Privacy Policy

DealLens ("we", "us", or "our") provides a B2B financial analysis and deal management platform. This Privacy Policy describes how we handle personal information and data on behalf of our business customers ("Customers") and their authorized users ("Users").

1. Introduction & Scope

When you use DealLens, we process two main categories of data:

  • Customer Data: Documents, financial models, deal information, and chat logs uploaded or generated by Users in the platform. For Customer Data, DealLens acts as a Data Processor, and the Customer is the Data Controller. We process this data solely to provide the Services in accordance with our Terms of Service.
  • Account Information: Names, email addresses, billing details, and usage metadata. For Account Information, DealLens acts as a Data Controller to manage our relationship with you and improve our services.

2. Information We Collect

Information You Provide

  • Registration Data: Name, email, job title, and password.
  • Billing Data: Payment information and billing address (processed by our payment providers).
  • Support Data: Information sent to us via support tickets or feedback.

Information Collected Automatically

  • Usage Data: Pages visited, features used, and time spent on the platform.
  • Device Data: IP address, browser type, operating system, and device identifiers.
  • Logs: System activity, error reports, and audit logs for security purposes.

3. How We Use Your Information

We use information for the following business purposes:

  • Service Delivery: To provide, operate, and maintain the DealLens platform.
  • Security: To detect, prevent, and address fraud, abuse, and security risks.
  • Communication: To send transactional emails, administrative notices, and support responses.
  • Improvement: To analyze usage trends and improve the user experience (using aggregated, non-identifiable data).
  • Compliance: To comply with legal obligations and enforce our Terms of Service.

4. AI & Data Handling

Our Commitment on AI Training: We do not use your proprietary Customer Data (including uploaded documents, financial figures, or deal specifics) to train public foundation models (e.g., models shared with other customers or the public).

When you use AI features (e.g., "Ask Document", "Generate Model"), we may send relevant snippets of your data to third-party LLM providers (such as OpenAI, Anthropic, or Google) solely for the purpose of generating a response to your specific request. These providers are contractually prohibited from using your data to train their models.

5. Subprocessors & Sharing

We share data with trusted third-party service providers ("Subprocessors") to support our operations, including:

  • Cloud Infrastructure: (e.g., AWS, Supabase) for hosting and database services.
  • AI Providers: (e.g., OpenAI, Anthropic) for inference capabilities.
  • Analytics & Support: Tools to help us understand usage and provide customer support.

We ensure all Subprocessors are bound by strict data protection obligations. We do not sell your personal information to third parties.

6. Data Retention

We retain Customer Data for the duration of your subscription term. Upon termination or expiration of your account, you may request the deletion of your data. We may retain Account Information and logs for a reasonable period to comply with legal obligations, resolve disputes, and enforce our agreements.

7. Security

We employ enterprise-grade technical and organizational measures to protect your data, including encryption at rest and in transit, strict access controls, and regular security assessments. However, no internet transmission is completely secure, and we cannot guarantee absolute security.

8. Your Rights & Choices

Depending on your location, you may have rights regarding your personal data, such as:

  • Accessing, correcting, or deleting your personal information.
  • Opting out of marketing communications.
  • Objecting to certain processing activities.

Do Not Track & Global Privacy Control

Some browsers have a "Do Not Track" feature. At this time, our system does not respond to DNT requests. However, we respect Global Privacy Control (GPC) signals where required by law.

California Residents (CCPA/CPRA)

If you are a California resident, you have specific rights regarding your personal information, including the right to know what categories of data we collect and the right to request deletion. We do not "sell" or "share" your personal information as defined by CCPA/CPRA for cross-context behavioral advertising.

To exercise these rights, please contact us via the support channels available in your dashboard.

9. Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Service or by email. Continued use of the Service after such changes constitutes acceptance of the new policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us through our website contact form or support channels.