Power Diligence Policies

Last updated: 2025-09-19 • This page combines our Privacy Policy, Terms of Service, Cookie Policy, GDPR/CCPA notices, a high-level DPA summary, and Sub-processor disclosures.
Not legal advice. Please consult your counsel for specifics.

1) Privacy Policy

What we collect

• Account & contact: name, email, role, organization.
• Usage: app telemetry, device/browser metadata, pages and features used.
• Support: messages, attachments you voluntarily send.
• Client content (B2B): documents you upload (e.g., PPAs, interconnection, land leases) and AI outputs generated from them.
• Cookies: strictly necessary cookies; optional analytics/marketing cookies only with consent (see Cookie Policy).

How we use data (purposes & legal bases)

• Provide and secure the service (contract; legitimate interests).
• Customer support, troubleshooting, safety monitoring (legitimate interests).
• Product analytics to improve features (consent where required).
• Legal compliance, fraud prevention (legal obligations; legitimate interests).

Data retention

Account metadata is retained while your account is active and for up to 24 months thereafter. Client documents and derived outputs are retained per your tenant settings or contract; we support deletion at your request.

International transfers

We may process data in the United States and other countries. For EU/UK personal data, we rely on Standard Contractual Clauses (SCCs) with sub-processors and implement additional safeguards.

Children

The service is not directed to children under 16 and we do not knowingly collect their data.

Your rights

Depending on your jurisdiction (EU/EEA/UK, California, etc.), you may have rights to access, correct, delete, port, or restrict/oppose processing, and to withdraw consent. See Data Requests.

2) Terms of Service

Use of the service

• You must be authorized to upload documents and ensure you have lawful basis to process them.
• No unlawful, infringing, or harmful content; no reverse engineering or abusive automated access.

Ownership

• You retain ownership of your uploaded content. We receive a license to process it solely to provide the service to you.
• We own the platform, models, and compilations. You own your outputs, subject to third-party rights in the inputs.

AI outputs

Outputs may contain errors. You are responsible for reviewing them before relying on them. The service is provided “as is” and “as available”. To the extent permitted by law, we disclaim warranties and limit liability.

Suspension/termination

We may suspend or terminate for breach, legal risk, or security concerns. Either party may terminate at will pursuant to the contract or plan terms.

Governing law

Unless your order form states otherwise, laws of Florida, USA (excluding conflicts rules). Venue: Miami-Dade County courts or federal court in S.D. Florida.

3) Cookie Policy

We use necessary cookies for login/session and security. Optional analytics and marketing cookies are disabled by default in the EU/EEA/UK until you consent via our banner or Cookie Preferences.

• Necessary: session id, csrf token, tenant id (first-party).
• Analytics (optional): pageviews, feature usage (e.g., self-hosted or hosted analytics).
• Marketing (optional): none by default; if introduced, will require opt-in.

4) California (CCPA/CPRA) Notice

We do not “sell” or “share” personal information for cross-context advertising. If this changes, we will update this page and provide a Do Not Sell or Share My Personal Information link.

5) GDPR Information

• Controller: Power Diligence, 123 Example Ave, Miami, FL, USA; contact: privacy@powerdiligence.com.
• Representative/DPO: If required, details will be posted here.
• Legal bases: contract; legitimate interests; consent; legal obligation.
• Transfers: SCCs with sub-processors; encryption in transit and at rest.

6) Data Processing Addendum (summary)

If you are a business customer and we process personal data on your behalf, the DPA (including SCCs) applies. We act as a processor; you are the controller. We process only per your documented instructions, implement appropriate technical and organizational measures, assist with data subject requests, and flow down obligations to sub-processors. For a signed DPA, contact privacy@powerdiligence.com.

7) Sub-processors

• AWS (S3, CloudFront) — secure file storage & delivery (regions: as configured per tenant).
• Azure OpenAI — model inference for document analysis (region: as configured; no training on your data).
• Vercel/Render — app hosting (logs and operational telemetry).
• Supabase — managed Postgres & auth (data at rest encryption).

8) Security overview

• Encryption in transit (TLS) and at rest (S3/supported DB encryption).
• Tenant isolation, role-based access, optional 2FA, audit logging roadmap.
• Backups, least-privilege access, and incident response procedures.

9) Data Requests (DSAR)

To request access, correction, deletion, or export of your personal data, email privacy@powerdiligence.com with subject “DSAR Request”. If you are part of a business tenant, please include your tenant name and contact.

10) Contact

Power Diligence, 123 Example Ave, Miami, FL, USA
privacy@powerdiligence.com