Index processing happens in your browser
When you upload an Excel or CSV index to the builder, it is parsed locally on your machine. The folder tree and ZIP skeleton are generated client-side — the index file is not sent to our servers.
Security and data handling
Deal data deserves plain answers, not badges.
This page states exactly how DataRoomBuilder handles your information today — what runs in your browser, what is gated, and what we deliberately do not claim yet.
The live builder
Your index never leaves your machine.
Only folder names, never deal documents
The builder works from a request list or folder index. It never needs — and never asks for — your confidential deal documents to produce a data-room structure.
No account required for the builder
You can use the live index-to-folder builder without creating an account or handing over contact details.
Portal & admin
Access is gated by default.
Portal access via scoped share links
Client portal engagements are reached through tokenised share links. Tokens are stored as httpOnly cookies scoped to a single engagement — one client's link never opens another client's workspace.
Admin routes fail closed
Operational admin pages sit behind a session gate. In production, if the gate is not explicitly configured, admin routes reject all requests rather than defaulting open.
Workspaces are kept out of search engines
All portal and admin routes are served with noindex/nofollow headers so client workspaces never appear in search results.
Hardened session checks
Session tokens are compared using constant-time comparison, and admin sessions expire automatically.
BYO-cloud: your documents stay in your storage.
The VDR layer being built connects to cloud storage you already control — starting with Google Drive via OAuth — rather than asking you to migrate confidential documents into yet another vendor silo. Connectors are in development and clearly labelled as foundations, not finished features.
Live today
In-browser index-to-folder builder, downloadable templates, and the access controls described above.
In development
Client IRL portal and BYO-cloud connectors (starting with Google Drive via OAuth) are foundations under active build — labelled as such across the site.
Not yet claimed
We do not currently hold SOC 2 or ISO 27001 certification, and we won't imply otherwise. Formal audits are on the roadmap as the platform layer matures.
Questions answered directly
Want detail on data handling before a live deal?
Test the builder with a non-sensitive index, or ask us anything about the security model and the BYO-cloud roadmap. See also what is live versus planned.