Data Security & Infrastructure FAQs
How do you ensure the security of our data?
We implement robust security measures, including:
Encryption of data at rest and in transit
Strict access controls
Regular security audits
Logged and monitored access
Multi-factor authentication
Security is embedded into both our infrastructure and our internal processes.
What encryption methods do you use?
All data is encrypted:
At rest
In transit
Using industry-standard protocols such as AES-256.
Where is our data stored?
Your data is securely stored on AWS servers in regions that comply with international security standards. Your data is not sent to or held on servers in the USA.
How is client data segregated?
Client data is logically segregated to prevent cross-access between clients.
Your production data is held in the cloud on separate servers from development environments, within industry-standard databases.
How do you handle data backups and disaster recovery?
Regular cloud backups are performed.
A comprehensive disaster recovery plan is in place.
Data integrity and availability are monitored.
What happens if you go out of business?
You can:
Sync your Data Repository with your chosen cloud provider (Drive, Dropbox, SharePoint).
Download all reports in PDF format.
Your connected Data Room can therefore act as an external backup.
Access Control & Permissions
Who has access to our data?
Access is:
Strictly controlled
Limited to authorised personnel for support purposes
Logged and monitored
In addition:
You control access to your company data via the platform’s permissions structure.
You determine what advisors and investors can see.
Can we limit advisor and investor access?
Yes. You control access through the permissions structure, determining who can see which modules and sections.
What measures prevent unauthorised access?
We employ:
Multi-factor authentication (MFA)
Role-based access controls
Activity monitoring
Logged access records
What should I do if I suspect unauthorised access?
Change your password immediately
Ensure 2FA is enabled
Review audit logs
Contact support
Regulatory Compliance & Standards
Do you comply with GDPR?
Yes. We comply with relevant data protection regulations including GDPR, ensuring data is handled lawfully and responsibly.
Do you have third-party security certification?
We are in compliance with CREST standards, following an audit undertaken by an independent third-party specialist cybersecurity organisation frequently used by UK private equity firms.
Their audit was performed in accordance with CREST standards.
Is Diligentsia FCA regulated?
No. We are advised that FCA regulation is not required at this stage.
How do you ensure compliance with industry-specific regulations?
We monitor regulatory developments and adjust our practices where required.
AI & Third-Party Services
Do you use subcontractors or third-party services?
Yes. For example:
AWS (infrastructure)
Stripe (payments)
All subcontractors with data access are vetted and bound by strict confidentiality agreements.
Do you send our data to AI platforms?
Many of our services use AI.
Where third-party AI platforms are used:
This is made clear in reporting.
We do not access the contents of your uploaded data files.
We do not send file contents to AI platforms.
In limited cases (such as the Filing Assistant), text such as filenames may be processed to assist in file organisation.
Data Ownership & Retention
Who owns our data?
You retain full ownership of your data at all times. We process it only in accordance with our agreement.
What is your data retention policy?
We retain data as long as necessary to provide our services. After this, data is securely deleted in accordance with our data retention policy.
How do you handle deletion requests?
Upon request, we securely delete your data and confirm deletion.
Do you support data portability?
Not formally, however you can:
Download PDF versions of module reports.
Sync your Data Repository with Drive, SharePoint or Dropbox.
If you wish to back up AppStore modules or AnyList Checklist Builder files, you must create user-defined sections within your Data Repository so they are included in your external Data Room sync.
Payments & Financial Security
Do you store my credit card information?
No. Payments are processed via Stripe (www.stripe.com). We do not store your credit card details on our platform.
Company Information & Ownership
Who owns Diligentsia?
Diligentsia Limited is majority-owned by Mark Bernstein ACA, the founder and a UK resident. He qualified as an accountant with EY and has served on VC-backed and listed company boards for over thirty years, taking early-stage businesses through investment, growth and IPO.
The remainder of the company is owned by the management team.
Breach & Incident Handling
How do you handle data breaches?
In the unlikely event of a breach:
A predefined incident response plan is activated.
The issue is addressed promptly.
Affected parties are notified as required by law.
Audit & Transparency
Can we audit your security practices?
Yes. We can provide documentation of our security practices upon request.
Data Sales & Privacy
Do you sell our data?
No. We do not sell client data to third parties. See our Data Privacy Policy on www.diligentsia.co.uk for further details.
Practical Support
What support is available?
24/7 bot-based support
Human support via booked calls through our website
Frequently Raised Questions
Is my data safe with you?
No platform can guarantee 100% security.
However, we believe we have taken reasonable and robust steps to protect your data, including:
AWS cloud hosting
Independent cybersecurity audits
Internal security policies
Encryption and access controls
If you require further documentation, we are happy to share it after validating your identity.
Troubleshooting
Why can’t I access my data?
Check your permissions and login account. Contact your admin if required.
Why isn’t my Data Room syncing?
Verify your cloud provider connection and re-authorise if necessary.
Why can’t I access audit logs?
Only authorised users can access logs.
How do I report a vulnerability?
Contact support immediately with details.
Why is MFA not working?
Check authenticator setup, SMS configuration, or time synchronisation on your device.