Public channels
QualificationFit, timing, and non-confidential context only.Security and data handling
Sensitive diligence data should not start in a public form.
Wysdome operates in a category where customer revenue exports can be highly sensitive. Public contact channels should be used only for qualification and non-confidential context.Review complianceIntake boundary
Public qualification stays separate from confidential file exchange.
That boundary keeps early scoping lightweight while sensitive files wait for agreed confidentiality, engagement scope, and transfer controls.Sensitive files
Agreed intakeConfidentiality and transfer method established first.Data scope
Minimum neededExclude tax IDs, payment data, and unrelated documents.Output status
Review supportAnalytics for client review, not regulated advice.Handling principles
Qualification first, agreed intake second, reviewable outputs third.
The security posture starts with a simple boundary: sensitive diligence files should not move through public forms or public email.Public channels are for qualification only
Email and website contact forms should be used only to establish fit, timing, and non-confidential context — not for data transfer.
Sensitive data needs an agreed intake process
Customer lists, contracts, deal files, and revenue exports should move only after confidentiality expectations and an intake method are established.
Outputs are analytical support
Wysdome platform outputs support client review and diligence workflows. They are not investment, legal, tax, accounting, credit, valuation, or securities advice.
Handling rules
Data boundaries and non-claims stay explicit before files move.
Wysdome does not claim the following. Deal teams should not assume these are in place without a written agreement that explicitly addresses them.Handling rules
Do not submit confidential customer lists, contracts, tax IDs, payment data, or live deal files through public email.
Sensitive materials should move only after confidentiality expectations and an intake method are established.
Access should be limited to the agreed engagement team and the minimum data needed for the requested analysis.
Retention, deletion, subprocessors, and model/data-handling terms should be addressed in the applicable written agreement.
Platform outputs are analytical support for client review; they are not investment, legal, tax, accounting, credit, valuation, or securities advice.
Claims intentionally not made
SOC 2 certification
ISO 27001 certification
Blanket approval of unreviewed AI/API or model-use terms
Enterprise SSO or audit logging
Broker-dealer, investment-adviser, legal, tax, accounting, credit, valuation, or securities advice
Intake controls
A conservative workflow for sensitive diligence files.
Customer revenue exports can reveal commercial terms, contract terms, retention, concentration, and named-account exposure. Wysdome therefore separates public qualification from confidential file exchange.Qualification before data
The public website and email links are used to establish fit, transaction side, timing, requested outputs, and non-confidential data readiness only.
Written intake expectations
Confidentiality, transfer method, permitted users, retention, deletion, and scope should be agreed before live customer revenue files are exchanged.
Minimum necessary data
Deal teams should provide only the fields needed for the requested analytics. Tax IDs, payment data, personal identifiers, and unrelated documents should be excluded.
Access discipline
Access to sensitive materials should be limited to the agreed engagement team and reviewed when scope, users, or requested outputs change.
Source exceptions
Data-quality issues are documented for client review. Wysdome should not hide missing fields, conflicting totals, or unsupported definitions.
Agreement controls
Security questionnaires, subprocessors, model/data handling, retention, deletion, and incident-response terms should be addressed in the applicable written agreement.
Vendor review
NDA, retention, deletion, subprocessors, conflicts, and model-use terms are documented separately.
The security page covers the intake boundary. The compliance page gives the specific policy language deal teams need for onboarding and vendor review.Confidentiality and retention
NDA policy
Confidential target, customer, contract, revenue, or live deal data should not be shared until mutually acceptable NDA or equivalent confidentiality terms are in place. Request NDA review by email or through the contact page.
Subprocessor policy
No confidential deal files should be uploaded through the public website. Engagement-specific subprocessors, access purpose, and available SOC 2 or equivalent evidence are disclosed before file transfer.
Retention and deletion
Default retention is the engagement period plus 30 days unless the engagement letter states otherwise. Deletion requests are targeted within 10 business days, with written confirmation after completion.
Ownership and model use
IP ownership
Client owns client data, final outputs, and transaction-specific work product. Wysdome claims no ownership rights in client data or transaction-specific outputs beyond rights needed to perform the engagement, and retains only its pre-existing templates, methods, know-how, and platform IP.
Model-training policy
Wysdome's default policy is not to use client data or transaction outputs for model training. Engagement-specific AI or API use, including data-use restrictions, should be reviewed and approved in the applicable written terms.
Conflicts
If Wysdome is asked to support simultaneous mandates involving the same target, it will disclose the conflict where permitted, decline one side, or establish a written conflict protocol before proceeding.
Subprocessor categories
Public website host
Public website traffic and non-confidential site operation only; no live deal-file upload path.
Business email / calendar provider
Business contact information and non-confidential scheduling or service inquiries.
Secure storage / portal provider
Confidential files only if listed in the signed engagement-specific subprocessor schedule.
AI API provider, if approved
No client data unless expressly approved in writing for a defined workflow.