Privacy Policy
Last updated: June 26, 2026
1. Who We Are
PowerDiligence ("we," "us," or "our") provides an AI-powered due-diligence platform for renewable-energy assets. This Privacy Policy describes how we collect, use, share, and protect personal data when you visit powerdiligence.com (the "Site") or use our platform (the "Service").
For privacy-related questions, contact us at support@powerdiligence.com.
2. Data We Collect
2.1 Information You Provide
- Contact & lead forms — name, work email address, phone number, company, and job title when you request information or download resources.
- Account data — email and authentication credentials when you sign up for the platform.
- Documents & files — renewable-energy contracts, reports, and financial models you upload for AI-assisted analysis.
2.2 Information Collected Automatically
- Analytics — page-view and performance data collected by Vercel Analytics and Vercel Speed Insights. These tools use privacy-friendly, cookie-less measurement by default and do not track individuals across sites.
- Log data — IP address, browser type, and timestamps generated by our hosting infrastructure.
3. How We Use Your Data
- To respond to information requests and deliver resources you ask for.
- To provide, maintain, and improve the Service.
- To run AI-powered analysis on the documents you upload — solely within the scope of your project.
- To send transactional emails (e.g., account invitations, form confirmations).
- To monitor performance, security, and uptime of the Site and Service.
- To comply with legal obligations.
4. Legal Bases for Processing (GDPR)
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data on the following legal bases:
- Contract — processing necessary to provide the Service you signed up for.
- Consent — when you voluntarily submit your details through a lead form or download a resource.
- Legitimate interest — analytics, security monitoring, and improving the product, balanced against your rights.
- Legal obligation — where required by applicable law.
5. Data Sharing & Sub-Processors
We do not sell your personal data. We share data only with the following categories of service providers, each bound by data-processing agreements:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database & authentication | EU |
| Vercel | Hosting, analytics, speed insights | EU |
| AWS (S3) | Encrypted document storage | EU |
| Resend | Transactional email delivery | US |
| Anthropic | AI document analysis | US |
| Google (Gemini) | AI document analysis | US |
Where data is transferred outside the EEA (e.g., to US-based processors), we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards as required by GDPR Chapter V.
6. AI & Your Documents
- Documents you upload are processed solely to deliver analysis results to you.
- Your documents are never used to train AI models — neither ours nor any third-party provider's.
- Files are stored in private, encrypted AWS S3 buckets isolated per tenant.
- Analysis is scoped to your project and inaccessible to other users.
7. Data Retention
- Lead form data — retained for up to 24 months from submission, or until you request deletion.
- Account & platform data — retained for the duration of your active account, plus 30 days after account closure for recovery purposes.
- Uploaded documents — retained while your account is active. You can delete files at any time from within the platform. All files are permanently deleted within 30 days of account closure.
- Analytics data — aggregated and non-identifiable; retained indefinitely.
8. Cookies & Tracking
The Site uses only essential cookies required for authentication and session management. Our analytics provider (Vercel Analytics) uses a privacy-friendly, cookie-less approach that does not track users across websites and does not collect personally identifiable information.
We do not use advertising cookies or pixel trackers.
9. Your Rights
9.1 GDPR (EEA / UK / Switzerland)
You have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. You may also withdraw consent at any time. To exercise these rights, email support@powerdiligence.com. We will respond within 30 days.
You have the right to lodge a complaint with your local data-protection supervisory authority.
9.2 CCPA / US State Privacy Laws
If you are a California resident (or a resident of another US state with applicable privacy legislation), you have the right to:
- Know what personal information we collect, use, and disclose.
- Request deletion of your personal information.
- Opt out of the "sale" or "sharing" of personal information — we do not sell or share your data for advertising purposes.
- Not be discriminated against for exercising your privacy rights.
To submit a request, email support@powerdiligence.com.
10. Security
We implement industry-standard security measures including encryption at rest and in transit, tenant-isolated storage, role-based access controls, and regular security reviews. SOC 2 Type II and ISO 27001 certification processes are currently underway.
11. Children's Privacy
The Service is designed for business professionals and is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will promptly delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we will make reasonable efforts to notify you (e.g., via email or a notice on the Site).
13. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us at:
PowerDiligence
Email: support@powerdiligence.com