Privacy policy.

We only collect what we need to run Diligent for you. We do not sell your data. We do not use your data to train third-party models. EU customers run on EU infrastructure; US customers run on US infrastructure.

The rest of this page is the long version. If something here doesn't answer your question, email hi@diligent.sh.

Diligent is operated by Diligent AI Solutions Private Limited. When this policy says “we” or “Diligent”, that's us. Our website is diligent.sh.

We collect three kinds of data:

• Account data — name, work email, company, and role. You give us this when you apply for early access or sign in.
• Connected platform data — campaign, ad-set, ad, and revenue data from the ad and analytics platforms you connect (Meta, Google Ads, GA4, Shopify, and others). We only read the scopes we need, and you can disconnect at any time.
• Product usage — pages visited, features used, and the prompts you send to Diligent. We use this to make the product better.

We do not collect special-category data (health, biometric, political opinions), and we don't want it. Please don't paste it into Diligent.

We use your data to:

• Run the product — pull metrics, generate insights, send alerts.
• Communicate with you about your account, security, and product updates.
• Improve the product — debug issues, measure performance, ship features.
• Meet our legal obligations.

We do not sell your data. We do not share your data with advertisers. We do not use your data, or the data of platforms you've connected, to train foundation models.

Diligent uses large language models from established providers (currently Anthropic and OpenAI) to power chat and analysis. We send these providers only the context needed for a given task, and we use enterprise endpoints with zero data retention and no training on submitted data.

We use a small number of subprocessors for hosting, monitoring, email, and billing. A current list is available on request from hi@diligent.sh.

EU customers run on EU infrastructure. US customers run on US infrastructure. We don't move data between regions. Backups stay in the same region as the primary data.

We keep account data while your account is active and for up to 12 months after you close it, then we delete it. Connected platform data is kept for as long as your account is active; you can request earlier deletion at any time.

We may keep limited information longer where the law requires it (for example, invoices for tax purposes).

Wherever you live, you can ask us to access, correct, export, or delete your personal data. Depending on where you are, you may have additional rights:

• India — see India and the DPDP Act below.
• EU, EEA, and UK — see our GDPR page.

To exercise any of these rights, email hi@diligent.sh. We'll reply within 30 days.

We're an Indian company, headquartered in Gurugram, and we treat the Digital Personal Data Protection Act, 2023 as the floor for how we handle your data. Under the DPDP Act, you are a Data Principal and we are a Data Fiduciary.

As a Data Principal, you have the right to:

• Get a summary of the personal data we hold about you and how we process it.
• Have inaccurate or incomplete data corrected, updated, or completed.
• Have your personal data erased once we no longer need it for the original purpose.
• Nominate another person to exercise these rights on your behalf in case of death or incapacity.
• Withdraw consent at any time, where consent is the basis for processing.
• Have a grievance heard and addressed by our Grievance Officer.

Grievance Officer. You can reach our Grievance Officer at hi@diligent.shwith the subject line “Grievance Officer”. We'll acknowledge your complaint within 7 days and resolve it within 30 days. If you're not satisfied with the outcome, you can escalate to the Data Protection Board of India.

Data is encrypted in transit (TLS 1.2+) and at rest. Access to production data is limited to a small number of engineers and audited. We require SSO and 2FA for all internal systems. If you believe you've found a security issue, please email hi@diligent.sh.

We use a small set of first-party cookies to keep you signed in and to measure how the product is used. We don't use third-party advertising cookies on our app or marketing site.

If we make material changes to this policy, we'll let you know by email and update the date at the top. Continued use after a change means you accept the updated policy.

For privacy or general questions, email hi@diligent.sh. Postal mail can be sent to Diligent AI Solutions Private Limited, WeWork DLF Two Horizon Centre, DLF Phase 5, Sector 43, Golf Course Road, Gurugram, Haryana 122002, India.