Privacy Policy

Last Updated: January 7, 2025

1. Information We Collect

1.1 Information You Provide

When you register for and use DealSpark, we collect:

• Account Information: Name, email address, password (encrypted), company name, job title, and phone number
• Billing Information: Payment card details (processed securely by Stripe), billing address, and transaction history
• Deal Data: Company names, financial information, valuations, documents, notes, and other deal-related content you input into the platform
• Communications: Support requests, feedback, and any correspondence with our team

1.2 Information Collected Automatically

When you access our platform, we automatically collect:

• Device Information: IP address, browser type, operating system, and device identifiers
• Usage Data: Pages viewed, features used, time spent on platform, and interaction patterns
• Log Data: Access times, error logs, and referring URLs
• Cookies and Tracking: Session cookies, authentication tokens, and analytics data (see Section 6)

1.3 Information from Third Parties

We may receive information from:

• Authentication providers if you use single sign-on (SSO)
• Payment processors regarding transaction status
• Analytics services for aggregated usage statistics

2. How We Use Your Information

We use your information to:

• Provide Services: Operate the platform, process deals, generate documents, and deliver AI-powered features
• Process Payments: Handle subscriptions, billing, invoices, and refunds
• Improve Platform: Analyze usage patterns, fix bugs, and develop new features
• AI Processing: Use your deal data to generate valuations, documents, and analysis (your data is not used to train our AI models)
• Communications: Send service updates, security alerts, and (with consent) marketing communications
• Security: Detect fraud, prevent abuse, and protect our users and platform
• Legal Compliance: Meet regulatory requirements and respond to legal requests

3. Data Sharing and Disclosure

We share your information only in the following circumstances:

3.1 Service Providers

We work with trusted third parties who assist in operating our platform:

• Stripe: Payment processing (PCI-DSS compliant)
• Anthropic (Claude AI): AI-powered features (data processed per their enterprise terms)
• Cloud Infrastructure: Secure hosting and data storage
• Analytics: Aggregated, anonymized usage statistics

3.2 Legal Requirements

We may disclose information if required by law, court order, subpoena, or to:

• Comply with legal obligations
• Protect our rights, privacy, safety, or property
• Prevent fraud or security threats
• Enforce our Terms of Service

3.3 Business Transfers

If DealSpark is acquired, merged, or sells assets, your information may be transferred. You will be notified of any such change and your choices regarding your data.

4. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access, multi-factor authentication, and audit logging
• Infrastructure: SOC 2 compliant cloud infrastructure with regular security audits
• Monitoring: 24/7 threat detection and incident response procedures
• Employee Access: Strict access controls and confidentiality agreements

While we implement robust security measures, no system is 100% secure. You are responsible for maintaining the security of your account credentials.

5. Data Retention

We retain your data as follows:

• Account Data: Retained while your account is active and for 30 days after deletion request
• Deal Data: Retained while your account is active; deleted within 30 days of account closure
• Billing Records: Retained for 7 years as required by tax and accounting regulations
• Usage Logs: Retained for 90 days for security and debugging purposes
• Backups: Retained for up to 90 days, then permanently deleted

6. Cookies and Tracking

We use cookies and similar technologies for:

• Essential Cookies: Required for authentication, security, and core functionality
• Preference Cookies: Remember your settings and preferences
• Analytics Cookies: Help us understand how users interact with our platform

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features.

7. Your Rights and Choices

Depending on your location, you may have the following rights:

7.1 All Users

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and data
• Export: Download your deal data in a portable format
• Opt-Out: Unsubscribe from marketing communications

7.2 European Users (GDPR)

If you are in the European Economic Area (EEA), you have additional rights:

• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

Our legal bases for processing include: contract performance, legitimate interests, legal obligations, and consent.

7.3 California Users (CCPA/CPRA)

California residents have the right to:

• Know what personal information we collect and how it's used
• Delete personal information (subject to exceptions)
• Opt-out of the sale of personal information (we do not sell your data)
• Non-discrimination for exercising privacy rights
• Correct inaccurate personal information
• Limit use of sensitive personal information

To exercise any of these rights, contact us at support@dealspark.co or through your account settings.

8. International Data Transfers

Your data may be processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) for EU data transfers
• Data Processing Agreements with all service providers
• Compliance with applicable data protection frameworks

9. Children's Privacy

DealSpark is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

10. Third-Party Links

Our platform may contain links to third-party websites or services. We are not responsible for their privacy practices. We encourage you to review their privacy policies before providing any personal information.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

• Posting the updated policy on our website
• Sending an email notification to registered users
• Displaying a notice within the platform

Continued use of DealSpark after changes constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions, requests, or concerns:

• Email: support@dealspark.co

We will respond to requests within 30 days (or sooner as required by applicable law).