This policy explains how OpsFi handles personal data of portal users of Diligence Forge (borrowers, target-company representatives, and their contacts), for whom OpsFi is the data controller. Where OpsFi processes data on behalf of a lender or FDD-provider customer, OpsFi is a processor and that customer’s notice and the Data Processing Agreement govern.
What we collect
Account & identity; authentication & security data (including a secure session cookie, IP and user-agent for security); the deal-collaboration content you provide; consent records; and usage/audit logs. We do not sell personal data and do not allow AI providers to train on your content.
Why
To provide and secure the service, comply with legal obligations (including demonstrable consent and financial-record retention), and for the legitimate interests of operating a secure diligence platform.
Sharing & international transfers
With the sub-processors listed in our sub-processor register, each under contract. Some are outside the UK/EEA; transfers rely on the UK IDTA / EU SCCs.
Retention
Account data for the life of the account; financial, audit and contractual records for a statutory minimum (currently 7 years); transient data sooner. Erasure does not remove records we must retain by law — those are de-identified instead.
Your rights
Access and a portable copy, rectification, erasure, restriction, and objection. Use “Download my data” and “Erase my data” on your account page. You may complain to the UK ICO or your local supervisory authority.