Legal

Privacy Policy

Last updated: November 16, 2025

Introduction

DDFlow ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our M&A due diligence platform.

Information We Collect

We collect information that you provide directly to us, information we obtain automatically when you use our services, and information from third-party sources.

Personal Information

  • Name and contact information
  • Email address
  • Company name and job title
  • Phone number (optional)

Usage Information

  • Log data and access times
  • Feature usage and interactions
  • Device and browser information

Deal Information

  • Documents and files you upload
  • Questions and answers you create
  • Deal metadata and activity logs

How We Use Your Information

  • Provide, maintain, and improve our services
  • Communicate with you about our services
  • Analyze usage patterns to improve user experience
  • Protect against fraud and security threats
  • Comply with legal obligations

Data Security

We implement industry-standard security measures to protect your data:

  • 256-bit AES encryption for data at rest and TLS 1.3 for data in transit
  • Row-level security policies to isolate data between users and deals
  • Role-based access controls and multi-factor authentication
  • 24/7 security monitoring and regular security audits

Data Retention

We retain your information for as long as your account is active or as needed to provide you services. You may request deletion of your account and associated data at any time.

Your Rights

  • Access the personal information we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and data
  • Export your data in a portable format
  • Restrict processing of your personal information

Third-Party Services

We use the following third-party service providers:

  • Supabase: Database and authentication (SOC 2 Type 2 certified)
  • Vercel: Hosting and deployment (SOC 2 Type 2 certified)
  • Resend: Email delivery service

Cookies and Tracking

We use essential cookies for authentication and session management. We do not use third-party tracking or advertising cookies.

International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers.

Children's Privacy

Our services are not intended for users under 18 years of age. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@ddflow.com.br
Website: ddflow.com.br