Privacy & Data Handling

Document Content — Never Stored Server-Side

The full text of documents you process is never written to STET servers or cloud buckets. Production content extraction, semantic search, and ledger reconciliation runs on-device in the desktop app, entirely within memory. Document content never leaves your device.

Checklist Data — Stored Locally on Your Device

Checklist data is stored locally on your device (stet_checklists) and never transmitted to STET servers: checklist names, due-diligence item statuses, matched document file names, match confidence scores, and any free-text notes. This data is available only on the device where it was created and is cleared when you use "Delete Account" or remove local STET data.

No Human Access to Document Content

Because document text never touches our backend, no STET engineer, employee, or contractor can view or access your financial records or document contents.

No Machine Learning Training

We do not train or fine-tune any models on your Customer Data, including our local semantic matching engine. Our LLM subprocessor (Anthropic) likewise does not train on API content per their terms of service. We do not control downstream training behavior beyond what our subprocessor terms commit to; we will update this notice if subprocessor terms change.

Cloud VDR connections (Box, Dropbox, etc.)

When you connect a cloud virtual data room, file listing and downloads occur under your account with that provider, subject to their terms and privacy notice. STET does not upload your document content to STET servers for reconciliation; processing runs on-device in the desktop app.

When AI Agents Are Enabled

STET ships an optional AI agent stack (workstream specialists, banker, QoE, generation, chat, and IC brief). When the agent stack is enabled by your firm, document-derived excerpts — claim text, finding summaries, ledger row excerpts, and the messages you type into chat — are sent over TLS to the InsForge AI gateway, which proxies them to upstream large-language-model providers (Anthropic Claude, and optionally Google Gemini or other providers configured by your firm). The agent stack is the only path that egresses document-derived content to third parties; deterministic-only flows (L0–L4 matching, ledger reconciliation, on-device extraction, semantic search) do not send any document content off-device. Your firm's partner can disable the agent stack via the partner toggle, in which case STET reverts to deterministic-only behavior.

AI-derived outputs are not decisions

Every LLM-generated finding, claim, or memo paragraph is marked "unverified" until a human reviewer explicitly approves it. Approved outputs become part of your firm's record; unapproved outputs may be reviewed, rejected, or edited at any time. STET does not auto-execute deal decisions on your behalf. This is intended to align with EU AI Act Art. 13 transparency expectations for AI-assisted outputs.

Optional feature: Cross-Deal Memory

When enabled by your firm's partner, STET indexes the title, summary, severity, and workstream of approved findings on your device to surface similar findings on future deals within the same firm. This feature is firm-scoped, default-off, and every cross-mandate read is logged in the audit trail. The data does not leave your firm's boundary; it is not shared across firms or with STET.

Strictly Necessary (no consent required)

Session authentication tokens (via InsForge) stored in a secure, HttpOnly cookie. These are required for login to function. They expire when your session ends or you log out.

Analytics (consent required)

If you accept analytics cookies, PostHog stores an anonymous session identifier in localStorageto measure session continuity. Anonymous page-view and page-leave events (used for session duration signals) are captured. No personal data is stored. This is only activated after you click "Accept" on the cookie banner. You can withdraw consent at any time by clearing local website data.

Functional Preferences — local app/site storage (no consent required)

The following items are stored in local STET storage on your device — none are tracking cookies, and none are ever transmitted to our servers:

• stet_analytics_consent — records whether you accepted or declined analytics cookies.
• stet_privacy_accepted — records that you accepted the Privacy Policy & Terms at account creation.
• stet_local_snapshots — metadata for locally-captured VDR snapshots (file names, sizes, SHA-256 hashes). Document content is not stored here.
• stet_local_extractions — text extracted from your local documents for on-device semantic search. Stored locally only; never transmitted to our servers.
• stet_recent_audits — recent audit and deal names for the sidebar quick-access list. Stored locally only.
• stet_notifications — in-app notification state. Stored locally only.
• stet_active_profile — ID of the active workspace profile. Stored locally only.
• stet.updateChannel — desktop app update channel preference (stable / beta / internal). Stored locally only.
• stet_discrepancy_{auditId} — cached discrepancy results for an audit session. Stored locally only; cleared when the session ends.
• stet_vdr_metadata_{providerId}:{folderId} — cached VDR folder structure metadata. Stored locally only; expires automatically.
• vdr_pkce_{state} — temporary PKCE code verifier for OAuth flows. Removed immediately after the OAuth flow completes.
• stet:review:… — review workspace session state (resolution notes, draft edits). Stored locally only.

Session Storage — website support flows only (no consent required)

The following items are stored in sessionStorage for website sign-in and support flows and are automatically cleared when the active website session ends. They are never transmitted to our servers beyond the purpose of the active session:

• stet_vdr_connections — VDR OAuth access tokens for the current session.
• vdr_oauth_state — temporary OAuth state parameter used for CSRF protection during VDR sign-in. Removed after OAuth completes.

Local Database — on-device app storage (no consent required)

STET stores audit findings, document extractions, checklist data, chat history, agent traces, evidence references, semantic indices, VDR snapshots, review workspace state, and other working data on your deviceusing IndexedDB and localStorage. All of this storage is local-only and never synced to STET servers. The full schema is open-source and visible in the STET source repository; a complete enumeration of stores is also available by inspecting your browser's storage panel (DevTools → Application → Storage) or via Account → Settings → Danger Zone, which lists and clears every known store. The list below is illustrative, not exhaustive — there are currently 25+ IndexedDB stores:

• stet_checklists — all checklist data: names, deal types, item statuses, matched file names, confidence scores, and notes.
• stet_vdr_results — VDR audit results: match lists, discrepancies, statistics, and optionally a CSV snapshot of the ledger used.
• stet_review_docs — documents loaded for the review workspace (PDF, Excel, etc.) stored as raw file bytes for local rendering.
• stet_search_indices — semantic search index built from locally-extracted document text.
• stet_support_trace — support-trace review flags and notes.
• stet_embedding_cache — vector embeddings and text previews cached for performance.
• stet_hnsw_cache — serialized semantic graph index.
• stet_audit_v2 — hash-chained semantic engine audit records (execution integrity log).
• stet_locks — short-lived client-side session locks for the semantic engine.
• Plus stores for AI agent traces, findings, cross-deal memory (when enabled), engagement profiles, generation extraction records, RFI drafts, IC briefs, chat history, and other working data added as features ship.

Account Data

Your email, username, and subscription status are retained for as long as your account is active. Upon account deletion, personal data is purged within 30 days from our live systems and within 90 days from encrypted backups.

Checklist Data

Checklist data is stored locally in on-device app storage (stet_checklists) and is not retained on STET servers. It persists until you delete individual checklists from within the app, use the "Delete Account" flow (which wipes the database), or clear local STET data. There is nothing for us to delete server-side — this data never reaches our servers.

Document Content (Files & Ledgers)

Never retained server-side. Production file processing is on-device and in-memory only. Document text never reaches our servers; there is nothing for us to delete.

Analytics Data

Anonymous PostHog analytics (if consented) are retained for 12 months, after which they are automatically deleted by PostHog.

Breach Notification

In the event of a personal data breach affecting your Account Data, we will notify affected users and, where required by law, the relevant supervisory authority within 72 hours of becoming aware of the breach, in accordance with GDPR Art. 33. Checklist data is stored locally on your device and is outside the scope of a server-side breach.