Privacy

Last updated June 12, 2026

Privacy Policy


This Privacy Policy explains how RED LINE collects, uses, discloses, and protects information in connection with the RED LINE website, application, audit workflow, and related communications.

RED LINE handles confidential offering materials and investor-facing records. The policy is written to describe the current product honestly. It does not promise controls that are not yet implemented.

01

Information we collect

We collect account information, contact information, authentication identifiers, audit configuration data, uploaded documents, URLs submitted for review, counsel invitation details, findings, reports, support communications, and technical information such as device, browser, log, and session data.

Uploaded audit materials may contain personal information about fund personnel, investors, beneficial owners, placement agents, service providers, or other persons named in offering documents and investor communications.

02

Notice at collection

The categories of personal information collected may include identifiers, professional or employment information, commercial information, internet or network activity, authentication and security data, inferences created by the audit workflow, and sensitive information contained in customer-submitted documents.

Sources include users, invited counsel, customer-submitted documents and URLs, authentication providers, service providers, device and browser signals, and records generated while operating the service.

03

How we use information

  • To provide the audit workflow, document ingestion, classification, findings, counsel collaboration, and report generation.
  • To authenticate users, enforce matter-level access, preserve chain-of-custody records, and maintain security.
  • To communicate about account access, audit status, counsel invitations, support requests, and product changes.
  • To improve reliability, debug errors, maintain logs, and protect against unauthorized access or misuse.
  • To comply with legal obligations, enforce terms, preserve records, and respond to lawful requests.

04

Uploaded documents

Customer documents are treated as confidential audit materials. RED LINE uses them to operate the audit, generate findings and reports, preserve evidence, and support the customer or invited counsel.

Customers are responsible for having the right to upload, process, and share each document and URL submitted to RED LINE. The service is not designed for consumer medical records, payment card data, Social Security numbers, or other data that is unrelated to the audit.

05

Service providers

RED LINE uses service providers for authentication, hosting, object storage, database services, email delivery, payment processing, workflow orchestration, observability, document processing, and machine-assisted analysis. Current providers include Clerk (authentication), Cloudflare R2 (object storage), Supabase (database), Resend (email), Stripe (payment processing), Sentry (observability), Google Gemini (machine-assisted analysis), Vercel (application hosting), Temporal Cloud (workflow orchestration), and Hostinger (servers running audit processing workers).

Service providers process information only as needed to provide, secure, monitor, support, or improve RED LINE, or as otherwise directed by the customer or required by law.

06

How we disclose information

  • To users and counsel invited to the same audit, according to their matter-level permissions.
  • To service providers that host, secure, authenticate, store, transmit, process, or support the service, including cloud infrastructure, authentication, email, observability, database, object storage, and analysis providers.
  • To comply with law, legal process, regulatory inquiry, or a request we believe requires response.
  • To investigate misuse, protect the service, enforce terms, or protect the rights, confidentiality, or safety of RED LINE, customers, counsel, or others.
  • In connection with a merger, financing, acquisition, reorganization, or sale of assets, subject to confidentiality protections appropriate to the transaction.

07

Sale and sharing

RED LINE does not sell customer audit materials. RED LINE does not use audit documents, findings, reports, or counsel collaboration records for third-party behavioral advertising.

If RED LINE later introduces practices that would constitute a sale or sharing of personal information under applicable privacy law, this policy and the collection notice will be updated before that practice begins.

08

Security

RED LINE uses authentication, matter-level authorization, non-public object storage, time-limited upload and download URLs, file hashing, and document event records. These controls reduce risk but do not eliminate it.

The current product does not claim customer-managed encryption keys, formal malware scanning, automated retention sweeps, a public SOC 2 report, or a formal subprocessor portal. Those items are not described as shipped controls.

09

Retention

We retain account information, audit records, documents, findings, reports, event logs, and support records for as long as needed to provide the service, preserve chain-of-custody, comply with legal obligations, resolve disputes, and enforce agreements.

The current product supports document archive states. A fully automated hard-delete and retention workflow is not yet implemented. Deletion and export requests are handled through an operator process until that workflow ships.

10

Cookies and analytics

The website and application may use cookies, session storage, and similar technologies for authentication, security, preferences, performance, and product operation. Authentication cookies are required for protected areas of the service.

RED LINE does not use legal-facing audit content to serve third-party behavioral advertising.

11

Your choices and rights

Depending on where you live, you may have rights to request access, correction, deletion, portability, restriction, objection, or information about certain disclosures of personal information. These rights may be limited where information must be retained for security, legal, audit, or chain-of-custody reasons.

Authorized agents and enterprise customers may submit requests on behalf of a data subject where permitted by law and contract. We may verify identity and authority before acting on a request.

12

Children

RED LINE is intended for business users and is not directed to children under 18. Do not use the service to submit information about children unless it is legally authorized and directly necessary for an audit record.

13

International use

RED LINE is designed for U.S. private capital compliance workflows. If information is accessed from outside the United States, it may be processed in the United States and other jurisdictions where RED LINE or its service providers operate.

14

Related policies

Use of the service is governed by the Terms of Service. Outputs of the service are provided for informational purposes only, as described in the Disclaimer at /disclaimer. This policy describes data practices; it does not change the legal-product boundary stated there.

15

Changes and contact

We may update this policy as the product, legal requirements, or operational controls change. The updated date identifies the current version and its effective date. For material changes, we will give notice by email or in the application before the change takes effect, where practicable.

Privacy requests and legal notices should be sent to compliance@redline.audit with RED LINE in the subject line. Customers with a separate order form or written agreement may also use the notice address stated in that agreement.