deletion of your account and all associated engagement data. Use DELETE /api/v1/account or email [email protected]. Deletion is processed within 30 days. Billing records required by law are retained for the statutory period.

7.3 Rectification

If any data we hold is inaccurate, contact [email protected]. We will correct it within 14 days.

7.4 Objection and restriction

You may object to processing based on legitimate interests or request restriction while a dispute is resolved. Contact [email protected].

7.5 Withdrawal of consent

Where processing is based on consent (e.g. marketing emails), reply "Unsubscribe" to any platform email or contact us. Withdrawal does not affect lawfulness of prior processing.

7.6 CCPA rights (California residents)

You have the right to know what personal information is collected, request deletion, opt out of sale (we do not sell data), and non-discrimination for exercising these rights. Submit requests to [email protected].

7.7 Complaints

You may lodge a complaint with your local supervisory authority. UK: ICO. EU: your national data protection authority.

8. IP Address Logging

We log the IP address of every API request. Lawful basis: legitimate interests (Art. 6(1)(f)) — IP logging is necessary to detect abuse, enforce rate limits, diagnose errors, and maintain platform security. Logs are retained for 90 days and are not used for profiling, advertising, or shared with third parties except where required by law.

9. Cookies and Local Storage

The Platform does not use tracking cookies or third-party analytics.

No cookies are set by the Platform.

10. Contact

For privacy enquiries or data subject requests:

This policy was last updated June 2026. Material changes will be communicated to active subscribers by email.