Privacy Policy

Information covered by this Policy

This Policy applies to information that Custiligence receives through the public website, contact forms, intake forms, direct communications, scheduling activity, diligence coordination, interviews, and related business operations.

The information may include personal information, business contact information, company information, fundraising context, investor or customer reference context, interview notes, and operational records used to evaluate, coordinate, or deliver Custiligence services.

Information we may collect

The categories of information Custiligence may collect depend on how you interact with us and what information you or your organization choose to provide.

• Contact and business identifiers, such as name, work email address, company or firm name, role, and business affiliation.
• Inquiry and intake information, such as fundraising stage, industry, company website, desired timeline, package interest, customer count, main concerns, and message content.
• Customer diligence information, such as customer account references, participant names, titles, business contact details, scheduling context, interview topics, interview notes, diligence summaries, and related engagement records.
• Communications information, such as emails, form submissions, calendar coordination, call notes, and other messages exchanged with Custiligence.
• Website and security information, such as raw IP address, IP hash, browser type, device information, request logs, pages viewed, timestamps, and information processed by hosting, security, anti-abuse, and form-protection providers.
• Website journey and analytics information, such as visitor_id, session_id, event_id, lead_id, submission_id, first-party cookie values, referral source, campaign or query parameters, pages viewed, session timing, Cloudflare-derived geography, browser and device characteristics, engagement events, form path, conversion events, raw IP address, IP hash, and pseudonymous analytics identifiers.
• Lead and identity-linking information, such as person_id and email_id values created after a form submission, deterministic HMAC email identifiers, first-touch and last-touch session attribution, and links between an anonymous website journey and a known business inquiry.
• AI visibility information, such as AI crawler and fetcher user agents, requests for public site files, AI or search assistant referral information, and AI-specific landing URL hints.
• Other information you choose to provide, including information included in attachments, free-text fields, or diligence materials.

Sources of information

Custiligence may receive information directly from you, from your organization, from founders or investors involved in a potential or active diligence process, from customer reference participants, from service providers, or automatically through website hosting and security systems.

If you provide information about another person, customer, investor, company, or business contact, you are responsible for having the right to provide that information to Custiligence and for giving any notices or obtaining any permissions required for your use case.

First-party analytics and AI visibility

Custiligence uses first-party analytics so the site owner can understand how business visitors find, read, and use the public website. This helps Custiligence improve page clarity, reduce friction in inquiry forms, understand which content helps founders and investors, and see whether the right public pages are discoverable.

When you visit the website, Custiligence may set first-party cookies named cst_vid and cst_sid. These cookies support visitor_id and session_id values used to recognize repeat visits and browsing sessions. The cookies are scoped to Custiligence, are not third-party advertising cookies, and are designed for website operations and business analytics.

Custiligence may record page views, web vitals, scroll depth, engagement ticks, CTA clicks, navigation clicks, outbound clicks, form views, form starts, form submission attempts, form submission results, source attribution, UTM values, referrer details, raw IP address, IP hash, Cloudflare-derived country, region, city, postal code, latitude, longitude, timezone, continent, colo, and lead conversion events.

If you submit a form with an email address, Custiligence may normalize that email address, create a deterministic email_id using a secret HMAC process, create or update a person_id, and connect the earlier visitor_id and session_id history to that known business inquiry. Custiligence filters lead form values such as name, email, company, website, role, message content, and inquiry details out of analytics event payloads; verified form submissions still store those values in lead and email records needed to respond to the inquiry.

Custiligence also monitors AI visibility. This may include classifying referrals from ChatGPT, Perplexity, Claude, Copilot, Gemini, Google AI surfaces, Bing AI surfaces, You.com, Phind, Poe, Meta AI, Grok, Brave, Mistral, Andi, and other likely AI or search assistants, and logging AI crawler and fetcher requests.

How we use information

Custiligence may use information for legitimate business purposes connected to operating, protecting, improving, and providing the website and services.

• Responding to inquiries and evaluating whether Custiligence is a fit for a potential project.
• Coordinating customer diligence workflows, scheduling interviews, preparing diligence materials, and delivering agreed work product.
• Communicating with founders, investors, customer reference participants, service providers, and other authorized engagement participants.
• Maintaining records of requests, permissions, process decisions, deliverables, and related business communications.
• Protecting the website, forms, systems, users, and business operations from spam, fraud, abuse, security incidents, and unauthorized access.
• Improving website content, intake flows, service operations, internal templates, and business processes.
• Measuring website journeys, source attribution, form performance, session patterns, content engagement, repeat business visits, and lead conversion paths in order to improve public site operations and inbound workflows.
• Linking anonymous visitor and session history to a known business contact when a form submission provides an email address.
• Understanding whether public Custiligence pages are discoverable by AI assistants, search experiences, crawlers, and related referral sources.
• Operating restricted internal dashboards that help the Custiligence owner review inquiries, analytics, AI visibility signals, and related operational records.
• Creating aggregated or de-identified information that does not reasonably identify a person or company, and using that information for business analysis, service development, or market understanding.
• Complying with legal obligations, enforcing agreements, preserving rights, resolving disputes, and supporting audits, compliance reviews, or business transactions.

