Privacy Policy

1. Introduction

Welcome to Dragonfly Diligence ("Platform", "Service", "we", "us", or "our"), a due diligence platform operated by Dragonfly Operating Partners. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Platform.

Please read this Privacy Policy carefully. By accessing or using the Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Your name
• Email address
• Password (stored in encrypted form)
• Organization/company affiliation
• Role and permissions within the Platform

2.2 Google Drive Integration Data

When you connect your Google Drive account to our Platform, we access:

• File and folder names from connected folders
• File metadata (size, creation date, modification date)
• File contents for documents you choose to import into the Platform
• Your Google account email address for authentication purposes

Important: We only access the specific folders and files you explicitly authorize. We do not access your entire Google Drive. You can revoke this access at any time through your Google Account settings or within our Platform.

2.3 Usage Data

We automatically collect certain information when you use the Platform:

• Log data (IP address, browser type, pages visited, time spent)
• Device information (device type, operating system)
• Actions taken within the Platform (for audit logging purposes)

2.4 Documents and Content

We store documents, assessments, interviews, reports, and other content you upload or create within the Platform as part of the due diligence process.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Platform
• Authenticate users and manage access permissions
• Enable collaboration features between team members
• Facilitate due diligence workflows and document management
• Generate reports and analytics for authorized users
• Maintain audit logs for compliance and security purposes
• Communicate with you about service updates and support
• Ensure the security and integrity of the Platform
• Comply with legal obligations

4. Data Storage and Security

We implement appropriate technical and organizational measures to protect your data:

• Data is encrypted in transit using TLS/SSL
• Data is encrypted at rest
• Access controls and role-based permissions
• Regular security audits and monitoring
• Secure authentication mechanisms

Our Platform uses Supabase for database and authentication services. Data is stored in secure, SOC 2 compliant data centers.

5. Third-Party Services

We use the following third-party services:

• Supabase: Database, authentication, and file storage
• Google OAuth: Authentication and Google Drive integration
• Vercel: Platform hosting and deployment

These services have their own privacy policies governing their use of your data.

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

• Within your organization: With other authorized users in your company or team
• Service providers: With third-party vendors who assist in operating the Platform
• Legal requirements: When required by law or to protect our legal rights
• Business transfers: In connection with a merger, acquisition, or sale of assets

7. Your Rights and Choices

You have the following rights regarding your data:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and associated data
• Data Portability: Request export of your data in a portable format
• Revoke Consent: Disconnect third-party integrations at any time

To exercise these rights, please contact us using the information provided below.

8. Google API Services User Data Policy

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we:

• Only request access to the data necessary for the Platform's functionality
• Do not use Google user data for advertising purposes
• Do not sell Google user data to third parties
• Allow users to revoke access at any time

9. Cookies and Tracking

We use essential cookies for:

• Authentication and session management
• Security purposes
• Remembering user preferences

We do not use cookies for advertising or tracking purposes across other websites.

10. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required for legal or compliance purposes.

11. Children's Privacy

The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us: