Draft version: 11 July 2026 · Not approved for commercial reliance
1. Who this notice is for
This notice is intended for website visitors, founders, company representatives, reviewers, partner programme managers, and people who contact Pre-Mortem Insights. The final notice will identify the legal entity responsible for processing and provide approved contact details.
2. Information the service may collect
- Account and profile information, including name, email, role, organisation, and acceptance records.
- Company, assessment, founder-response, financial, funding, investor, acquisition, and current-position information.
- Documents and evidence intentionally uploaded for an assessment, together with extraction and review metadata.
- Messages, clarification responses, consent choices, support requests, and contact enquiries.
- Security and operational records such as session, access, audit, device, and limited diagnostic log information.
3. Why information is used
Information is intended to be used to provide and secure the diagnostic service, review evidence, prepare and release approved reports, administer partner cohorts subject to consent, respond to enquiries, maintain auditability, improve service quality, meet legal obligations, and prevent misuse.
4. Legal bases and consent
The final notice must specify the lawful basis for each processing purpose in each launch jurisdiction. Consent records will be versioned. Partner access to an individual report will require a specific founder sharing choice and will not include private evidence by default.
5. Confidential research and assessment material
Assessment evidence, internal diagnostic findings, reviewer notes, extracted document text, and reports are treated as confidential. Public pages do not expose internal method codes, proprietary rules, raw reference cases, or private documents.
6. Sharing and service providers
The intended service providers include hosting, database, private storage, authentication, transactional email, monitoring, and security providers. The final notice must list approved subprocessors, processing locations, international transfer safeguards, and contractual protections.
7. Retention, deletion, and export
Draft retention periods are not yet approved. The production service will support data access, export, correction, and deletion requests subject to identity verification and any lawful contractual, audit, dispute, security, or statutory retention requirement. Released report records may require controlled retention for reproducibility.
8. Security
Planned safeguards include row-level database controls, role checks, private storage, expiring signed links, file validation, checksums, audit records, secure sessions, rate limits, encryption provided by infrastructure vendors, and restricted privileged access. No service can guarantee absolute security.
9. Automated decision-making
The service is not intended to make solely automated decisions with legal or similarly significant effects. Diagnostic findings require human review and senior approval before release. AI features are disabled by default.
10. Questions and complaints
The final notice will provide the approved privacy contact, company address, response process, applicable supervisory authority information, and effective date.
