Privacy Policy

Amafi DataRoom is a virtual data room operated by Amafi for M&A advisors and their clients. This page summarises what we collect, why, and what your rights are. The authoritative agreement is the engagement letter signed with your firm; this document is a plain-language overview.

What we store

• Your name, email, and authentication credentials.
• Documents you upload and the metadata around them (folders, tags, versions).
• Audit events: who viewed what page, when, from which IP — so deal teams can prove who saw which information.
• Your interactions with the AI assistant when you opt to use it.

Where data lives

All deal data is stored on infrastructure operated by Amafi inside the European Union. Documents are encrypted in object storage; database backups are encrypted at rest. Access is restricted to the deal's admin members and the Amafi engineering team under audited break-glass procedures.

Sub-processors

We use Resend for transactional email, Posthog (self-hosted) for product analytics, and Langfuse (self-hosted) for AI tracing. We do not share deal documents with any third-party AI provider; the AI assistant runs against an Amafi-operated retrieval backend.

Your rights

Under GDPR you may request access, rectification, or deletion of your personal data. Reach us at dataroom@amafi.online.

Retention

Audit logs are retained for the duration of the deal plus seven years to satisfy banking regulatory expectations. Documents are deleted within thirty days of a deal being closed or a member being removed.

Questions? dataroom@amafi.online