← Back to blogM&A Insights

Confidential Data and LLMs: How to Run AI Due Diligence Without Leaking Deal Secrets

John Stroud

Founder & CEO · 31 March 2026

Confidential Data and LLMs: How to Run AI Due Diligence Without Leaking Deal Secrets

Every M&A transaction starts with a non-disclosure agreement. That NDA exists for a reason — the information inside a data room is among the most sensitive material in business. Revenue figures that haven't been disclosed to markets. Employee contracts with compensation details. IP portfolios that define competitive advantage. Customer lists that competitors would pay millions for.

So when someone suggests running this data through an AI system powered by large language models, the first question from any responsible advisor should be: where does the confidential data go, and who else can see it?

We built AcquiLens — where twenty-five specialist AI agents analyse target companies simultaneously — knowing that confidential data and LLMs require an entirely different security posture than consumer AI products. Here's what every advisory professional needs to understand.

The Confidentiality Stakes in M&A

The consequences of a data room leak extend far beyond embarrassment. A leaked revenue figure can move share prices and trigger regulatory investigation. Disclosed customer contracts can give competitors an advantage that takes years to recover from. Employee compensation data exposed externally creates legal liability and retention risk.

<!-- HUMAN: Specific example from advisory experience where confidentiality was paramount and the consequences of a breach were discussed at board level -->

NDAs in M&A transactions typically carry strict penalties — including deal termination, liquidated damages, and personal liability for named individuals. Advisory firms that allow deal data to flow through insecure AI systems are exposing themselves and their clients to material risk.

The Real Risk: What Happens When People Use Public LLMs

<!-- VERIFY: Lasso Security stat — 1 in 12 employee prompts to public LLMs contains confidential info -->

Research from Lasso Security found that one in twelve employee prompts to public LLMs contains confidential information. Proofpoint's 2024 Data Loss Report confirmed that generative AI tools have become a leading channel for inadvertent data exposure.

We've seen this firsthand. Advisory analysts under time pressure paste financial summaries, contract clauses, and customer lists into ChatGPT to get quick summaries. Each of those prompts potentially enters a training pipeline, gets stored on third-party servers, and falls outside the deal's confidentiality perimeter.

The risk isn't theoretical. It's happening right now, on live deals, at firms of every size.

Public LLMs vs Private/Enterprise Deployment

Not all LLM deployments are created equal. The distinction matters enormously for deal confidentiality.

Public consumer LLMs (ChatGPT free tier, Claude.ai, Gemini) may use submitted data for model training unless users opt out. Data is transmitted to and processed on shared infrastructure. Retention policies vary and are controlled by the provider. There is no transaction-level data isolation.

Enterprise API deployments (OpenAI API, Anthropic API, Azure OpenAI) operate under business terms that typically include zero-training guarantees. Data is processed but not retained beyond the API call. This is better, but data still transits provider infrastructure.

Private/VPC deployments keep data within the customer's own cloud environment. The model runs inside a virtual private cloud. No deal data leaves the security perimeter. This is the standard that M&A confidentiality demands.

Pasting deal data into a consumer AI chatbot may violate your NDA, breach data protection regulations, and create personal liability. Always verify the deployment architecture before processing any confidential transaction material through an AI system.

Security Architecture That Protects Deal Data

We've spent considerable time designing security architecture specifically for the M&A use case. These are the patterns that matter.

Strict LLM Retention Terms

Every API call to an LLM provider should be governed by strict, contractual retention terms. Anthropic's commercial API terms exclude model training by default and automatically delete API inputs and outputs within 30 days; zero-retention arrangements are available by separate agreement for the most sensitive workloads. Whatever the provider, the terms should be written, short, and verifiable.

Encryption at Rest and in Transit

All documents should be encrypted using AES-256 at rest and TLS 1.3 in transit. This is table stakes, not a differentiator. Any vendor that cannot confirm both should be disqualified immediately.

Transaction-Level Data Isolation

Each deal must exist in its own isolated environment. Documents from Transaction A must never be accessible during analysis of Transaction B — not even by the same client. This prevents cross-contamination between competing deals, which is a real risk when advisory firms run multiple live transactions.

Audit Trails

Every document access, every AI query, and every generated finding should be logged with timestamps and user attribution. This creates a defensible record for regulatory purposes and allows clients to verify exactly what happened with their data.

SOC 2 Type II Compliance

SOC 2 Type II certification validates that security controls are not just designed but operating effectively over time. Any AI vendor handling deal data should hold this certification or be actively pursuing it.

How AcquiLens Handles Confidential Data

We designed our security model around a simple principle: deal data should be treated as if a breach would end the firm. Because for many advisory businesses, it would.

No training on deal data. Documents uploaded to AcquiLens are never used to train or fine-tune any AI model. Period. This is contractual, not just policy.

