We use cookies

We use cookies to ensure you get the best experience on our website. By clicking Accept, you agree to our use of Cookies.

Privacy policy

Last updated: November 15, 2025

This privacy policy applies to the dataroom and due diligence services provided by Fintegrity Software AS (org. number 935 992 257), a company registered and domiciled in Norway. This Privacy Policy describes how Tilura processes your personal data when using our products, services, software and applications, when you interact with us through phone, social media or phone, or when you use our website www.tilura.com and associated sites.

About Tilura

Tilura is a Virtual Data Room and Due Diligence platform provider that helps you manage your deals and due diligence processes. We provide you with a new and secure AI-centric platform that significantly reduces the time spent in the data room for buyers, sellers and advisors.

Our commitment to your privacy

We are committed to protecting your privacy and processing as little personal data as necessary. Tilura, is responsible for the processing and control of your personal data. We follow applicable legislations, and are ultimately responsible for processing your data correcly and securely according to applicable regulations. We only store data in the EU/EEA. Data is never used to train AI models and is never shared with third parties unless you explicitly authorize us to do so.

What information we collect

Account information

When you create an account, we collect:

  • Name, email address and phone number
  • Password (stored securely as an encrypted hash)
  • Organization and role information

Usage information

To improve our service, we automatically collect:

  • Pages you visit and features you use
  • Technical information (browser type, device type)
  • Anonymized analytics data
  • System logs for security and debugging

Billing information

For invoicing purposes, we collect:

  • Company name and billing contact details
  • Transaction and invoice history

How we use your information

We use your personal data to:

  • Provide the service: Create and manage your account, host your dealrooms, and deliver specific services
  • AI processing: Generate summaries, extract insights, and analyze deal documents (only for your own data, never for training)
  • Improve our platform: Analyze usage patterns to enhance features and user experience
  • Communicate with you: Send login links, notifications, and respond to support requests
  • Handle billing: Process payments and maintain accounting records
  • Security: Monitor for threats, investigate incidents, and maintain system integrity

We never:

  • Train AI models on your data
  • Sell or share your data for marketing purposes
  • Use your dealroom content for any purpose other than providing you the service as according to terms of use

Legal basis for processing

We process your personal data based on:

  • Contract performance [§6.1 (b) GDPR]: To provide you access to the platform and services you've signed up for
  • Legitimate interests [§6.1 (f) GDPR]: For analytics, security monitoring, and customer support
  • Legal obligation [§6.1 (c) GDPR]: For accounting, tax compliance, and regulatory requirements

Data storage location

All data stays in the EU/EEA. We do not transfer any personal data outside the European Economic Area. All our sub-processors are located in the EU/EEA and operate under strict data processing agreements.

Data retention

We retain your personal data only as long as necessary:

Data TypeRetention Period
Account informationWhile your account is active + 12 months
Dealroom contentUntil you delete it or your contract ends
Analytics data6-12 months
System logs30-90 days
Support communications12-24 months
Billing records5-7 years (required by Norwegian law)

Security measures

We protect your data with:

  • Encryption: TLS/HTTPS in transit, AES-256 at rest
  • Access controls: Role-based permissions, least-privilege principle
  • Tenant isolation: Your data is separated from other customers
  • Monitoring: Security logging and incident detection
  • Regular reviews: Security audits and updates

Your rights

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (subject to legal retention requirements)
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a structured, machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw consent: Where processing is based on consent

To exercise your rights, contact us at: mithunan.sivakumar@tilura.com

We will respond to your request within 30 days.

Cookies and tracking

We use minimal cookies to make the platform work and improve it:

Essential cookies

Required for login, security, and core functionality. These cannot be disabled.

Analytics cookies (optional)

Help us understand how you use the platform to make improvements. Only used if you consent. All analytics data is stored in the EU and never shared with third parties.

Managing cookies

You can manage your cookie preferences:

  • Through the cookie banner when you first visit
  • In your account settings under Cookie Preferences
  • By contacting us at mithunan.sivakumar@tilura.com

Data sharing

We only share your personal data:

  • With sub-processors: As listed above, under strict data processing agreements
  • For legal compliance: When required by law or to protect our legal rights
  • With your consent: When you explicitly authorize us to share specific data

We never sell your personal data to third parties.

Changes to this policy

We may update this privacy policy from time to time. We will notify you of significant changes by:

  • Posting the updated policy on this page
  • Updating the “Last updated” date
  • Sending you an email notification (for material changes)

We encourage you to review this policy periodically.

Complaints

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with:

Norwegian Data Protection Authority (Datatilsynet)
Website: datatilsynet.no
Email: postkasse@datatilsynet.no

Contact us

For any questions about this privacy policy or our data practices:

  • Email: mithunan.sivakumar@tilura.com

Your role as a data controller

If you use our platform to process personal data of your own customers, employees, or deal participants, you are the data controller for that data and we act as your data processor. You are responsible for:

  • Having a lawful basis for processing
  • Informing data subjects about the processing
  • Ensuring your own GDPR compliance
  • Instructing us on data handling through our platform features

Our data processing agreement is incorporated into our Terms of Service.