DealFlow

Privacy Policy

Last Updated: November 27, 2025

1. Introduction

DealFlow ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Services").

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, phone number, business information
  • Profile Data: Professional photo, company name, years of experience, license information
  • Contract Data: Property addresses, buyer/seller information, transaction details, financial information
  • Document Uploads: Contract PDFs, property documents, photos, receipts
  • Communication Data: Messages sent through our platform, support inquiries
  • Payment Information: Processed securely through Stripe (we do not store full payment card details)

2.2 Automatically Collected Information

  • Device Information: Device type, operating system, unique device identifiers
  • Usage Data: Features used, time spent in app, interaction patterns
  • Location Data: Approximate location (for property address verification only)
  • Analytics: Firebase Analytics, Google Analytics for app performance and user behavior
  • Cookies: Session cookies, preference cookies, analytics cookies

2.3 Information from Third Parties

  • Firebase Authentication: Authentication tokens, login status
  • Google Services: OAuth login information (if using Google Sign-In)
  • Stripe: Payment processing status, subscription information

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: Provide contract management, deadline tracking, document storage
  • AI Features: Contract parsing using Google Gemini AI, smart contingency suggestions
  • Communication: Send deadline reminders, notifications, transaction updates
  • Client Portal: Enable clients to access their contract timeline and documents
  • Payment Processing: Handle subscriptions, commission protection transactions
  • Analytics: Improve app performance, understand user behavior, fix bugs
  • Security: Detect fraud, prevent abuse, protect user accounts
  • Legal Compliance: Comply with legal obligations, resolve disputes
  • Marketing: Send promotional emails (with your consent, unsubscribe anytime)

4. Third-Party Services

We use the following third-party services that may collect your data:

  • Firebase (Google): Authentication, database, cloud storage, analytics
  • Google Gemini AI: Contract parsing and AI-powered features
  • Stripe: Payment processing and subscription management
  • Vercel: Website hosting and deployment
  • Sanity CMS: Content management for our website
  • RevenueCat: Mobile subscription management

Each third-party service has its own privacy policy. We encourage you to review their policies:

5. Data Sharing and Disclosure

We do NOT sell your personal data. We may share your information in the following limited circumstances:

  • With Your Clients: Contract timeline, documents, messages (via secure client portal)
  • Service Providers: Third-party services listed above that help us operate
  • Legal Requirements: If required by law, court order, or government request
  • Business Transfers: In case of merger, acquisition, or sale of assets
  • With Your Consent: Any other sharing with your explicit permission

6. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest (Firebase encryption)
  • Secure authentication (Firebase Auth)
  • Regular security audits
  • Access controls and role-based permissions
  • PCI DSS compliance for payment processing (via Stripe)

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations:

  • Active Accounts: Data retained while your account is active
  • Closed Deals: Contract data retained for 7 years (IRS requirement)
  • Deleted Accounts: Most data deleted within 30 days, some retained for legal/tax purposes
  • Analytics Data: Aggregated, anonymized data may be retained indefinitely

8. Your Privacy Rights

Depending on your location, you may have the following rights:

8.1 All Users

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate data
  • Deletion: Request deletion of your data (subject to legal obligations)
  • Export: Download your contract data in portable format
  • Opt-Out: Unsubscribe from marketing communications

8.2 California Residents (CCPA)

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of sale of personal information (we don't sell data)
  • Right to non-discrimination for exercising privacy rights

8.3 EU/UK Residents (GDPR)

  • Right to data portability
  • Right to restriction of processing
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with supervisory authority

To exercise any of these rights, contact us at privacy@dealflow.properties

9. Children's Privacy

DealFlow is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your own, including the United States. We ensure appropriate safeguards are in place through:

  • Standard contractual clauses approved by the European Commission
  • Privacy Shield Framework compliance (where applicable)
  • Data processing agreements with third-party providers

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by:

  • Email notification to registered users
  • In-app notification
  • Updated "Last Updated" date at the top of this policy

Your continued use of DealFlow after changes indicates acceptance of the updated policy.

12. Contact Us

For privacy-related questions or concerns, contact us:

Email: privacy@dealflow.properties

Mail: DealFlow Privacy Team
[Your Business Address]
[City, State ZIP]

Response Time: We aim to respond within 48 hours

Summary (TL;DR)

  • We collect data necessary to provide our contract management services
  • We use Firebase, Stripe, and Google AI to power our features
  • We do NOT sell your personal data
  • You can access, correct, or delete your data anytime
  • We use industry-standard security measures
  • Contact privacy@dealflow.properties for any concerns