Data isolation per transaction. Every deal operates in a fully isolated environment. There is zero data leakage between transactions, between clients, or between workstreams within the same firm.

Audit trails on everything. Clients can see exactly which documents were accessed, which AI agents processed them, and what findings were generated. This satisfies both internal compliance requirements and client-facing transparency obligations.

Automatic data deletion. After the agreed retention period, all deal data is permanently deleted. Clients can trigger immediate deletion at any point.

<!-- HUMAN: Specific detail about AcquiLens security architecture — VPC deployment, specific cloud provider, encryption implementation -->

Regulatory Context: GDPR and Cross-Border Deals

International transactions add another layer of complexity. European deals fall under GDPR requirements, which impose strict rules on the processing of personal data — including employee records, customer information, and director details found in data rooms.

Cross-border data transfers require specific legal mechanisms. Processing deal data through a US-based AI provider when the target company is European triggers GDPR transfer provisions. The EU-US Data Privacy Framework provides one pathway, but advisory firms need to confirm their AI vendor's compliance.

For Asia-Pacific transactions, similar frameworks apply under Australia's Privacy Act, Singapore's PDPA, and Japan's APPI. The common thread: data processors must be able to demonstrate where data resides, who can access it, and how long it is retained.

Eight Questions to Ask Any AI Due Diligence Vendor

Before allowing any AI platform to process deal data, we recommend asking these eight questions. The answers will separate genuinely secure platforms from those that rely on marketing language.

1. Is deal data ever used for model training or fine-tuning? The only acceptable answer is "no," backed by contractual commitment. 2. Where does the LLM inference run? Look for private cloud or VPC deployment, not shared public infrastructure. 3. What is the data retention policy? Contractually defined, short retention on the AI layer (30 days or less, never used for training), with configurable retention on the storage layer and automatic deletion. 4. Is data isolated per transaction? Each deal should operate in a fully separate environment with no cross-transaction access. 5. Do you hold SOC 2 Type II certification? If not, when is the audit scheduled? Ask for the independent auditor's report. 6. How are cross-border data transfers handled? The vendor should be able to specify which data centres process data and under which legal frameworks. 7. What audit trail is available? Clients should be able to access a complete log of all document access and AI processing events. 8. What happens to data when the engagement ends? Permanent deletion with a certificate of destruction is the standard to expect.

See how Acquilens answers every question on this checklist at our Security & Trust Centre.

The Bottom Line

The adoption of AI in due diligence is accelerating. The firms that move fastest will gain a real competitive advantage. But speed without security is reckless when you're handling deal-sensitive information protected by NDAs and data protection law.

We've built AcquiLens to prove that firms don't have to choose between analytical power and confidentiality. The technology exists to deliver both. The question is whether your AI vendor has actually implemented it — or just claims to.

Ask the eight questions. Demand the evidence. Your clients' confidential data depends on it.

Frequently Asked Questions

Can confidential data be safely processed through any LLM?

Not all LLM deployments offer the same security guarantees. Consumer-facing tools may use submitted data for training. Enterprise API deployments typically offer contractual no-training guarantees with short, defined retention windows. Private VPC deployments provide the strongest protection by keeping data within the customer's own cloud environment. Always verify the specific deployment architecture and contractual terms before processing deal data.

Does using AI for due diligence violate NDA terms?

It depends on the NDA language and the AI vendor's security architecture. Most modern NDAs permit the use of technology tools for analysis, provided data is not disclosed to unauthorised third parties. An AI platform with contractual no-training terms and strict, short retention — where data is never used for training and is deleted on a defined schedule — generally satisfies NDA requirements. However, pasting data into a public consumer LLM almost certainly breaches standard NDA terms. Legal review of the specific NDA is always recommended.

What is the difference between zero-retention and zero-training?

Zero-training means the vendor does not use submitted data to train or improve AI models. Zero-retention goes further — the vendor does not store any submitted data or AI-generated outputs beyond the duration of the API call. For M&A confidentiality, zero-training is non-negotiable; retention should be contractually limited and short — zero-retention where the provider offers it, or a defined auto-deletion window of 30 days or less.

How does GDPR affect AI due diligence on European targets?

GDPR applies whenever personal data of EU residents is processed. Data rooms routinely contain employee records, customer details, and director information that qualify as personal data. AI due diligence platforms must demonstrate a lawful basis for processing, implement appropriate technical safeguards, and comply with cross-border transfer rules if data is processed outside the EU.

What security certifications should an AI due diligence vendor hold?

At minimum, look for SOC 2 Type II certification, which validates operating effectiveness of security controls over time. ISO 27001 certification for information security management adds further assurance. For healthcare-adjacent deals, HIPAA compliance may be relevant. For government-related transactions, FedRAMP authorisation may be required.

Further Reading

Acquilens.ai

See how AI changes due diligence

25 specialist agents analyse your data room across every workstream simultaneously. First findings in hours.

Book a demo