Legal
Privacy Policy
Draft · Last updated July 2026
DRAFT — FOR ATTORNEY REVIEW. Not legal advice. No attorney-client relationship is created.
1. Who we are
Bankerly ("Bankerly", "we", "us") operates the website bankerly.ai and a software platform that prepares and manages sell-side M&A processes. This policy describes how we collect, use, and protect personal information. It applies to the website and the platform.
2. Information we collect
- Account and contact data: name, email address, firm or company name, and credentials (passwords are stored only as argon2id hashes).
- Waitlist and buyer-criteria submissions: the information you provide in signup forms, including acquisition criteria for buyers.
- Transaction materials: documents and financial data you upload to run a sale process. These are your records; we process them only to provide the service.
- Usage and security data: IP address, browser user agent, and an audit log of actions taken on the platform (sign-ins, document views and downloads, permission changes). The audit log exists to protect the confidentiality of your process.
3. How we use information
- To provide, secure, and improve the platform.
- To prepare the analyses and documents you request (including with AI processing, as described in our product documentation).
- To contact you about early access, your account, or your process.
- To meet legal obligations and enforce our terms.
We do not sell personal information, and we do not share your transaction materials with any party you have not authorized through the platform's permission controls.
4. Your California rights (CCPA/CPRA)
If you are a California resident, you have the right to know what personal information we collect and how it is used; to request deletion; to request correction; to opt out of sale or sharing (we do neither); to limit use of sensitive personal information; and to not be discriminated against for exercising these rights. To exercise any right, email privacy@bankerly.ai. We will verify your identity before acting on a request and respond within the statutory period.
5. Subprocessors
We use a small number of infrastructure providers to operate the service (hosting, email delivery, AI model inference). [TBD-101 — the complete subprocessor list, with locations and purposes, will be published here before general availability.]
6. Security
Files are encrypted at rest with per-file AES-256-GCM keys; passwords are hashed with argon2id; access is role-based and deny-by-default; sensitive actions are recorded in an append-only audit log. Our full posture is described on the security page. No system is perfectly secure, and we cannot guarantee absolute security.
7. Retention
We retain account data while your account is active and transaction materials for the duration of your engagement plus any period you instruct or law requires. [TBD-102 — specific retention schedule pending counsel review.]
8. Changes and contact
We will post any changes to this policy on this page with an updated date. Questions and requests: privacy@bankerly.ai.