How we disclose information

Custiligence may disclose information when reasonably necessary for the purposes described in this Policy, when directed or authorized by the relevant organization or engagement participant, or when legally or commercially appropriate.

• To service providers and vendors that support hosting, security, form protection, email, storage, scheduling, communications, analytics, operations, legal, accounting, or similar business functions.
• To founders, investors, customer reference participants, company representatives, or other people involved in a diligence workflow, consistent with the applicable engagement instructions or permissions.
• To professional advisers, insurers, auditors, and other representatives who need the information to advise or support Custiligence.
• To comply with law, legal process, governmental requests, investigations, subpoenas, court orders, or enforceable rights.
• To protect Custiligence, its customers, website visitors, business contacts, service providers, or others from fraud, abuse, security threats, unlawful conduct, or violations of applicable terms.
• In connection with an actual or proposed merger, financing, acquisition, reorganization, sale of assets, diligence review, bankruptcy, or similar business transaction.
• As aggregated or de-identified information that does not reasonably identify a person or company.

Customer diligence and reference participants

Custiligence workflows may involve information about founders, investors, customer accounts, customer contacts, and reference participants. Custiligence uses this information to coordinate and document the relevant diligence process.

The company, founder, investor, or other party that asks Custiligence to process customer or reference information is responsible for confirming that the requested workflow, disclosures, consents, and permissions are appropriate for that relationship.

Unless a separate written agreement says otherwise, Custiligence may use customer diligence information to deliver the engagement, support related communications, maintain internal records, protect its business, and create aggregated or de-identified insights.

Cookies, analytics, logs, and AI visibility

Custiligence and its hosting, infrastructure, security, analytics, email, and form-protection providers may use cookies, logs, scripts, tokens, first-party identifiers, hashed or pseudonymous identifiers, queues, databases, analytics datasets, and similar technologies to operate the website, protect forms, detect abuse, route traffic, diagnose errors, maintain security, and understand business website activity.

Custiligence may use durable first-party analytics to understand journey and session patterns, referral sources, page engagement, repeat visits, form paths, conversion events, AI referral sources, crawler activity, submitted form event fields, raw IP address, IP hash, Cloudflare-derived geography, and related website operations. Analytics records may be linked to an inbound inquiry or business contact when reasonably needed to understand how a business visitor reached or used the site.

AI-specific landing hints that do not map neatly to a named provider may be stored under a general unknown AI source. Historical log reviews and backfills may be incomplete because older logs may not include the cookies, IDs, referrer details, or event context used by the current analytics system.

Identifiable lead, message, IP, location, and journey information may be made available in internal owner-only dashboards and exports protected by Cloudflare Access and Worker-side authorization checks. Custiligence does not intend to use the website to build consumer advertising profiles from customer diligence participants.

Retention

Custiligence retains information for as long as reasonably necessary for the purposes described in this Policy, including to respond to inquiries, evaluate fit, deliver services, maintain business records, enforce agreements, comply with legal obligations, protect rights, and resolve disputes.

Retention periods may vary based on the nature of the information, the context in which it was collected, the needs of an engagement, legal or accounting requirements, backup cycles, service-provider retention limits, analytics system limits, queue processing, access-log availability, and legitimate business needs. Custiligence may retain aggregated, pseudonymous, or de-identified information for longer periods.

Historical log reviews and analytics backfills may be incomplete because older request logs, Worker logs, AI referrer details, or analytics events may not have been captured or retained. Custiligence may preserve information for longer when needed for legal holds, security investigations, audits, dispute resolution, enforcement, or compliance obligations.

Security

Custiligence uses administrative, technical, and organizational measures intended to protect information in light of the nature of the information and the business context in which it is handled.

No website, transmission, storage system, service provider, or security process is completely secure. Custiligence does not guarantee that information will never be accessed, disclosed, altered, lost, or destroyed.

You should avoid sending highly sensitive personal information, regulated personal information, secrets, credentials, payment card data, health information, or other unnecessary sensitive information through free-text forms unless Custiligence has specifically requested it through an appropriate channel.

Your choices and requests

You may choose not to provide certain information, but Custiligence may be unable to respond to an inquiry, evaluate a project, coordinate a diligence workflow, or provide services without information needed for that purpose.

You may use browser settings or other available controls to limit cookies or similar technologies. Some analytics and attribution records may still be created through server-side logs or security systems when you access the website.

You may use the contact page to ask Custiligence to review, correct, delete, or otherwise address information associated with you. Custiligence may need to verify the request, preserve information for legal or business reasons, or coordinate with the organization that supplied or controls the relevant information.

Custiligence will handle requests consistent with applicable law, the relevant business context, and any separate written agreement that applies to the information.

Children

Custiligence is intended for business users and is not directed to children under 13. Custiligence does not knowingly collect personal information from children under 13 through the website.

United States processing

Custiligence is operated from the United States. If you access the website or provide information from outside the United States, you understand that information may be processed and stored in the United States and in other locations where Custiligence or its service providers operate.

Website terms and acceptance

Custiligence wants the website to be helpful, clear, and easy to use. At the same time, the public website is a general business information channel, not a guaranteed service, advisory relationship, or protected client portal.

