Privacy Policy

Account information: When you register, we collect your name, email address, and password (hashed).

Profile data: Role (buyer or seller), business details, and preferences you provide during onboarding or while using the platform.

Usage data: Pages visited, features used, search queries, and interactions with AI tools. Collected automatically via server logs and analytics services.

Tool leads: If you submit your email through one of our free tools (e.g., SBA Calculator, Valuation Estimator), we collect that email address along with the tool used and result summary.

Payment data: Subscription and payment information is processed by Stripe. We do not store full card numbers on our servers.

Communications: Emails you send us or messages sent through the platform.

We use cookies and similar technologies for the following purposes:

• Essential cookies: Required for authentication (Supabase session tokens), security, and platform functionality. Cannot be disabled.
• Analytics cookies (Google Analytics 4): We use GA4 to understand how visitors navigate our site, which pages are popular, and how users interact with our tools. Data is anonymized where possible. Only set with your consent.
• Marketing cookies (Meta Pixel): We use the Meta Pixel (Facebook) to measure the effectiveness of our advertising campaigns and to show relevant ads on Facebook and Instagram. Only set with your consent.

You can manage your cookie preferences at any time using the cookie consent panel (visible on your first visit). Your choice is stored in your browser's localStorage under the key dfo-cookie-consent.

• To provide, operate, and improve the DealFlow OS platform
• To personalize your experience and surface relevant acquisition targets or seller resources
• To process payments and manage subscriptions
• To send transactional emails (account confirmation, password reset, deal alerts)
• To send marketing emails, if you have opted in
• To analyze usage patterns and improve our AI tools
• To comply with legal obligations

We share data with the following third-party services to operate our platform:

• Supabase: Database, authentication, and file storage. Your account data is stored on Supabase's infrastructure.
• Stripe: Payment processing and subscription management.
• Resend: Transactional email delivery (account alerts, notifications).
• Vercel: Hosting and edge infrastructure.
• Google Analytics 4 (Alphabet Inc.): Usage analytics. Subject to Google's Privacy Policy.
• Meta Platforms (Facebook): Advertising measurement via Meta Pixel. Subject to Meta's Data Policy.
• Anthropic: AI-powered analysis features use Claude via the Anthropic API. Content submitted for analysis may be processed by Anthropic's systems.

We do not sell your personal information to third parties.

We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., payment records required for tax compliance, which may be retained for 7 years).

Tool lead emails (submitted through free tools) are retained for up to 24 months.

Analytics data is retained according to the respective service's default retention periods (26 months for GA4).

If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your personal data (“right to be forgotten”).
• Right to restriction: Request that we limit how we process your data.
• Right to data portability: Receive your data in a portable format.
• Right to object: Object to processing based on legitimate interests or for direct marketing.
• Right to withdraw consent: Withdraw cookie consent at any time via our consent panel.

Our legal basis for processing: contract performance (account services), legitimate interests (platform analytics), and consent (marketing/analytics cookies).

To exercise any of these rights, email us at roy@dealflow-os.com.

If you are a California resident, the California Consumer Privacy Act (CCPA) gives you the following rights:

• Right to know: Request disclosure of the personal information we have collected about you and how it is used and shared.
• Right to delete: Request deletion of personal information we have collected from you.
• Right to opt-out of sale: We do not sell personal information. No opt-out needed.
• Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a California privacy request, email roy@dealflow-os.com with subject line “California Privacy Request.”

We implement industry-standard security measures including encrypted connections (HTTPS/TLS), hashed passwords, and row-level security on our database. However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

DealFlow OS is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will delete it promptly.

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. Continued use of DealFlow OS after changes constitutes acceptance of the updated policy.

For privacy-related questions, data requests, or to exercise your rights, contact us at:

DealFlow OS
Email: roy@dealflow-os.com