MergeSentinelMergeSentinel

Privacy Policy

Effective date: May 30, 2026. This draft explains how MergeSentinel handles account, project, evidence, and report data for M&A cybersecurity due diligence workflows.

This policy is a business-ready draft and should be reviewed by qualified legal counsel before production use with customers.

1. Information we collect

  • Account information such as name, email address, authentication details, and organization information when you create or use an account.
  • Project information such as diligence project names, target company details, questionnaire responses, findings, FAIR assessment statuses, reviewer notes, and report history.
  • Evidence information such as uploaded file metadata, evidence notes, source type, status, filenames, MIME types, and related questionnaire or project references.
  • Usage and technical information such as device, browser, IP address, pages visited, timestamps, error diagnostics, and security events needed to operate and protect the service.

2. How we use information

  • To provide the MergeSentinel application, including project workspaces, questionnaire workflows, evidence tracking, findings, FAIR calculations, and report generation.
  • To authenticate users, enforce access controls, protect private evidence, troubleshoot issues, and prevent unauthorized access.
  • To generate diligence reports from project data that you choose to submit or store in the service.
  • To improve reliability, security, usability, and product functionality.

3. AI processing

  • When you generate a report, MergeSentinel may send selected project metadata, questionnaire responses, evidence metadata, evidence notes or extracted text, reviewer notes, findings, and backend-calculated FAIR outputs to an AI service provider.
  • MergeSentinel does not send API keys, passwords, session tokens, or service role credentials to the report-generation model.
  • FAIR monetary calculations are performed by MergeSentinel backend code. AI-generated narrative is used to explain and organize those calculated outputs, not to independently calculate financial values.

4. Sharing and subprocessors

  • We do not sell personal information.
  • We may share information with infrastructure, authentication, database, storage, analytics, security, and AI service providers that help us operate MergeSentinel.
  • We may disclose information if required by law, to protect rights and safety, to investigate abuse, or as part of a business transaction such as a merger, acquisition, financing, or sale of assets.

5. Security and retention

  • MergeSentinel is designed to keep diligence projects private to authorized users and uses access controls, private storage patterns, and row-level security where applicable.
  • No internet-based service can guarantee absolute security. You are responsible for using strong passwords, protecting account access, and ensuring that uploaded evidence is appropriate for the platform.
  • We retain information for as long as needed to provide the service, comply with legal obligations, resolve disputes, maintain security, and enforce agreements.

6. Your choices

  • You may request access, correction, export, or deletion of personal information by contacting us.
  • Some records may need to be retained where required for security, legal, audit, billing, backup, or legitimate business purposes.
  • If you use MergeSentinel on behalf of an organization, your organization may control project data and account access.

7. Contact

  • For privacy questions or requests, contact hello@perfectsync.io.
  • For security reports, contact security@mergesentinel.ai.
Back to homepageContact us