By accessing or using the website, you agree that Custiligence, as the Site Owner, may operate the website, protect the website, collect and use information as described in this Policy, and enforce the site-use terms in this Policy and the Terms of Use.

If a separate written agreement with Custiligence applies to a paid or confidential engagement, that written agreement controls for the subject matter it covers. These website terms continue to apply to general website access and public-site use.

No warranties

The website is provided as is, as available, and with all faults.

To the fullest extent allowed by law, Custiligence disclaims all warranties of any kind, whether express, implied, statutory, or otherwise. This includes warranties of accuracy, completeness, reliability, availability, merchantability, fitness for a particular purpose, title, non-infringement, quiet enjoyment, security, compatibility, and freedom from harmful components.

Custiligence does not warrant that the website, analytics systems, forms, dashboard, public content, AI visibility information, referrals, crawler records, or any related functionality will be accurate, complete, secure, uninterrupted, current, error-free, compatible, available, or suitable for any particular purpose.

Limitation of liability

To the fullest extent allowed by law, Custiligence and its affiliates, representatives, agents, service providers, licensors, collaborators, employers, clients, successors, and assigns are not liable for any direct, indirect, incidental, consequential, special, exemplary, punitive, statutory, enhanced, or similar damages arising from or related to the website.

This includes damages for lost data, lost profits, lost revenue, lost opportunities, lost goodwill, business interruption, reputational harm, device damage, system failure, security incidents, reliance, personal injury, emotional distress, or any other loss.

This limitation applies whether a claim is based on contract, tort, negligence, strict liability, warranty, statute, misrepresentation, equity, or any other legal theory, even if Custiligence has been advised of the possibility of such damages.

If liability cannot be fully excluded, Custiligence's total liability will not exceed the greater of one hundred United States dollars or the amount you paid directly to Custiligence to access the website, which will usually be zero. Some jurisdictions do not allow certain exclusions or limitations, so liability is limited to the greatest extent allowed by law in those jurisdictions.

Indemnification

To the fullest extent allowed by law, you agree to defend, indemnify, reimburse, and hold harmless Custiligence and its affiliates, representatives, agents, service providers, licensors, collaborators, employers, clients, successors, and assigns from and against claims, demands, actions, investigations, proceedings, liabilities, damages, losses, judgments, settlements, penalties, fines, costs, and expenses, including reasonable attorneys' fees and legal costs, arising from or related to your website use.

This includes claims or losses connected to your access to or use of the website, your inability to access or use the website, your reliance on website content, your violation of this Policy or the Terms of Use, your violation of any law, regulation, contract, duty, or third-party right, your submissions or messages, your misuse of website content, your negligence, misconduct, fraud, misrepresentation, unlawful activity, or any dispute between you and a third party connected to your website use.

This also includes any attempt to access protected areas, bypass controls, scrape content, interfere with website operation, compromise security, or misuse analytics, forms, dashboards, systems, content, or protected materials.

Custiligence may assume exclusive control of any defense at your expense. You agree to cooperate fully with any defense and not settle any matter without Custiligence's prior written consent.

Release

To the fullest extent allowed by law, you release Custiligence and its affiliates, representatives, agents, service providers, licensors, collaborators, employers, clients, successors, and assigns from claims, liabilities, damages, losses, costs, and expenses arising from or related to your website use, reliance on website content, submissions or communications, third-party websites or services, third-party conduct, website unavailability, errors, interruptions, security issues, unauthorized access, or any dispute connected to the website.

You waive any law, rule, or doctrine that would otherwise limit this release to claims you know or suspect to exist. If California Civil Code Section 1542 or a similar law applies, you waive that protection to the fullest extent allowed by law.

Injunctive and equitable relief

You agree that unauthorized access, scraping, copying, disclosure, misuse of content, misuse of protected content, interference with website operations, security threats, or violation of intellectual property rights may cause harm that is difficult to measure in money damages.

Custiligence may seek injunctive, equitable, or emergency relief in any legally available forum without first posting a bond or proving actual damages, to the fullest extent allowed by law.

Custiligence's rights and remedies are cumulative and not exclusive.

Termination and access restrictions

Custiligence may block, restrict, suspend, terminate, or revoke access to the website, forms, internal routes, protected areas, or related systems at any time, for any reason or no reason, with or without notice.

The provisions of this Policy and the Terms of Use that by their nature should survive will survive any termination or access restriction. This includes ownership, confidentiality, acceptable use, disclaimers, limitation of liability, indemnification, release, dispute resolution, governing law, and miscellaneous terms.

Changes to the website and this Policy

Custiligence may update, modify, suspend, replace, remove, or discontinue any part of the website, website content, forms, analytics systems, dashboard, AI visibility monitoring, or this Policy at any time.

Updated terms are effective when posted unless otherwise stated. Continued use of the website after updates means you accept the revised terms.

Custiligence may, but is not required to, provide notice of changes by posting an updated version on this page, changing the effective date, or using another reasonable method.

Contact

Questions or requests about this Policy may be submitted through the Custiligence contact page at /contact.