Privacy Policy

Last updated: April 1, 2026

1. Introduction

AcquiCheck ("we", "us", or "our") is a SaaS company based in Brussels, Belgium, that provides AI-powered due diligence reports for SaaS acquisitions. We are committed to protecting your privacy and ensuring transparency about how we collect, process, and use your personal data.

This Privacy Policy explains our data practices under the General Data Protection Regulation (GDPR) and applicable Belgian privacy laws. If you have questions, please contact our Data Protection Officer at privacy@acquicheck.com.

Company Details:
AcquiCheck
Brussels, Belgium

2. Data We Collect

We collect personal data in the following categories:

2.1 Account Data

When you create an AcquiCheck account, we collect your name, email address, phone number, company name, job title, and password hash. This information is necessary to establish and manage your account.

2.2 Financial and Code Data

Sellers may upload or authorize API access to financial statements, banking data, code repositories, and other proprietary information. Buyers may provide information about the acquisition target. This data is used solely to generate your requested due diligence report.

2.3 Payment Information

We process payments through Stripe. We do not store full credit card numbers, bank account details, or other sensitive payment data on our servers. Stripe handles all payment processing according to their privacy standards.

2.4 Usage Data

We automatically collect information about your interactions with our platform, including IP address, browser type, operating system, pages visited, time spent on pages, and click patterns. This helps us understand user behavior and improve our service.

2.5 Cookies and Similar Technologies

We use essential cookies to maintain your session and basic platform functionality. We also use analytics cookies (via third-party tools) to measure traffic and engagement, subject to your consent.

3. How We Use Your Data

We process your personal data for the following purposes:

  • Service Provision: Generating, delivering, and hosting your due diligence reports
  • Account Management: Creating and managing your account, processing payments, and providing customer support
  • Service Improvement: Analyzing usage patterns, identifying bugs, and developing new features
  • Communications: Sending transactional emails (report delivery, receipt confirmations), product updates, and marketing materials (with consent)
  • Compliance and Security: Detecting fraud, preventing abuse, and complying with legal obligations

4. Legal Basis for Processing (GDPR)

Under GDPR Article 6, we process your data on the following legal grounds:

4.1 Performance of Contract

Processing account data, payment information, and uploaded files is necessary to fulfill your agreement with AcquiCheck.

4.2 Legitimate Interests

We process usage data to improve our platform, enhance security, and understand how users interact with AcquiCheck. These interests do not override your rights.

4.3 Consent

We only place analytics cookies and send marketing emails with your explicit consent. You can withdraw consent at any time via your account settings or by emailing us.

5. Data Retention

We retain personal data only as long as necessary:

  • Due Diligence Reports: Kept for 90 days after delivery, then deleted
  • Account Data: Retained while your account is active. After account deletion, deleted within 30 days
  • Seller-Uploaded Data: Deleted immediately after report generation, unless a buyer licenses the report (then kept for 90 days post-delivery)
  • Payment Records: Retained for 7 years to comply with Belgian accounting law
  • Cookies: Session cookies deleted on logout; analytics cookies retained for 13 months

6. Data Sharing

We do not sell, rent, or trade your personal data. We share data only with trusted processors:

  • Stripe: Payment processor. Limited to payment data only. See their privacy policy at stripe.com/privacy
  • Supabase: Database and hosting provider. EU-based. We process a Data Processing Agreement (DPA) with Supabase
  • Analytics Providers: Limited usage data shared subject to your consent (anonymized IP addresses, click patterns)

We do not share your data with other third parties without your explicit consent, except when legally required by court order or regulatory authority.

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

7.1 Right of Access

You can request a copy of the personal data we hold about you. We will provide this within 30 days of request.

7.2 Right of Rectification

You can correct inaccurate or incomplete personal data. You can update most information directly in your account settings.

7.3 Right to Erasure

You can request deletion of your data, except where we are required to retain it by law (such as payment records for 7 years under Belgian accounting law).

7.4 Right to Data Portability

You can request your data in a structured, machine-readable format to transfer to another service.

7.5 Right to Object

You can object to processing based on legitimate interests or opt out of marketing communications at any time.

7.6 Right to Lodge a Complaint

If you believe we have violated your privacy rights, you can file a complaint with the Belgian Data Protection Authority (Autorité de Protection des Données).

To exercise any of these rights, email privacy@acquicheck.com with your request.

8. Cookies

We use cookies to enhance your experience on our platform:

8.1 Essential Cookies

These are necessary for platform functionality (session management, security, CSRF protection). We set these by default without consent.

8.2 Analytics Cookies

We use tools like Google Analytics to measure traffic, engagement, and user behavior. These are only placed after you consent via our cookie banner. You can manage cookie preferences in your account settings.

You can also control cookies at the browser level. Most browsers allow you to refuse cookies or alert you when cookies are being set.

9. Security Measures

We implement comprehensive security controls to protect your personal data:

  • Encryption at Rest: All databases use AES-256 encryption
  • Encryption in Transit: All data transmitted to/from AcquiCheck is encrypted with TLS 1.2+
  • Authentication: Passwords are hashed with bcrypt; we support two-factor authentication
  • Access Controls: Data access is restricted to authorized personnel only, with role-based access controls
  • Intrusion Detection: We monitor for suspicious activity and unauthorized access attempts
  • SOC 2 Compliance: We are working toward SOC 2 Type II certification to formalize our security practices

While we implement robust security measures, no system is entirely risk-free. If you suspect a security breach, please contact us immediately at hello@acquicheck.com.

10. International Transfers

AcquiCheck is based in the EU (Brussels, Belgium). All data is processed and stored within the EU. Our hosting provider, Supabase, maintains EU data centers. We do not transfer personal data to countries outside the EU/EEA without implementing appropriate safeguards (such as Standard Contractual Clauses).

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect operational, legal, or regulatory changes. We will notify you of material changes by email or by posting a prominent notice on our website. Your continued use of AcquiCheck after changes constitutes your acceptance of the updated Privacy Policy.

12. Contact

If you have questions about this Privacy Policy or our data practices, please contact:

Data Protection Officer

Email: privacy@acquicheck.com

Registered Address:
AcquiCheck
Brussels, Belgium