• Corporate Supply Chain Due Diligence
  • Startup Due Diligence
  • About Us
  • Pricing

    • Privacy Policy

    This policy describes how DueSphere AI handles data.

    Data Collection

    We collect information necessary to provide and improve our services.

    Use of Data

    Data is used to operate features, maintain security, and comply with legal obligations.

    Your Rights

    You may contact us to exercise rights related to access, correction, or deletion of your data.

    --> DueSphere AI - Privacy Policy

    Privacy Policy

    Effective Date: December 2025
    Last Updated: December 2025

    Duesphere AI (“we”, “our”, or “us”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services.

    1. Who Are We (Data Controller Identity)

    Duesphere AI is a technology platform providing AI-powered worker voice and corporate supply chain due diligence reporting services.

    For privacy inquiries, contact us at: [Add company email here]

    2. What Data We Collect

    Our platform is designed to operate without intentionally collecting or storing personal data from workers. From worker interactions, we process chatbot messages, limited employment-related context, and any documents or images submitted for analysis. These materials are processed temporarily and are not stored after processing. Any personal data that may be incidentally included is automatically detected and redacted.

    From client companies, we collect only the minimum information required to create and manage administrator access. Companies may upload supply chain materials, policies, and compliance documents. We also process due diligence reports and system access logs.

    3. How We Collect Data

    Data is collected through direct user interactions and processed solely for the purposes defined in this Policy under GDPR. Worker information is received through chatbot conversations and uploaded files and processed on the basis of consent and legitimate interest. Client company information is collected during dashboard account setup and document uploads and processed on the basis of contractual necessity.

    4. Why We Collect Data (Purpose of Processing)

    We process information to operate and improve our services and fulfill legal and contractual obligations. Worker data is used only for chatbot support and analysis, while client company data is used for dashboard access, compliance analysis, reporting, and security. We do not use data for advertising, marketing, or sale of personal data.

    5. Legal Basis for Processing

    We process data in accordance with Article 6 of the GDPR. Worker interactions are processed based on consent and legitimate interest, with automatically redacted personal data. Client company data is processed on the basis of contractual necessity and legal obligations. Users may withdraw consent at any time.

    6. Use of AI & Automated Decision-Making

    Our platform uses AI to analyze data, generate anonymized insights, detect risks, and support due diligence reporting. Automated processing does not produce decisions with legal or significant effects on individuals without human review. Any personal data is automatically detected and excluded from long-term processing.

    7. Who We Share Data With

    We do not sell personal data. Data may be shared with trusted third parties strictly necessary for service operation (cloud providers, security services, AI processing). Worker data is shared with companies only as aggregated, anonymized insights. We may disclose data where required by law.

    8. International Data Transfers

    Our systems may process data in multiple regions. Where international transfers occur, we apply safeguards such as encryption, access controls, and contractual protections to ensure compliance with data protection laws.

    9. Data Retention Period

    We retain data only as long as necessary. Worker conversations are stored as anonymized data for three months. Uploaded files are processed temporarily and not stored. Client documents and reports are retained for the duration of the contract or legal requirements.

    10. Data Security Measures

    We implement strong security measures including encryption, access controls, secure cloud infrastructure, monitoring, and security assessments. Access to data is limited to authorized personnel under confidentiality obligations.

    11. User Rights

    Users have rights under GDPR: access, correction, deletion, restriction, objection, and data portability. Users may also withdraw consent at any time. Requests can be submitted through our contact details.

    12. Children’s Privacy

    Our services are not intended for children under 16. We do not knowingly process children’s data. If discovered, such data will be deleted.

    13. Cookies & Tracking

    We use only essential cookies necessary for platform operation, security, and performance. We do not use cookies for advertising or profiling. Users may control cookie settings in their browser.