PRIVACY POLICY (GDPR)

Effective date: [25 November 2025]

Data Controller:
Quokka SARL
58 Boulevard Marcel Cahen, L-1311 Luxembourg
Register number: B280011
VAT: LU35321866
Email: ai@dataroom.pro

This Privacy Policy explains what personal data we collect, why we collect it, how we use it,and your rights under the GDPR.

1. What data we collect

1.1 Data you provide

When you create an account or use DataRoom, we collect:

  • Name
  • Email address
  • Phone number
  • Company name
  • User role (e.g., Startup / Investor)
  • Documents and files you upload to Data Rooms
  • Content metadata (file names, sizes, upload dates, permissions)
  • Collaboration data (who you invite, who accessed or downloaded files)

1.2 Data collected automatically

We collect technical and usage data necessary for operating and securing the platform:

  • IP address
  • Device / browser / OS information
  • Language and time zone
  • Audit and security logs (logins, file access, sharing actions, error events)
  • Performance and reliability logs

1.3 Landing page

At the moment, the landing page does not run analytics or marketing cookies.Standard hosting logs may still record basic technical data (e.g., IP, user-agent) for security

2. Why we process your data (purposes)

We process personal data to:

  1. Create and manage your account
    • registration, email verification, login, password recovery.
  2. Provide DataRoom functionality
    • create Data Rooms, upload/store/share documents, manage roles and access,invite collaborators.
  3. Send transactional communications
    • account confirmations, invitations, access notifications, system/servicemessages.
  4. Process payments
    • one-time payment for Lifetime Access via Stripe; handle receipts, refunds,and tax obligations where required by law.
  5. Ensure security and prevent abuse
    • fraud detection, intrusion prevention, monitoring misuse, maintaining audittrails.
  6. Provide customer support
    • respond to requests, troubleshoot issues, investigate incidents
  7. Improve the product
    • analyze technical usage patterns and logs to enhance reliability and features.
  8. Future analytics on landing page
    • if we enable Google Analytics later, it will be only after your explicit cookieconsent via a compliant banner.

3. Legal bases (GDPR Art. 6)

We rely on the following legal grounds:

  1. Performance of a contract
    • to register you, provide the DataRoom service, and deliver Lifetime Access.
  2. Legitimate interests
    • security, fraud prevention, platform stability, technical logging, productimprovement.
  3. Legal obligation
    • accounting and tax retention for payments.
  4. Consent
    • will apply later for Google Analytics or any marketing cookies on the landingpage.

4. Data retention

  • Account data and Data Room content are kept while your account is active.After you delete your account, we delete or anonymize your personal data andcontent within 14 days
  • Audit, security, and technical logs are stored for 90 days.
  • Backups are retained for 7 days.
  • Payment records are retained as required by financial/tax law.We do not store full card numbers; payments are processed by Stripe.

5. Sub-processors (third-party service providers)

We use trusted service providers only to operate the service. They may process personaldata on our behalf under GDPR-compliant agreements.

Sub-processor Purpose Data involved Location / notes
DigitalOcean Hosting & storage account data, documents, logs Germany (Frankfurt, fra1)
Mailgun Transactional email delivery email, name, email metadata infrastructure may include access outside EEA; safeguards apply
Stripe Paymentprocessing payment data, email, name, tax info if needed global infrastructure; safeguards apply

We do not sell your data and do not share it with advertisers. If sub-processors change, thislist will be updated

6. International transfers

Core platform data is hosted in the EU (Germany).Mailgun and Stripe may involve processing or access from outside the EEA. In such cases,we use GDPR-approved safeguards (e.g., SCCs or adequacy mechanisms).

7. Security measures (summary)

We apply technical and organizational measures to protect your data, including:

  • HTTPS/TLS encryption in transit
  • encryption at rest on storage volumes
  • role-based access control and least-privilege principles
  • audit logging and monitoring
  • regular backups (7-day retention)

8. Your rights

You have the right to:

  • access your data
  • correct inaccuracies
  • delete your data
  • restrict or object to processing
  • data portability
  • withdraw consent (where consent applies)

To exercise your rights, contact ai@dataroom.pro. We respond within 30 days.

9. Complaints

You can lodge a complaint with your local Data Protection Authority.For Luxembourg: CNPD (Commission Nationale pour la Protection des Données)

10. Changes to this Policy

We may update this Policy. The latest version is always published on our website.If changes are material, we will notify you via email or in-product notice.

Join the waiting list

Get early access and be the first to know when new features launch.

We’ll notify you as soon this launches. No spam, unsubcribe anytime.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.