Skip to main content
LockRoom virtual data room

Privacy Policy

Effective Date: September 15th, 2025
Last Updated: April 30th, 2026

1. Information We Collect

1.1 Information You Provide: Account registration details (name, email, company, payment info).
1.2 Customer Data: Files, folders, and other content uploaded into a LockRoom data room. LockRoom processes this information on behalf of the Customer as part of the Services.
1.3 Usage & Log Data: Metadata such as user actions, timestamps, truncated IP addresses, device/browser type, and outcome of access attempts. These logs are maintained to support audit, security, and compliance requirements (e.g., FINRA Rule 4511, SEC Rule 17a-4).
1.4 Automatically Collected Data: Cookies, analytics, and session data used to improve site performance and security. Specific cookies and analytics vendors are listed in Section 11.
1.5 Marketing Website Visitor Data: When you visit lockroom.com (the marketing site, separate from app.lockroom.com), we may collect: (a) email addresses you voluntarily provide to download free resources from /resources, (b) limited interaction data (page views, clicks, time on page) via our analytics providers, (c) approximate location derived from IP address. This data is held separately from Customer Data in the data room product.
1.6 Lead Magnet Email Capture: To download free resources (e.g., templates, checklists, calculators) on lockroom.com/resources, you may be asked to provide an email address one time. We store this email together with which resource you downloaded so we can improve our resources. When you provide your email, you will see a checkbox offering to subscribe to our monthly Banker Brief newsletter. The checkbox is selected by default; uncheck it before submitting if you do not want to subscribe. You can unsubscribe from the newsletter at any time using the link in any newsletter email.

2. How We Use Information

2.1 To provide and secure the Services (including encryption in transit and at rest)
2.2 To maintain audit trails, WORM-style retention, and archiving features designed to support compliance with applicable regulatory frameworks.
2.3 To monitor, detect, and prevent fraud, abuse, or misuse of the Services.
2.4 To improve and develop the Services through aggregated, de-identified usage data (never disclosing Customer-identifying data).
2.5 To communicate with you about your account, billing, or support requests.

3. Data Retention

3.1 Active Data Rooms: Customer Data is stored for the duration of the subscription term.
3.2 Archived Data Rooms: Archived exports may be stored in WORM format for seven (7) years or as otherwise required by law or agreement.
3.3 Audit Logs: Retained in append-only format for at least seven (7) years to support compliance with applicable retention obligations.
3.4 Customers may request deletion/export of their data subject to contractual terms.

4. Sharing & Subprocessors

4.1 We use trusted third-party providers (e.g., AWS, Heroku, Vercel) to host and deliver the Services.
4.2 Subprocessors are contractually required to implement industry-standard security.
4.3 We do not sell Customer Data.
4.4 A current list of subprocessors is available upon request.

5. International Data Transfers

5.1 If you access the Services from outside the United States, your information may be transferred to and processed in the U.S.
5.2 LockRoom relies on appropriate safeguards (such as Standard Contractual Clauses) for such transfers where required.

6. Your Rights

6.1 Depending on your jurisdiction (e.g., CCPA, GDPR), you may have rights to:
6.2 Access, correct, or delete your personal information.
6.3 Request a copy of your data in a portable format.
6.4 Object to or restrict processing.
6.5 Withdraw consent for certain uses.
6.6 Requests can be submitted to support@lockroom.com.

7. Security

7.1 We implement administrative, technical, and organizational safeguards including:
7.2 Encryption at rest (AES-256) and in transit (TLS 1.2+).
7.3 Role-based access controls and MFA.
7.4 Append-only audit logs.
7.5 Business continuity and disaster recovery procedures.
7.6 No system is 100% secure. Customers remain responsible for managing their own credentials, user permissions, and backups outside LockRoom's system archives.

8. Prohibited Data

8.1 You may not upload or process the following without LockRoom's prior written agreement:
8.2 Payment card data (PCI).
8.3 Protected health information (PHI) under HIPAA.
8.4 Export-controlled or defense-related information (ITAR, EAR).

9. Legal & Compliance

9.1 LockRoom is designed to support SEC Rule 17a-4 and FINRA Rule 4511 compliance requirements (audit logs, WORM storage, retention).
9.2 LockRoom does not provide legal or compliance advice. Customers are responsible for their own regulatory obligations.
9.3 We may disclose personal information where required by law, regulation, subpoena, or court order.

10. Cookies and Tracking Technologies

11.1 LockRoom uses a small number of cookies on the marketing site (lockroom.com). Cookies fall into two categories: necessary (functional) and optional (analytics). Optional cookies are loaded only after you accept them via the consent banner.
11.2 Necessary cookies (always on, no consent required): "localConsent" stores your cookie consent decision so we do not show you the banner repeatedly. "lockroom_unlocked" is set after you provide your email to download a free resource and prevents the email modal from reappearing on subsequent downloads. Both expire after one year.
11.3 Optional analytics cookies (loaded only with consent): Google Analytics 4 sets cookies prefixed with "_ga" to measure aggregate site usage. Microsoft Clarity sets "_clck" and "_clsk" to record anonymized session data and heatmaps for usability research. Vercel Web Analytics is privacy-first and operates without setting persistent identifying cookies.
11.4 You can withdraw consent at any time by clearing your cookies. We are working to add an in-product preference toggle. To request more granular control, contact support@lockroom.com.
11.5 The data room product (app.lockroom.com) sets only session cookies necessary for authentication and product functionality. Analytics cookies are not used inside the data room product.

11. Changes to This Policy

10.1 We may update this Privacy Policy from time to time.

12. Contact Us

For questions or privacy requests, contact:
https://lockroom.com/contact-us
support@lockroom.com
Phone: +1 (855) 303-4333
© 2026 LockRoom. All rights reserved.