At Diligentsia, we keeping your data secure is very important. Whether you're storing sensitive client information or running your company's operations, we want you to know that your data is protected. This article answers some of the most common questions about data security and privacy, helping you understand how we keep your information safe. From encryption methods and compliance with laws like GDPR to how your data is backed up and who has access to it, we’ll walk you through the key measures in place to give you peace of mind when using our platform. These FAQs should answer most of your questions and show that your data and info is secured tightly.

We implement robust security measures, including encryption, regular security audits, and strict access controls, to ensure your data is protected at all times.

All data is encrypted both at rest and in transit using industry-standard protocols like AES-256.

Yes, we are fully compliant with relevant data protection regulations such as GDPR, ensuring your data is handled according to legal requirements.

Your data is securely stored on AWS servers located in regions that comply with international security standards. Your data is NOT sent to, or held on servers in the USA.

Access to your data is strictly controlled and limited to authorized personnel who require it for support purposes; all access is logged and monitored. In addition to our own staff and contractors, you yourself can monitor access to your companies’ data on our platform through a team permissions structure. You control access of your company’s data to advisors and investors.

We perform regular cloud data backups performed and have a comprehensive disaster recovery plan to ensure data integrity and availability.

We employ multi-factor authentication, role-based access controls, and monitoring to prevent unauthorized access.

Yes, we are in compliance with Crest, demonstrating our commitment to security best practices. This has been provided subsequent to audits undertaken by an independent third party specialist cybersecurity organization that is frequently used by large UK private equity firms to undertake cybersecurity audits on their portfolio companies and potential investments. They are Crest accredited and have performed their audit in accordance with those standards.

In the unlikely event of a data breach, we have a predefined incident response

plan to quickly address the issue and notify affected parties as required by law.

We welcome audits and can provide detailed documentation of our security practices upon request.

We stay up-to-date with industry regulations and adjust our practices to ensure

compliance where required.

You retain full ownership of your data at all times; we only process it as per our

agreement.

Client data is logically segregated to prevent any cross-access between different

clients' data. We hold your data in the cloud on separate servers from those used

for development, in industry-standard databases.

We use trusted third-party services like AWS for infrastructure. Any subcontractors

with access to data are thoroughly vetted and bound by strict confidentiality

agreements.

Many of our services add value through the use of AI. Where we use third party

AI-platforms we make this clear in our reporting. However, we DO NOT access

the contents of data files you provide us nor send these to AI platforms, but may

send the text of filenames out in applications such as our Digital Assistant to

assist in the filing of the files within the Data Repository.

We retain data as long as necessary to provide our services, after which it is securely deleted in accordance with our data retention policy.

Upon request, we will securely delete your data from our systems and confirm the

deletion.

Not as such, although you can:

a) Download .pdf files of each of your module reports.

b) Sync our Data Repository with your chosen cloud provider – Drive, Sharepoint or

Dropbox. Please note that if you want to backup your files added as part of our

AppStore modules or AnyList Checklist Builder modules, you will need to create

additional user-defined sections within your Data repository to ensure that they

are backed up to your chosen Data Room.

We offer 24/7 bot-based customer support to assist you with any issues or

concerns you may have, and human customer support through our book a call

feature through our web site.

We regularly update our software and infrastructure to protect against emerging

security threats, following best practices and threat intelligence.

Yes, we can provide references demonstrating how we've successfully secured

data.

Within our Data Repository you can sync any files you upload with your chosen

Data Room (Drive, Dropbox, Sharepoint) and therefore treat your Data Room as a

backup, and all reports can be downloaded in .pdf form.

Diligentsia Limited is majority-owned by Mark Bernstein ACA, the founder and a

UK resident. He qualified as an accountant with EY and has sat on VC-backed

and listed company boards for thirty years. He has taken a number of early-stage

businesses through investment, growth to IPO.

Diligentsia Limited is majority-owned by Mark Bernstein ACA, the founder and a

UK resident. The remainder is owned by the management team.

No one can guarantee 100% security. However, we have taken what we believe

to be reasonable steps to protect your and your clients’ data – this is the bedrock

of our business. Our platform and your data is hosted on AWS in the cloud, we

take robust measures, involving a third party cybersecurity expert organisation

and have detailed internal policies. If you have concerns and want further

information, we are delighted to share this with you (once we have validated you!).

No – our payments services are provided by Stripe (www.stripe.com). We do not

store your credit card information on our platform.

No, we are advised that we are not required to be at this stage.

No, we do not sell your data to third parties! Please see our Data Privacy Policy

(available on our website – www.diligentsia.co.uk) for further information.

Yes. The permissions features on our platform allow you to determine who gets to

see what.

A: Ensure you have the correct permissions and are logged in with the appropriate account. Contact your admin or support if the issue persists.

A: All data is encrypted automatically during storage and transit. You can check encryption settings in your user agreements or contact support for more information.

A: Check your internet connection and verify that your chosen cloud provider (Drive, Dropbox, or SharePoint) is connected. Reauthorize the connection if necessary.

A: Immediately change your password, enable two-factor authentication, and review the audit logs to identify any suspicious activity. Contact support for further assistance.

A: Refresh your dashboard and check the upload logs. If the issue persists, confirm that the data was uploaded to the correct folder in the Data Repository.

A: Check the backup logs in the Data Repository or sync reports for confirmation. You can also verify files in your connected Data Room.

A: Certifications are saved in your account. Navigate to the Certification Module in your dashboard to re-download them.

A: Ensure the request was submitted correctly. If it’s been delayed, contact support to confirm the status of your request.

A: Files tied to active processes or modules may require additional permissions or manual intervention. Review your access permissions or contact support.

A: Contact your admin or review your user permissions in the settings. Only account owners or designated admins can modify permissions.

A: Ensure you have the appropriate permissions to view audit logs. Navigate to the “Logs” section of your dashboard to review changes.

A: Contact support immediately and provide details about the suspected vulnerability. Our team will investigate and take action as necessary.

A: Ensure your authenticator app, SMS, or email is set up correctly. Check for time synchronization issues on your devices.

A: All data stored on our platform complies with GDPR. Review your Data Privacy Policy or contact support for additional documentation.

A: Ensure you’ve authorized Diligentsia to access your cloud account. Check for API issues with your provider and retry the connection.

A: Only users with admin or specific permissions can access the audit log. Contact your account owner to grant you the necessary access.

A: Payments are processed securely through Stripe, and no credit card information is stored on the platform. Contact Stripe for transaction details if needed.

A: Confirm that the third-party service (e.g., Drive, Dropbox) is supported and properly authorized. Reconnect the integration and try again.

A: Contact your admin to verify if access was intentionally removed. If it was unintentional, they can reinstate your permissions.

A: Review the documentation provided in your dashboard or contact support for detailed compliance reports tailored to your industry.