Privacy Policy

1. Information We Collect

1.1 Document Data

We receive and process financial documents you forward to your designated Accrue Flow email address, including but not limited to: capital call notices, K-1 tax forms, subscription agreements, amendments, distribution notices, and side letters. This includes all content within these documents and associated metadata (sender, timestamp, subject line).

1.2 Alert Data

We generate and store extracted information such as deadlines, amounts, fund names, due dates, penalty clauses, and risk classifications. This data is retained for 30 days then permanently deleted.

1.3 Account Information

We collect your name, email address, phone number for escalation, and professional details necessary for service provision. We do NOT collect Social Security Numbers, bank account credentials, or investment account numbers.

2. How We Use Your Information

2.1 Service Delivery

Your information is used exclusively to:

• Extract and verify financial deadlines
• Generate alerts and reports
• Provide customer support
• Fulfill our SLA obligations

2.2 Prohibited Uses

We explicitly DO NOT:

• Sell, rent, or trade your data
• Use your data to train general AI models
• Share your data with third parties (except subprocessors listed below)
• Provide investment, tax, or legal advice based on your data

3. Data Retention & Deletion

3.1 30-Day Policy

All documents and extracted data are automatically and permanently deleted 30 days after processing. Deleted data cannot be recovered. Clients may request earlier deletion at any time.

3.2 Exception

Only anonymized metadata necessary for billing and SLA compliance (document count, alert timestamps) is retained beyond 30 days in an encrypted analytics database that cannot be traced to individual clients.

4. Data Sharing & Subprocessors

4.1 Zero Disclosure

We share zero client-identifiable information with third parties. Our subprocessors receive only anonymized, encrypted tokens:

• AWS: Hosting infrastructure (document storage, processing)
• Cloudflare: Email security and DDoS protection
• Stripe: Payment processing (billing details only)

4.2 No GP Disclosure

We never communicate with General Partners or fund administrators on your behalf. All alerts are delivered privately to you and your designated recipients only.

5. Your Rights & Controls

5.1 Access & Export

Within the 30-day retention window, you may request a complete export of all your data in machine-readable format (JSON). Requests are fulfilled within 24 hours.

5.2 Data Portability

You may request immediate deletion of all data. Deletion is irreversible and confirmed within 2 hours.

5.3 Opt-Out

You may terminate service and request complete data deletion with 30 days written notice. No data is retained post-termination.

6. Privacy-First Architecture

6.1 Confidential Computing

Document processing occurs within AWS Nitro Enclaves—isolated compute environments where even AWS cannot access memory contents.

6.2 No Telemetry

We do not use analytics cookies, tracking pixels, or telemetry that could associate your browsing behavior with your identity. Our website uses only essential functional cookies.

7. NDA & Confidentiality

We execute a mutual NDA where we are bound to stricter confidentiality obligations than you. Our NDA includes:

• Perpetual confidentiality survival clause
• No "residuals" clause (we cannot retain knowledge in our heads)
• Specific performance remedy (you can get an injunction)

8. Compliance Frameworks

• 8.1 GDPR (For EU Clients)We act as a Data Processor. You are the Data Controller. We support your GDPR compliance with data portability, deletion rights, and breach notification.
• 8.2 CCPA/CPRA (California)We do not "sell" personal information. You have absolute right to deletion and disclosure of data practices.
• 8.3 State LawsWe comply with all applicable state privacy laws (Virginia CDPA, Colorado CPA, etc.) through our universal privacy-by-design architecture.