1. INTRODUCTION

Dillion.ai, Inc. ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our website www.dillion.ai and our AI-powered due diligence services.

By using our services, you agree to this Privacy Policy. If you disagree, please do not use our services.

2. INFORMATION WE COLLECT
Information You Provide:

  • Contact details: Name, email, phone, company, job title

  • Account information: Username, password, preferences

  • Service information: Consultation requests, communications, billing details

  • Client Data: Financial records, contracts, technical documents, and other materials for due diligence analysis

Information We Collect Automatically:

  • Usage data: Pages visited, features used, time spent, navigation patterns

  • Technical data: IP address, browser type, device information, operating system

  • Cookies: We use cookies for functionality, analytics, and performance (see Section 9)

Information from Third Parties:

  • Business partners, data enrichment services, public sources (LinkedIn, company directories)

3. HOW WE USE YOUR INFORMATION

We use your information to:

  • Provide Services: Process requests, perform AI-powered due diligence, generate reports, provide support

  • Business Operations: Process payments, maintain security, prevent fraud, conduct analytics

  • Communications: Send service updates, marketing materials (with consent), and respond to inquiries

  • Legal Compliance: Comply with laws, respond to legal requests, enforce agreements

You can opt out of marketing communications anytime.

4. AI PROCESSING
How We Use AI:

  • Analyze documents and extract information

  • Identify patterns, risks, and anomalies

  • Generate preliminary findings (all reviewed by human experts before delivery)

Training AI Models:

  • Your Client Data: We do NOT use identifiable client data to train AI models without explicit consent

  • Anonymized Data: We may use aggregated, de-identified data to improve AI accuracy and develop features

  • Transparency: You can request human review of automated decisions that significantly affect you

5. HOW WE SHARE INFORMATION

We do not sell your personal information. We share information only in these situations:

  • Service Providers: Cloud hosting (AWS, Azure), CRM, payment processing, analytics (contractually obligated to protect data)

  • Professional Advisors: Legal counsel, accountants, insurance providers

  • Business Transfers: If we merge, are acquired, or sell assets

  • Legal Requirements: Court orders, government requests, compliance with laws, fraud prevention

  • With Your Consent: For other purposes with explicit permission

  • Anonymized Data: Aggregated data for benchmarking and research (cannot identify you)

6. DATA SECURITY
Our Security Measures:

  • SOC 2 Type II compliant infrastructure

  • End-to-end encryption (TLS 1.2+ in transit, AES-256 at rest)

  • Multi-factor authentication and role-based access controls

  • Regular security testing and vulnerability assessments

  • Employee confidentiality agreements and background checks

  • Secure backup and disaster recovery procedures

Data Retention:

  • Active clients: Duration of relationship + 7 years (or as legally required)

  • Marketing data: Until opt-out or 3 years of inactivity

  • Client Data: Per service agreement (typically 7 years)

We will notify you promptly of any data breach affecting your information.

7. YOUR PRIVACY RIGHTS

Depending on your location, you may have rights to:

  • Access & Portability: Request a copy of your personal information

  • Correction: Update inaccurate or incomplete information

  • Deletion: Request deletion (subject to legal retention requirements)

  • Opt-Out: Unsubscribe from marketing communications

  • Restrict Processing: Limit how we use your information

  • Human Review: Request human review of automated decisions

  • Withdraw Consent: Withdraw consent for processing (doesn't affect prior use)

  • File Complaints: Lodge complaints with supervisory authorities

To exercise these rights: Contact privacy@dillion.ai or mail 757 3rd Ave, New York, NY, 10017. We respond within 30-45 days.

8. STATE-SPECIFIC PRIVACY RIGHTS
California (CCPA/CPRA):

  • Right to know what information we collect and how we use it

  • Right to delete, correct, and access information

  • Right to opt-out of sale (we don't sell information)

  • Right to non-discrimination for exercising rights

  • Contact: privacy@dillion.ai

Virginia, Colorado, Connecticut, Utah:

  • Similar rights to California (access, correction, deletion, portability, opt-out)

  • We don't sell information or engage in targeted advertising

Nevada:

  • Right to opt-out of sale (we don't sell information)

9. INTERNATIONAL USERS
Data Transfers:

Our services operate in the United States. Your information will be transferred to and processed in the U.S. and other countries where we operate. These countries may have different data protection laws.

We use safeguards including:

  • Standard Contractual Clauses (EU Commission-approved)

  • Data Processing Agreements

  • Your explicit consent where required

EEA, UK, and Swiss Users (GDPR):

Legal basis for processing:

  • Contract performance

  • Legitimate business interests (balanced with your rights)

  • Legal compliance

  • Your consent (which you may withdraw)

Your GDPR rights include all rights in Section 7 plus the right to lodge a complaint with your data protection authority.

Data Controller: Dillion.ai, Inc. Contact: privacy@dillion.ai

10. COOKIES AND TRACKING
Types of Cookies:

  • Essential: Required for site functionality (authentication, security)

  • Performance: Improve site performance and user experience

  • Analytics: Google Analytics and similar services

  • Marketing: Track activity for advertising (with consent)

Third-Party Services:

  • Google Analytics, LinkedIn Insight Tag, HubSpot, Intercom

Your Choices:

  • Most browsers let you block or delete cookies

  • Disabling essential cookies may impair functionality

  • We don't respond to Do Not Track signals

11. CHILDREN'S PRIVACY

Our services are not for anyone under 18. We don't knowingly collect information from children. If we learn we've collected a child's information, we'll delete it immediately. Contact us at privacy@dillion.ai if you believe we have such information.

12. CHANGES TO THIS POLICY

We may update this Privacy Policy periodically. We'll notify you of material changes via:

  • Updated "Last Updated" date on this page

  • Email to registered users

  • Prominent notice on our website

Your continued use after changes means you accept the updated policy.

13. CONTACT US

Questions about this Privacy Policy?

Dillion.ai, Inc. 757 3rd Ave, New York, NY, 10017

Email: privacy@dillion.ai

We'll respond within 30 days.