Privacy Policy – DealView

This Privacy Policy explains how DealView.io ("DealView", "we", "our", or "us") collects, uses, shares, and safeguards information in connection with our contract intelligence platform ("Platform").

By using DealView, you ("Customer", "you", or "your") agree to the terms of this Privacy Policy.

1. Information We Collect

a. Account & Business Information

• Company name, industry, size
• Contact names, emails, and phone numbers
• Billing and subscription information

b. Uploaded Content (Customer Data)

• Contracts, legal documents, metadata, and file contents
• Associated tags, notes, and classifications

c. Workspace and Organization Data

• Workspace configurations and hierarchies
• Portfolio company information and relationships
• Cross-workspace analytics and aggregated metrics
• User permissions and access logs across workspaces

d. External Contract Monitoring

• URLs of publicly hosted contracts you choose to monitor
• Change detection data and version histories
• Automated re-analysis triggers and schedules

e. Usage & Technical Information

• Log data (IP address, browser type, pages visited)
• Session activity (clicks, uploads, navigation behavior)
• Integration activity (CRM/ERP/API usage)

2. How We Use Your Information

We use your information to:

• Provide and improve the DealView Platform
• Deliver AI-powered contract insights and metadata extraction
• Enable integrations with third-party services
• Send product updates, invoices, and support communications
• Monitor security and enforce our Terms of Use
• Comply with legal obligations and resolve disputes

3. Use of AI and Automated Processing

DealView offers multiple AI deployment options to meet your privacy requirements:

a. Standard AI Processing

• OpenAI GPT-4 with zero data retention agreements
• Enterprise data handling with no training on customer data
• Encrypted transmission to AI services

b. Enhanced Privacy Options

• Azure OpenAI Service for data residency control
• On-premise AI deployment (Enterprise+ plans)
• Customer-managed encryption keys available

c. AI Processing Scope

We process Customer Data using AI for:

• Extracting 200+ contract attributes
• Identifying 25+ risk factors
• Obligation tracking and timeline generation
• Party and entity recognition
• Compliance assessment across regulations

Your contracts are NEVER used to train AI models. All AI processing is ephemeral and results are stored only in your DealView workspace.

3A. Use of Aggregate and Anonymized Data

We may compile and use aggregate, de-identified, or anonymized data derived from your use of the Platform for legitimate business purposes, including:

• Improving product functionality and performance
• Developing new features and services
• Benchmarking and producing industry reports
• Internal analytics, research, and marketing activities

This information does not identify you or your company, and no individual contracts or sensitive data will be used in a form that can reasonably be re-associated with your organization.

4. Third-Party Services and Integrations

a. Storage Integrations

• Google Drive, Microsoft OneDrive/SharePoint, Dropbox, Box
• We access only files you explicitly select or folders you authorize
• Sync frequency and scope controlled by your settings

b. CRM Integration

• Salesforce (with attachment sync capabilities)
• We access only contract-related records and attachments

c. Integration Data Handling

• OAuth tokens stored encrypted
• No permanent storage of third-party credentials
• Audit logs of all integration activities

When connected, we may access files or metadata solely to support your use of DealView. Your use of these services is governed by their own privacy policies.

5. Data Storage and Security

• Infrastructure: Supabase (PostgreSQL) with Row Level Security
• File Storage: Cloudflare R2 with AES-256 encryption
• SOC 2 Type II compliant environments
• 18 granular permission types for access control
• Audit trails for all data access
• Automated backups with point-in-time recovery
• Data isolation between workspaces
• Encrypted transmission (HTTPS/TLS)

Despite our efforts, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

5a. Subprocessors

Current subprocessors include:

• Supabase (database hosting) - USA
• Cloudflare (file storage, CDN) - Global
• OpenAI / Azure OpenAI (AI processing) - USA
• Stripe (payment processing) - USA

Updates to subprocessors will be communicated to Enterprise customers.

6. Data Retention

• Active accounts: Data retained while subscription active
• Post-termination: 90-day grace period for data export
• Deleted data: Removed from production within 30 days
• Backups: Pruned within 90 days
• Audit logs: Retained for 2 years for security
• Aggregated analytics: Retained indefinitely in anonymized form

You may request deletion of your data at any time by contacting support@dealview.io.

7. Your Rights

Depending on your location, you may have rights under laws like GDPR or CCPA to:

• Access a copy of your data
• Correct inaccuracies
• Request deletion
• Object to certain processing
• Export your data in standard formats (PDF, CSV, JSON)
• Transfer data between workspaces you control
• Receive machine-readable copies of all AI analysis results

To exercise these rights, email privacy@dealview.io. We may verify your identity before processing requests.

8. Cookies & Analytics

We use:

• Essential cookies: Authentication, security, workspace selection
• Analytics: Google Analytics 4 (anonymized IPs)
• Performance: Page load optimization
• Preference cookies: UI settings, filter preferences

No third-party advertising cookies are used.

You can adjust your browser settings to disable cookies, but some features may not work correctly.

9. Children's Privacy

DealView is not intended for children under 16. We do not knowingly collect personal data from minors.

10. International Transfers

If you are located outside the United States, your information may be transferred to, stored, or processed in the U.S. or other countries with different data protection laws. We take steps to ensure adequate protection of your data in such cases, including:

• Standard Contractual Clauses for EU transfers
• Appropriate safeguards per applicable regulations

11. Compliance and Certifications

• SOC 2 Type II certified
• GDPR compliant with Data Processing Agreements available
• CCPA/CPRA compliant
• HIPAA-ready infrastructure for healthcare contracts
• EU-U.S. Data Privacy Framework participant
• Standard Contractual Clauses available for international transfers

12. Data Breach Notification

In the event of a data breach affecting your personal data, we will:

• Notify affected customers within 72 hours of discovery
• Provide details about the nature and scope of the breach
• Describe measures taken to address the breach
• Offer appropriate remediation when applicable

13. Law Enforcement and Legal Requests

We may disclose information when required by law or legal process. When possible and legally permissible, we will notify you of such requests.

14. B2B Service

DealView is intended for business use only. We do not knowingly collect or process personal data from individuals acting in their personal capacity.

15. Beta Features

When using beta features, additional data collection may occur for testing and improvement purposes. You will be notified when using beta features.

16. Changes to This Policy

We may revise this Privacy Policy from time to time. Material changes will be posted here and/or emailed to account holders. Continued use of the Platform after changes means you accept the new policy.

17. Contact Us

For questions or privacy-related concerns, contact:

Privacy Officer: privacy@dealview.io

Data Protection Officer: dpo@dealview.io

General Support: support@dealview.io