Security & Data Handling

Your data room documents are treated with the confidentiality M&A demands.

We process some of the most sensitive documents in business. This page explains exactly what happens to your files, where they go, who can access them, and when they are deleted.

Zero Data Retention. Zero Model Training.

Your data is strictly isolated to your deal environment and is never used to train AI models, never shared across clients, and never retained beyond your engagement. Each document is processed via a private, enterprise-grade Anthropic API endpoint operating under a zero-retention agreement — data is not stored by Anthropic post-request. The temporary processing copy is deleted immediately after analysis. This is enforced at the infrastructure level — not a policy choice.

Clean Team NDA Available

We execute a standard M&A Mutual Non-Disclosure Agreement before any data room is shared. To request a copy before your engagement begins, reach us at contact@velintis.ai

Data Flow

What happens to your documents

01

Upload

Documents are uploaded via TLS 1.3 encrypted connection. Your advisor sends you a secure, time-limited upload link. Files go directly to your deal workspace.

02

Storage

Files are stored in AWS S3 (Mumbai region) with AES-256 server-side encryption. Every deal has its own isolated storage path. No cross-deal access is possible at the storage layer.

03

Processing

Documents are downloaded to a temporary processing environment, analysed by Claude AI in an isolated session, then the temporary file is deleted immediately. The AI does not retain or train on your documents.

04

Results

Synergy findings, evidence, and values are stored in your deal database. Only you and your advisor can access them. Results are never shared with other clients or third parties.

05

Deletion

All files are deleted immediately upon client sign-off of the final report, or within 30 days of deal closure — whichever comes first. This is not a policy choice; it is enforced at the infrastructure level. Database records are retained for your engagement history unless you request deletion.

Encryption

Industry-standard encryption at every layer

In Transit
TLS 1.3

All data transferred between your browser, our servers, and AWS is encrypted using TLS 1.3. This includes uploads, API calls, and report downloads.

At Rest
AES-256

Every file stored in AWS S3 is encrypted at rest using AES-256 server-side encryption with Amazon-managed keys (SSE-S3).

Access Control
IAM + Clerk

Files are accessed only by the application using scoped IAM credentials. User authentication is managed by Clerk with session-based access control.

AI Processing

How your documents are used in AI analysis

Isolated sessions

Each document is processed in an independent API call to Claude. There is no shared context between your documents and any other client's data.

No training on your data

Anthropic's enterprise API does not use submitted content to train AI models. Your documents are not retained by Anthropic after the API call completes.

Temporary processing only

Documents are downloaded from S3 to a temporary directory for processing, then deleted immediately after. Nothing is cached or persisted on the processing server.

Audit trail

Every upload, processing event, and access is logged with timestamp, file name, and status. Your advisor has full visibility over what was processed and when.

File Transfer Options

How clients choose to share documents

We work with whatever document sharing method your organisation is comfortable with. You are in control.

Secure Upload Link

Recommended

Your advisor generates a secure, time-limited upload link specific to your deal. You drag and drop files directly into your deal workspace. No login required.

+No account required
+Time-limited link expires automatically
+Files go directly to your deal
+Branded Velintis portal

Google Drive / SharePoint

Share a folder from your existing Google Drive or SharePoint with your advisor. They upload to the platform on your behalf. You retain full control of your cloud storage.

+Use infrastructure you already trust
+You control sharing and revocation
+No new accounts or portals
+Works for large document volumes

Direct Transfer

For organisations with specific compliance requirements, documents can be transferred via encrypted email, SFTP, or enterprise file transfer tools.

+Accommodates compliance requirements
+Flexible to your organisation policy
+Agreed method documented in engagement
Subprocessors

Third-party services we use to process your data

We are transparent about every service that touches your data.

ServiceRoleLocationCertification
AWS S3File storageSecure Cloud InfrastructureISO 27001, SOC 2
Anthropic ClaudeAI document analysisUnited StatesEnterprise API · Zero Retention
VercelApplication hostingGlobal CDNSOC 2 Type II
Managed DatabaseDatabaseSecure Cloud InfrastructureISO 27001
ClerkAuthenticationUnited StatesSOC 2 Type II
Questions?

Questions about how we handle your data?

Read our full Data Processing Agreement or contact us directly. We respond within 24 hours.

Read the DPAReach Us