Privacy Policy

Effective Date: February 7, 2026

Last Updated: February 2026

Introduction

DDee.ai, Inc. (“DDee.ai,” “we,” “us,” or “our”) respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our commercial real estate due diligence platform and related services (collectively, the “Services”).

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Services.

1. Information We Collect

1.1 Information You Provide

  • Name
  • Email address
  • Company/organization name
  • Documents you upload for analysis (leases, financial statements, property reports, etc.)
  • Notes and comments you create within the platform
  • Deal information and metadata you provide
  • Billing address
  • Payment method details (processed by third-party payment processors)
  • Support requests and correspondence
  • Feedback and survey responses

1.2 Information Collected Automatically

  • Features used and actions taken
  • Time spent on platform
  • Module execution history
  • IP address
  • Browser type and version
  • Operating system
  • Session cookies (required for authentication)
  • Analytics cookies (with consent where required)
  • Preference cookies

1.3 Information from Third Parties

When you authenticate via SSO (Okta, Azure AD, Google Workspace), we receive your name, email, and organizational information as configured by your administrator.

If your employer or organization has a business relationship with us, we may receive your contact information to provision your account.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Providing and Improving Services

  • Process and analyze documents you upload
  • Generate due diligence reports and insights
  • Maintain and improve the platform

2.2 Account Management

  • Create and manage your account
  • Authenticate your identity
  • Provide customer support

2.3 Business Operations

  • Process payments and billing
  • Enforce our terms of service
  • Protect against fraud and abuse

2.4 Analytics and Improvement

  • Understand how users interact with our Services
  • Analyze usage patterns to improve user experience
  • Conduct research and development

2.5 Communications

  • Send product updates and announcements
  • Respond to inquiries and support requests
  • Send marketing communications (with consent)

3. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

3.1 Service Providers (Subprocessors)

We share information with third-party service providers who perform services on our behalf, including:

ProviderPurposeData Shared
AWSDocument storage, infrastructureUploaded documents
VercelApplication hostingApplication data
NeonDatabase hostingAccount and deal data
ClerkAuthenticationAuthentication data
OpenAI/AnthropicAI document analysisDocument content (not retained)
StripePayment processingPayment information
SentryError monitoringError logs (anonymized)

For a complete list of subprocessors, see our Subprocessor List.

3.2 Your Organization

If you access our Services through an organizational account:

  • Your organization’s administrators may access your account information
  • Your organization may view usage data and audit logs
  • Your organization controls its data retention and deletion

3.3 Legal Requirements

We may disclose information if required by law or if we believe disclosure is necessary to:

  • Comply with legal process or government requests
  • Protect our rights, property, or safety
  • Protect the rights, property, or safety of our users or others

3.4 Business Transfers

In connection with a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.

3.5 With Your Consent

We may share information with your consent or at your direction.

4. AI and Document Processing

4.1 How AI Processes Your Documents

When you upload documents, our AI systems:

  • Extract text and analyze content
  • Generate structured data (lease abstracts, financial analysis)
  • Identify findings and insights

4.2 AI Training Policy

  • Documents are processed using commercial AI APIs
  • All AI providers have contractual commitments not to train on your data
  • Processing is stateless - AI providers do not retain your document content

4.3 Human Review

  • AI-generated results may be reviewed by our team for quality assurance
  • Human review is conducted under strict confidentiality
  • You may opt out of quality assurance review by contacting us

5. Data Retention

5.1 Retention Periods

Data TypeRetention Period
Account informationDuration of account + 30 days
Uploaded documentsDuration of service + 30 days
Analysis resultsDuration of service + 30 days
Audit logs7 years
Payment records7 years (legal requirement)

5.2 Deletion

  • You may delete deals and documents at any time
  • Deleted data is removed from active systems within 30 days
  • Backup data is removed within 60 days

6. Data Security

We implement appropriate technical and organizational measures to protect your information:

  • Data encrypted at rest (AES-256) and in transit (TLS 1.3)
  • Role-based access with multi-factor authentication
  • All access logged and monitored

For detailed security information, see our Security Whitepaper.

7. Your Rights and Choices

7.1 Access and Portability

  • Access your personal information through your account settings
  • Export your data in machine-readable format
  • Request a copy of information we hold about you

7.2 Correction

  • Update your account information at any time
  • Request correction of inaccurate information

7.3 Deletion

  • Delete your account and associated data
  • Request deletion of specific data
  • Note: Some data may be retained for legal compliance

7.4 Restriction and Objection

  • Object to certain processing activities
  • Request restriction of processing in certain circumstances

7.5 Opt-Out

  • Opt out of marketing communications
  • Manage cookie preferences
  • Disable optional analytics

7.6 Exercising Your Rights

To exercise your rights, contact us at: privacy@ddee.ai

We will respond within 30 days (or as required by applicable law).

8. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

You may request information about categories of personal information collected, sources, business purposes, and third parties shared with.

You may request deletion of your personal information, subject to certain exceptions.

We do not sell personal information. If this changes, we will provide opt-out mechanisms.

We will not discriminate against you for exercising your privacy rights.

You may designate an authorized agent to submit requests on your behalf.

privacy@ddee.ai

9. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

  • Necessary to provide our Services
  • To improve and secure our Services
  • For marketing communications and optional features

Right to access, rectification, erasure, restriction, portability, objection, and rights related to automated decision-making.

Your data may be transferred to the United States. We use appropriate safeguards including Standard Contractual Clauses (SCCs) and Data Processing Agreements.

dpo@ddee.ai

You have the right to lodge a complaint with your local data protection authority.

10. International Data Transfers

We implement appropriate safeguards for international transfers:

  • Standard Contractual Clauses
  • Data Processing Agreements
  • Encryption of data in transit and at rest

11. Children’s Privacy

Our Services are not intended for children under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected information from a child, we will delete it promptly.

12. Cookies and Tracking

12.1 Types of Cookies We Use

Cookie TypePurposeDuration
EssentialAuthentication, securitySession
FunctionalPreferences, settings1 year
AnalyticsUsage understanding1 year

12.2 Managing Cookies

  • Browser settings can block or delete cookies
  • Essential cookies cannot be disabled (required for service)
  • Analytics cookies require consent where required by law

12.3 Do Not Track

We respect Do Not Track signals where technically feasible.

13. Third-Party Links

Our Services may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Email notification to account holders
  • Prominent notice on our website
  • In-app notification

Your continued use of our Services after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or our privacy practices: