[{"data":1,"prerenderedAt":828},["ShallowReactive",2],{"blog-en-context-adaptive-file-redaction":3,"blog-related-en-context-adaptive-file-redaction":173},{"id":4,"title":5,"author":6,"body":7,"coAuthors":159,"date":160,"description":161,"extension":162,"image":163,"meta":164,"navigation":165,"path":166,"seo":167,"stem":168,"tags":169,"__hash__":172},"blog\u002Fblog\u002Fen\u002Fcontext-adaptive-file-redaction.md","Context-adaptive document redaction","Pierre-Louis",{"type":8,"value":9,"toc":155},"minimark",[10,14,17,20,23,28,31,44,47,50,54,57,60,63,66,69,72,76,79,93,97,100,103,106,109,112,115,118,121,124,128,131,134,137,140,143,146],[11,12,13],"p",{},"A sell-side analyst uploads 847 employment contracts to a data room. Each contains social security numbers, home addresses, salary details. The VDR promises to redact them all automatically. One click, the marketing materials said. Forty-five seconds later, a confirmation appears: \"1,247 redactions complete.\"",[11,15,16],{},"The analyst opens a random file. The CEO's social security number sits there, unmasked. Three more spot checks reveal similar gaps. The automated system missed variations in formatting, struggled with scanned documents, failed to recognize abbreviated names.",[11,18,19],{},"Eight hours of manual review follow. Better than risking a GDPR violation or tanking a deal because confidential client names leaked to a competitor.",[11,21,22],{},"\"I'd rather have my intern spend eight hours on redaction than five minutes with an AI solution and take the risk,\" says Victor, an M&A associate at a major European investment bank. The bank's reputation sits on the line with every document shared. No algorithm gets to make that call unsupervised.",[24,25,27],"h4",{"id":26},"what-redaction-actually-means-in-ma","What redaction actually means in M&A",[11,29,30],{},"Document redaction in mergers and acquisitions isn't about hiding embarrassing details. It serves three precise functions that carry legal and financial consequences when done poorly.",[32,33,34,38,41],"ul",{},[35,36,37],"li",{},"First, regulatory compliance. European data protection rules require removing personally identifiable information before sharing employee records with third parties. Social security numbers, home addresses, phone numbers, bank details. Missing a single instance can trigger regulatory investigations. Financial penalties for GDPR violations reach into millions of euros, calculated as percentages of global revenue.",[35,39,40],{},"Second, competitive protection. A target company's client list, pricing structures, supplier contracts, and strategic partnerships constitute valuable intelligence. Buyers conducting due diligence need to verify commercial relationships exist without learning specific terms that could advantage them in negotiations or, worse, leak to competitors if a deal collapses.",[35,42,43],{},"Third, staged disclosure. M&A transactions progress through phases. Early-stage buyers see summary financials and anonymized contracts. Later, as negotiations advance, additional details unlock. The redaction system needs to support this gradual revelation, with precise control over what each party sees and when.",[11,45,46],{},"The consequences of failure are concrete. A leaked client list can trigger contract renegotiations. Exposed pricing data undermines competitive positioning. Personal information breaches generate regulatory scrutiny that delays or kills transactions entirely.",[11,48,49],{},"And then there's the technical requirement: true redaction must destroy the underlying data bytes, not merely overlay black boxes. Some transaction advisory firms openly discuss tools that can \"un-redact\" documents where the original text remains embedded in the file structure. If buyers or their advisors possess such tools, cosmetic redaction becomes disclosure.",[24,51,53],{"id":52},"the-ai-redaction-theater","The AI-redaction theater",[11,55,56],{},"Legacy VDR providers spotted an opportunity. Artificial intelligence was the solution to every enterprise software problem, apparently including document redaction. Marketing materials promised dramatic results: \"Redact 1,000 files in one click.\" \"80% time savings.\" \"AI-powered pattern recognition.\"",[11,58,59],{},"Datasite, one of the established players, promotes its automated redaction feature prominently. But the demo showcased on their website fails spectacularly. When it functions, the system might identify obvious patterns like social security numbers in structured documents, but complexity defeats it quickly. PDFs with unusual layouts confuse the parser. Scanned images remain completely opaque. Tables scramble its logic.",[11,61,62],{},"The system might correctly identify confidential information in some employment agreements while missing others where formatting differs slightly. No uncertainty scores appear. No confidence intervals. Just green checkmarks and buried liabilities.",[11,64,65],{},"What legacy vendors actually sell is autonomous AI. The system makes decisions about what to redact based on pattern matching and training data. It executes those decisions without meaningful human oversight. The human role reduces to clicking \"approve\" on bulk operations affecting hundreds or thousands of documents simultaneously.",[11,67,68],{},"This autonomy becomes the vulnerability. M&A teams don't need software that makes decisions. They need tools that preserve their ability to make decisions while eliminating mechanical friction.",[11,70,71],{},"The pricing model reveals the vendors' actual priorities. Legacy vendors charges up to an additional €2,500 per data room for AI-assisted redaction. And some count redacted pages as separate files, effectively charging twice for the same document. Teams upload a fifty-page contract, redact ten pages, and discover they're being billed for sixty pages of storage. This has side effects: users redact outside the VDR to avoid inflated charges, undermining the entire purpose of a centralized, auditable system.",[24,73,75],{"id":74},"what-users-actually-need","What users actually need",[11,77,78],{},"The conversation about AI-powered redaction typically focuses on speed and automation. That misses what M&A professionals actually want from their tools.",[32,80,81,84,87,90],{},[35,82,83],{},"Control, first. Deal teams need visibility into every redaction decision. Not trust, verification. The system can suggest, flag, and accelerate, but humans must validate before anything executes. This isn't inefficiency, it's risk management in an environment where a single mistake can cost millions.",[35,85,86],{},"Completeness, second. The fear isn't just making errors, it's missing items entirely. An analyst redacting Pierre-Louis Corteel's information needs the system to identify every variation: P.L. Corteel, Corteel PL, Pierre L. Corteel. Across all documents in the data room, not just the one currently open. Manual review might catch variations in the same file. It won't catch them across 847 employment contracts spread through different folders.",[35,88,89],{},"Security comes third, though in practice it underlies everything. True redaction must destroy data at the byte level. Visual overlays aren't sufficient. The underlying text must disappear from the file structure entirely, preventing any attempt at recovery.",[35,91,92],{},"And pricing transparency matters more than vendors acknowledge. Teams need predictable costs that don't penalize thoroughness. If redacting documents becomes expensive, the economic incentive shifts toward doing less redaction, which directly contradicts security objectives.",[24,94,96],{"id":95},"context-aware-redaction-an-innovative-approach","Context-aware redaction: an innovative approach",[11,98,99],{},"Entropia takes a different approach to redaction. Rather than attempting to make AI autonomous, the platform makes it context-aware.",[11,101,102],{},"The system observes what users do, learns patterns from specific environments, and scales individual decisions across bounded contexts. Critically, every suggestion requires human validation before execution.",[11,104,105],{},"The workflow begins with manual redaction, but amplifies it. An analyst redacts a social security number in an employment contract. That single action creates a bounded context the system replicates. The platform searches every document in the data room for that exact pattern and flags each instance. The analyst reviews the results, confirms matches to apply redaction.",[11,107,108],{},"One judgment call, executed fifty times. The human decided what to redact. The software handled pattern matching and execution.",[11,110,111],{},"This extends to more complex scenarios. A team uploads financial statements monthly throughout a deal. They redact specific salary bands and contract values in the first batch. When new statements arrive weeks later, the system identifies analogous fields based on position, formatting, and previous patterns. It flags them for review. The team confirms or adjusts, then applies.",[11,113,114],{},"The system also handles format variations. Redact \"Pierre-Louis Corteel\" once, and the platform flags \"P.L. Corteel,\" \"Corteel PL,\" and similar variations across all documents. Not automatically redacted, automatically flagged. The distinction matters. Users maintain control while the system prevents oversights that would occur during pure manual review.",[11,116,117],{},"Scanned documents or pdf are usually excluded from automations, but in Entropia, they are fully searchable, with the same redaction workflows applying regardless of how documents originated. This removes a major blind spot where legacy systems fail.",[11,119,120],{},"The search functionality integrates directly with redaction. Search for an item in a document, find ten instances, redact them all in one click. Then the system alerts you to other occurrences in different files. The workflow becomes: search, review results in current document, redact confirmed instances, then address flagged items elsewhere in the data room.",[11,122,123],{},"Pricing follows a different logic entirely. Assisted redaction isn't an add-on feature. Redacted documents don't lead to a per-page upcharge. It's included in the platform. No artificial incentives to redact outside the system. No penalties for thorough document protection.",[24,125,127],{"id":126},"the-pattern-recognition-problem","The pattern recognition problem",[11,129,130],{},"Perhaps the more interesting question is whether M&A teams will demand better tools, or simply adapt to elevated risks. Early evidence suggests they're rejecting automation theater in favor of control.",[11,132,133],{},"The vendors marketing \"one-click redaction for 1,000 files\" aren't addressing what M&A professionals actually need. They're selling the idea of productivity gains to budget holders who don't sit in the trenches reviewing documents. The people doing the actual work understand the difference between speed and thoroughness.",[11,135,136],{},"A context-aware system like Entropia's offer a middle path. The AI doesn't make decisions, it scales decisions humans already made. The human expertise remains central. The software eliminates repetitive mechanical tasks while preserving oversight at critical junctures. This matters because document volumes in M&A continue growing. A mid-sized transaction easily involves thousands of files. Pure manual review becomes a nightmare at scale. But autonomous systems that make unsupervised decisions about sensitive data aren't the answer either.",[11,138,139],{},"The solution involves AI, but not the AI that vendors have been marketing. Not systems that replace human judgment with algorithmic confidence. Instead, tools that extend human judgment across larger datasets while maintaining visibility and control at every step. Whether the VDR industry moves in this direction depends on whether buying decisions come from deal teams who understand the requirements, or from procurement departments optimizing for feature checklists and cost reduction.",[11,141,142],{},"The evidence from conversations with M&A professionals suggests the former is winning. When an associate says \"I'd rather have my intern spend eight hours on redaction than take the risk with AI,\" that's not technophobia. That's someone who understands exactly where liability sits when documents leak or regulators investigate.",[11,144,145],{},"Control, it turns out, means knowing when to automate and when to verify. The best redaction system isn't the one that promises to do everything automatically. It's the one that helps humans do their job better without removing them from the process.",[11,147,148,149,154],{},"-> Read more about our context-aware data room in ",[150,151,153],"a",{"href":152},"\u002Fblog\u002Fdont-let-your-vdrs-ai-tank-your-deal","this article",".",{"title":156,"searchDepth":157,"depth":157,"links":158},"",2,[],null,"2025-12-29","Legacy VDRs charge extra for AI-redaction that doesn't work. Entropia has a better idea.","md","\u002Fblog\u002Fscreenshot-2025-12-29-at-18.50.06.png",{},true,"\u002Fblog\u002Fen\u002Fcontext-adaptive-file-redaction",{"title":5,"description":161},"blog\u002Fen\u002Fcontext-adaptive-file-redaction",[170,171],"solution","insights","VT3-mcO1W_OfoLcxmpTlzR3lOAf8l24_D-dTHpHheNA",[174,332,559],{"id":175,"title":176,"author":177,"body":178,"coAuthors":159,"date":323,"description":324,"extension":162,"image":325,"meta":326,"navigation":165,"path":327,"seo":328,"stem":329,"tags":330,"__hash__":331},"blog\u002Fblog\u002Fen\u002Fsoc2.md","Entropia is now SOC 2 Type II certified","The Entropia team",{"type":8,"value":179,"toc":316},[180,183,188,204,211,225,228,232,235,252,255,259,262,265,276,280,287,290,293,296,299,303,306,309],[11,181,182],{},"Many providers will claim that your data is safe with them, but how do you know? At Entropia, we didn't want customers to take our word for it alone. That's why we went through months of independent, rigorous auditing to achieve SOC 2 Type II attestation.",[184,185,187],"h2",{"id":186},"what-is-soc-2-type-ii","What is SOC 2 Type II?",[11,189,190,194,195,199,200,203],{},[191,192,193],"strong",{},"\"SOC\""," stands for ",[196,197,198],"em",{},"System and Organisation Controls",". It is an audit framework designed by the ",[196,201,202],{},"American Institute of Certified Public Accountants"," (AICPA).",[11,205,206,207,210],{},"The ",[191,208,209],{},"\"2\""," distinguishes it from other SOC reports:",[32,212,213,219],{},[35,214,215,218],{},[191,216,217],{},"Type I"," evaluates design of controls at a point in time.",[35,220,221,224],{},[191,222,223],{},"Type II"," evaluates their operating effectiveness over a period (typically 6–12 months).",[11,226,227],{},"For customers, that distinction is crucial. Type II requires months of continuous evidence, not just documents. It's a discipline, not a checkbox.",[184,229,231],{"id":230},"what-entropia-is-doing-to-maintain-soc-2-type-ii","What Entropia is doing to maintain SOC 2 Type II",[11,233,234],{},"Achieving SOC 2 Type II standards required implementing and documenting controls that span every part of our organisation:",[32,236,237,240,243,246,249],{},[35,238,239],{},"Formal access reviews and permission boundaries",[35,241,242],{},"Reproducible build processes",[35,244,245],{},"Operational logs, monitoring, and alerting",[35,247,248],{},"Incident response procedures",[35,250,251],{},"Vendor and subprocessor management",[11,253,254],{},"Security isn't a side project. It's in every code commit, every access request, every system change. And crucially, we have been independently audited over several months to prove that these controls are enforced in practice, not just documented in theory.",[184,256,258],{"id":257},"why-this-matters-to-our-customers","Why this matters to our customers",[11,260,261],{},"For customers, SOC 2 Type II provides third-party assurance. It shows that security at Entropia is not simply promised but independently verified. It is among the most widely recognised and demanding attestations available to software-as-a-service providers, requiring stringent controls that operate consistently over time.",[11,263,264],{},"This means your data is handled responsibly, systems are monitored, and risks are actively managed. At the same time, it reflects structured, disciplined engineering practices: formal access reviews, reproducible build processes, and operational logs that withstand scrutiny.",[11,266,267,268,271,272,275],{},"It didn't ",[196,269,270],{},"make"," us secure. It made us ",[196,273,274],{},"prove"," it.",[184,277,279],{"id":278},"what-about-iso-27001","What about ISO 27001?",[11,281,282,283,286],{},"We are not the only ones involved in protecting your data. When you use Entropia, your data is processed through our systems, but when it is stored ",[196,284,285],{},"at rest",", it lives on the infrastructure of a cloud provider.",[11,288,289],{},"Among our subprocessors, this cloud provider is the most important one: it physically hosts your data. That's why, when evaluating the security of any SaaS provider, it's essential to also consider the security standards of the cloud providers they rely on.",[11,291,292],{},"Our hosting partner, Scaleway, is certified under ISO\u002FIEC 27001 — the internationally recognised standard for information security management systems. This certification applies to Scaleway's infrastructure and demonstrates that their data centres and cloud environment are governed by strong security and risk management practices.",[11,294,295],{},"For Entropia's customers, this provides an additional layer of assurance: our SOC 2 Type II attestation validates the way we manage and operate our own controls over time, while Scaleway's ISO 27001 certification confirms that the underlying infrastructure on which our services run is also independently verified.",[11,297,298],{},"Together, these frameworks address different layers of security — from our operational processes to the physical and cloud environment that supports them.",[184,300,302],{"id":301},"our-floor-not-our-ceiling","Our floor, not our ceiling",[11,304,305],{},"SOC 2 Type II is one of the most widely recognised and rigorous security attestations for SaaS providers, and we are proud to meet it. But for us it is only the floor, not the ceiling.",[11,307,308],{},"We are adopting a Zero Trust security model on top: an approach in which no device, user, or request is trusted by default. Every action is authenticated, authorised, and monitored continuously. This model goes beyond the requirements of SOC 2 and strengthens resilience at the architectural level.",[11,310,311,312],{},"Read more: ",[150,313,315],{"href":314},"\u002Fblog\u002Fzero-trust","Our zero-trust security model →",{"title":156,"searchDepth":157,"depth":157,"links":317},[318,319,320,321,322],{"id":186,"depth":157,"text":187},{"id":230,"depth":157,"text":231},{"id":257,"depth":157,"text":258},{"id":278,"depth":157,"text":279},{"id":301,"depth":157,"text":302},"2025-08-15","Entropia achieves SOC 2 Type II certification. What it means for the security of our dataroom.","\u002Fblog\u002Fsoc2-type-ii-header-photo-with-controls.png",{},"\u002Fblog\u002Fen\u002Fsoc2",{"title":176,"description":324},"blog\u002Fen\u002Fsoc2",[170,171],"QOEwxHZ5jMfm-KS7jUo_bgNK3m90X5MB408PpSSZZP0",{"id":333,"title":334,"author":6,"body":335,"coAuthors":159,"date":550,"description":551,"extension":162,"image":552,"meta":553,"navigation":165,"path":554,"seo":555,"stem":556,"tags":557,"__hash__":558},"blog\u002Fblog\u002Fen\u002Fzero-trust.md","Our Zero Trust security architecture",{"type":8,"value":336,"toc":541},[337,340,343,346,349,353,356,359,362,365,376,379,383,388,391,394,403,409,412,416,419,525,528,532,535,538],[11,338,339],{},"Would you leave your front door unlocked simply because your neighbourhood has a low crime rate?",[11,341,342],{},"Many companies, even by meeting compliance standards, implicitly do just that.",[11,344,345],{},"Entropia has validated the SOC2 Type II level controls, which corresponds to proving that the neighbourhood is under constant surveillance and demonstrably safe.",[11,347,348],{},"But we have chosen to go further and raise the bar with a Zero Trust model.",[184,350,352],{"id":351},"what-zero-trust-means","What Zero Trust means",[11,354,355],{},"For decades, corporate networks were built like castles, or fortresses: high walls, a deep moat, and the assumption that anyone allowed inside was trustworthy.",[11,357,358],{},"Unfortunately, modern attackers might still steal a key or tunnel under the moat. If they ever manage to get inside, they can wander freely.",[11,360,361],{},"Zero Trust rejects the castle. Instead, it assumes that no user, device, or network packet is trustworthy by default. Each request to access resources, whether from an employee, contractor, or application, is treated as if it comes from an untrusted network until it has been inspected, authenticated, and verified. Access is granted only for the minimum necessary purpose and only for as long as needed.",[11,363,364],{},"This model is implemented by leading companies such as Google where our CTO, Pierre, spent six years as a Solutions Engineer, gaining firsthand experience of how it works in practice. Google frames the model around three core principles:",[32,366,367,370,373],{},[35,368,369],{},"Assume all network traffic is a potential threat at all times. Every user, device, and flow is subject to ongoing authentication, authorisation, and validation, with any request lacking explicit permission automatically denied.",[35,371,372],{},"Enforce least-privileged access. Each entity is granted only the minimum rights needed to complete a task, limiting the ability of attackers to move laterally if compromise occurs.",[35,374,375],{},"Always monitor. Continuous oversight analyses and manages activity in real time, identifying potential threats, incidents, and anomalies to investigate.",[11,377,378],{},"These principles, first articulated by Forrester and formalised by the U.S. National Institute of Standards and Technology (NIST), form the foundation of our own approach.",[184,380,382],{"id":381},"how-zero-trust-raises-the-bar-above-soc-2","How Zero Trust raises the bar above SOC 2",[384,385,387],"h3",{"id":386},"what-is-soc-2","What is SOC 2",[11,389,390],{},"Customers increasingly demand evidence that their providers handle data responsibly. SOC2, created by the American Institute of CPAs, has become one of the most widely recognised audit frameworks.",[11,392,393],{},"The standard evaluates an organisation's controls across five \"Trust Services Criteria\": security, availability, processing integrity, confidentiality, and privacy.",[11,395,396,397,399,400,402],{},"A ",[191,398,217],{}," report describes how controls are designed at a single point in time.\nA ",[191,401,223],{}," report, which we have achieved, goes further: it validates that those controls operate effectively over months, not merely on paper.",[11,404,405],{},[150,406,408],{"href":407},"\u002Fblog\u002Fsoc2","> Read more about our SOC2 Type II certification",[11,410,411],{},"But as robust as it is, SOC 2 is still a framework of proof, not an architecture of defence. It tells customers that the right doors are locked and checked regularly. It does not redesign the building itself.\nThat is why we describe SOC 2 Type II as our floor, not our ceiling.",[384,413,415],{"id":414},"where-zero-trust-goes-further","Where Zero Trust goes further",[11,417,418],{},"Zero Trust pushes security beyond compliance checklists into systemic resilience. To illustrate the contrast in concrete terms, here are a few key examples where Zero Trust provides stronger protection than SOC 2 expectations. The list is not exhaustive, but it highlights the most important areas where the difference is most tangible.",[32,420,421,434,447,460,473,486,499,512],{},[35,422,423,426],{},[191,424,425],{},"Stolen credentials cannot enable long-term access",[32,427,428,431],{},[35,429,430],{},"SOC2: Restrict access to authorised users (often with MFA and roles)",[35,432,433],{},"Zero Trust: Continuous verification of user identity, device health, and behaviour at every request (that is, every attempt by a user, device, or application to access a resource)",[35,435,436,439],{},[191,437,438],{},"Containing breaches, not only detecting them",[32,440,441,444],{},[35,442,443],{},"SOC2: Monitor systems for anomalies and respond to incidents",[35,445,446],{},"Zero Trust: Real-time enforcement that blocks risky actions before they escalate",[35,448,449,452],{},[191,450,451],{},"Stopping data exfiltration at the source",[32,453,454,457],{},[35,455,456],{},"SOC2: Encrypt data in storage and transit",[35,458,459],{},"Zero Trust: Add context-aware rules (e.g., downloads blocked from non-compliant devices)",[35,461,462,465],{},[191,463,464],{},"Eliminating lingering third-party access",[32,466,467,470],{},[35,468,469],{},"SOC2: Assess vendor risk and restrict external access",[35,471,472],{},"Zero Trust: Just-in-time, least-privilege access for third parties",[35,474,475,478],{},[191,476,477],{},"Limiting the blast radius of incidents",[32,479,480,483],{},[35,481,482],{},"SOC2: Demonstrate risk assessments and mitigations",[35,484,485],{},"Zero Trust: Architect systems to minimise blast radius by design",[35,487,488,491],{},[191,489,490],{},"Maintaining service resilience",[32,492,493,496],{},[35,494,495],{},"SOC2: Ensure system availability with continuity plans",[35,497,498],{},"Zero Trust: Design resilient architectures that isolate failures and keep services running",[35,500,501,504],{},[191,502,503],{},"Protecting confidentiality dynamically",[32,505,506,509],{},[35,507,508],{},"SOC2: Document confidentiality and privacy policies",[35,510,511],{},"Zero Trust: Enforce context-aware restrictions and encryption by design",[35,513,514,517],{},[191,515,516],{},"Reducing insider risk",[32,518,519,522],{},[35,520,521],{},"SOC2: Apply HR and access review policies",[35,523,524],{},"Zero Trust: Limit insider risk with least-privilege and continuous monitoring",[11,526,527],{},"And there is more to it: these examples illustrate some of the obvious contrasts, but Zero Trust also changes the way systems are conceived and built, embedding security into the architecture itself rather than treating it as a compliance exercise.",[184,529,531],{"id":530},"why-should-our-customers-care","Why should our customers care?",[11,533,534],{},"For dataroom customers, the implications are crucial. SOC2 compliance means your data is handled responsibly, Zero Trust means it is defended relentlessly. Breaches that would spill across a legacy dataroom provider's environment stop cold within ours.",[11,536,537],{},"Building on Zero Trust is more demanding for application developers, because security must be engineered directly into the architecture rather than bolted on later. Zero Trust requires grappling with identity-driven policies (deciding who can access which resources and under what conditions), network segmentation (designing the system so that even if one part is compromised, attackers cannot easily move to another), and continuous telemetry (collecting and analysing data about activity in real time to detect and prevent anomalies).",[11,539,540],{},"Together, the two frameworks signal Entropia's ambition to raise the bar for dataroom customers: SOC2 Type II proves we meet one of the toughest industry standards, while Zero Trust shows we aim beyond yesterday's definitions of secure.",{"title":156,"searchDepth":157,"depth":157,"links":542},[543,544,549],{"id":351,"depth":157,"text":352},{"id":381,"depth":157,"text":382,"children":545},[546,548],{"id":386,"depth":547,"text":387},3,{"id":414,"depth":547,"text":415},{"id":530,"depth":157,"text":531},"2025-07-28","Zero Trust explained: learn how Entropia elevates data room security beyond compliance frameworks.","\u002Fblog\u002Fzero-trust-header-picture.png",{},"\u002Fblog\u002Fen\u002Fzero-trust",{"title":334,"description":551},"blog\u002Fen\u002Fzero-trust",[170,171],"grl0J_Hg03WL_GamQWTOcx___JxL_a6K403cGGR7tLQ",{"id":560,"title":561,"author":6,"body":562,"coAuthors":159,"date":819,"description":820,"extension":162,"image":821,"meta":822,"navigation":165,"path":823,"seo":824,"stem":825,"tags":826,"__hash__":827},"blog\u002Fblog\u002Fen\u002Fnext-generation-data-room.md","Entropia is building the next generation data room",{"type":8,"value":563,"toc":808},[564,567,571,574,577,580,583,587,590,593,644,647,650,654,658,661,664,673,676,680,683,686,689,727,730,734,737,740,766,770,773,776,779,786,790,793,796,799,802,805],[11,565,566],{},"Every strategic transaction begins with a mountain of documents. Collecting, classifying, renaming, redacting, and indexing them usually takes months. Virtual Data Rooms (VDRs) were supposed to make this easier. Instead, they often feel like digital relics: slow, clunky, and priced as if servers still charged rent by the page. Entropia is redesigning this experience.",[184,568,570],{"id":569},"our-rd-journey-ai-document-processing","Our R&D journey: AI document processing",[11,572,573],{},"Since founding Entropia, we have been exploring how AI can work in conjunction with private data. We focused on unstructured data: the millions of PDFs, PowerPoints, Scans, Word or Excel files, even Autocad drawings that companies store in their clouds but struggle to exploit.",[11,575,576],{},"From early 2024, we developed expertise in four areas: automated document understanding, semantic search across vast corpora, information extraction with generative AI, and chat-based agentic applications.",[11,578,579],{},"These capabilities were first deployed in projects with clients in legal, finance, consulting, real estate, and even health care. They took the form of a search engine, a document analysis grid, and later an agent-based platform able to answer questions directly from large internal libraries.",[11,581,582],{},"Much of this work centred on due-diligence material with strict confidentiality standards. It became clear that what began as tools for research and knowledge management had an obvious home in the due diligence and transactions processes, and that a natural stage for such technology was the data room.",[184,584,586],{"id":585},"leveraging-our-rd-to-reinvent-the-data-room","Leveraging our R&D to reinvent the data room",[11,588,589],{},"Ask any Associate preparing a deal. Data rooms remain indispensable but exasperating: interfaces are often slow, pricing opaque, and critical tasks are often managed outside the platform, in Excel and email threads.",[11,591,592],{},"Conversations with data room users revealed a catalogue of recurring pain points:",[32,594,595,601,607,613,619,625,638],{},[35,596,597,600],{},[191,598,599],{},"Time-consuming preparation",": Collecting, verifying, renaming, classifying and redacting thousands of documents is still largely manual and painfully slow. On the sell-side, analysts and associates too often struggle for the basics. Transactions are highly time sensitive, and every week of delay risks stalling the deal.",[35,602,603,606],{},[191,604,605],{},"Outdated interfaces",": Platforms remain too often clunky, slow or buggy, forcing reliance on support teams, and generating stress.",[35,608,609,612],{},[191,610,611],{},"Lack of smart functionalities truly leveraging AI:"," Users expect smarter features to cut the drudgery of data room preparation. Yet despite grand promises, most providers deliver little beyond incremental tweaks.",[35,614,615,618],{},[191,616,617],{},"Stressful access management",": Granular permissions are complex to set up and easy to mishandle. Some users have to call support teams to make sure they are properly setup.",[35,620,621,624],{},[191,622,623],{},"Processes outside the platform",": Critical tasks often spill into Excel sheets, email chains, leading to errors, duplication and inefficiency.",[35,626,627,630,631,637],{},[191,628,629],{},"Opaque pricing",": Bills are unpredictable and frequently exceed initial estimates, producing invoice shock for clients. Legacy page-based billing models punish users with escalating costs. That's also the experience ",[150,632,636],{"href":633,"rel":634},"https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Farnaud-de-terline\u002F",[635],"nofollow","Arnaud"," had a few years ago when his former company Arcane was acquired.",[35,639,640,643],{},[191,641,642],{},"Data sovereignty:"," For European clients, incumbents have yet to provide convincing answers on data sovereignty. Most rely on US-based cloud providers, potentially leaving sensitive files exposed to extraterritorial claims. Amid sharpened geopolitical tensions, a growing number of european customers now declare they would prefer more sovereign alternatives.",[11,645,646],{},"Meanwhile, a new generation of bankers, lawyers and real-estate analysts now expect workplace tools to match the sleekness of the apps they use in daily life, and have little patience for sluggish enterprise software.",[11,648,649],{},"With deep experience in document processing, we recognised that their frustrations was an opportunity for us, and resolved to reinvent the data room as if it were designed today: fast, modern, AI-native and transparently priced.",[184,651,653],{"id":652},"our-product-priorities","Our product priorities",[384,655,657],{"id":656},"a-blazing-fast-data-room-experience","A blazing-fast data room experience",[11,659,660],{},"The first complaint from many users is the sheer slowness of existing data rooms. What should feel like a simple web app too often behaves like a relic from the early 2000s.",[11,662,663],{},"This is less about hardware limits than accumulated technical debt: years of bolted-on features have left incumbents with sluggish systems.",[11,665,666,667,672],{},"By contrast, Entropia is rebuilding from scratch on a lean modern stack and leveraging best practices that ",[150,668,671],{"href":669,"rel":670},"https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Fdulacp\u002F",[635],"Pierre",", our CTO, once deployed at Google to handle services at planetary scale.",[11,674,675],{},"The goal is straightforward: a data room that feels as fast and smooth as the consumer apps people now take for granted.",[384,677,679],{"id":678},"focus-on-sell-side-pain-points","Focus on Sell-Side pain-points",[11,681,682],{},"We are directing our initial design at the sell-side, with the aim of stripping away the grind of document review, facilitating low-value tasks that consume associates' time.",[11,684,685],{},"That being said, we will avoid forcing users out of familiar workflows: existing Excel processes, such as Q&A tracking, will be integrated and enhanced rather than replaced.",[11,687,688],{},"Here are the first smart features that we are going to put in production:",[32,690,691,697,703,709,715,721],{},[35,692,693,696],{},[191,694,695],{},"Automatic renaming",": Stop wasting nights re-labelling files. Our data room recognises content and applies consistent names across thousands of documents, learning from your naming habits.",[35,698,699,702],{},[191,700,701],{},"Duplicates and version detection",": No more confusion over which draft is final. We spot duplicates and versions instantly, reducing errors.",[35,704,705,708],{},[191,706,707],{},"Index allocation",": Instead of dragging files endlessly into the right folder, our data room reads the content and suggests the proper slot on the index.",[35,710,711,714],{},[191,712,713],{},"Redaction assistance",": Sensitive details (names, addresses, financial figures) can be flagged and removed faster, while remaining under your control.",[35,716,717,720],{},[191,718,719],{},"Semantic search",": No more keyword guessing. Ask questions in plain language and retrieve the right files, even if they are buried deep, or written in another language.",[35,722,723,726],{},[191,724,725],{},"Smarter Q&A management",": Keep Excel in the loop but make it intelligent. The platform surfaces similar buyer questions, reduces duplication and helps manage responses seamlessly.",[11,728,729],{},"Once this is fully live and adopted, a second wave of features will turn to the buy-side. The challenge there is will be digestion rather than organisation. Associates, lawyers and consultants spend weeks combing through contracts and financials to build diligence matrices, flag risky clauses and extract KPIs. Our aim is to make this work faster and more insightful, with AI tools that surface unusual clauses, pull key metrics and generate structured grids.",[384,731,733],{"id":732},"beyond-security-badges-a-zero-trust-architecture","Beyond security badges: a zero-trust architecture",[11,735,736],{},"Data security is one of the first reasons why you want to purchase a data room. From day one, we have handled financial, legal and even health records, which left no room for compromise. Pierre, our CTO, brought with him Google's habit of treating security as a first principle and embedded a zero-trust design into our systems early on.",[11,738,739],{},"Three pillars underpin that approach today:",[32,741,742,751,757],{},[35,743,744,747,748],{},[191,745,746],{},"SOC 2 Type II (audited):"," As this article is being written, we are undergoing audit for SOC 2 Type II, which evaluates how effectively we operate controls over time. It covers everything from access management to incident response, ensuring not just policies on paper but proof of execution.\n--> Read more: ",[150,749,750],{"href":407},"Entropia achieves SOC2 Type II compliance",[35,752,753,756],{},[191,754,755],{},"ISO 27001 (via our cloud provider):"," The infrastructure that hosts both our data room and our AI models is certified under ISO 27001 (among other standards), meaning it follows globally recognised best practice for information security.",[35,758,759,762,763],{},[191,760,761],{},"Zero Trust (by design):"," We go beyond compliance. Every request is verified, every system is assumed hostile until proven otherwise. This architecture builds systemic resilience rather than relying solely on checklists.\n--> Read more: ",[150,764,765],{"href":314},"Our zero-trust security model",[384,767,769],{"id":768},"beyond-gdpr-compliance-sovereignty-for-european-customers","Beyond GDPR compliance: sovereignty for European customers",[11,771,772],{},"Data sovereignty is a growing concern as geopolitical uncertainty mounts.",[11,774,775],{},"On the legal side: extra-territorial laws such as America's CLOUD Act or FISA 702 give U.S. authorities the power to compel access to data held by American cloud providers, regardless of where the servers are located.",[11,777,778],{},"That makes it impossible for them to guarantee European clients full protection, even when they claim that \"data is hosted on european servers\".",[11,780,781,782,785],{},"By contrast, hosting exclusively in Europe ",[196,783,784],{},"and"," with a European provider allows us to offer something rare in the data room market: genuine insulation from foreign surveillance laws.",[384,787,789],{"id":788},"transparent-and-flexible-pricing","Transparent and flexible pricing",[11,791,792],{},"Last but not least comes pricing, where most data rooms remain oddly stuck in the 1990s. Back when rooms were physical and files sat in metal lockers, charging per page made sense: more pages meant more shelves, more space, more rent. Yet the industry has clung to this proxy long after the files went digital. The catch is obvious: no one knows in advance how many pages a deal will generate.",[11,794,795],{},"That opacity has proved costly. Many sellers are lured by low initial estimates, only to suffer invoice shock at closing. Arnaud, when selling his previous firm, ended up paying three times the sum initially quoted by the Datasite representative. To make matters worse, critical functions for M&A professionals are often sold as pricey add-ons, slowing the process if they are not purchased.",[11,797,798],{},"We see little value in perpetuating that model. While we can match market practice if clients insist, our preference is to offer a fixed monthly price tied to gigabytes, with unlimited access to all features. No surprises, no invoice shock.",[800,801],"hr",{},[11,803,804],{},"For transaction professionals weary of outdated tools, Entropia offers a chance to see what a data room looks like when reimagined from scratch. Built on modern infrastructure, equipped with AI where it matters, shielded by European data sovereignty, and priced with clarity, it is designed for the realities of today's transactions rather than the habits of yesterday's vendors.",[11,806,807],{},"If you spend your nights chasing versions, managing Q&A in spreadsheets or bracing for invoice shock, we invite you to give Entropia a try and see how much smoother a deal can feel when the data room finally works for you.",{"title":156,"searchDepth":157,"depth":157,"links":809},[810,811,812],{"id":569,"depth":157,"text":570},{"id":585,"depth":157,"text":586},{"id":652,"depth":157,"text":653,"children":813},[814,815,816,817,818],{"id":656,"depth":547,"text":657},{"id":678,"depth":547,"text":679},{"id":732,"depth":547,"text":733},{"id":768,"depth":547,"text":769},{"id":788,"depth":547,"text":789},"2025-06-03","Our innovation journey and how we redesign data rooms for today's transaction professionals.","\u002Fblog\u002Fscreenshot-2025-09-04-at-22.13.56.png",{},"\u002Fblog\u002Fen\u002Fnext-generation-data-room",{"title":561,"description":820},"blog\u002Fen\u002Fnext-generation-data-room",[170,171],"g_-xWhnsPk9smIKY5_OBfjlk5H5qVrDbxTWvv-hTOR0",1780743200911]