This Privacy Policy explains how DealDesk (“DealDesk”, “we”, “us”) collects, uses, and protects personal data when you use our AI-assisted finance and advisory application at dealdesk.upledge.org (the “Service”). By using the Service you agree to this Policy.
1. Information we collect
- Account data: your name and email address, and — if you sign in with Google — the basic profile fields Google returns (name, email, profile picture, account identifier).
- Workspace data: the advisor roles, deliverables, prompts, and chat messages you create within your workspace.
- Uploaded documents: files you attach for analysis. These are parsed in memory to provide context to the model and are not persisted to our database or disk in the normal flow.
- Usage & billing data: token/credit usage for metering, subscription status, and payment records processed by our payment provider (we do not store full card numbers).
- Technical data: session cookies, IP address, and metadata-only logs (request and error metadata, with secrets and content redacted).
2. How we use your information
- To provide, operate, and secure the Service and your account.
- To generate advisory outputs you request and to meter usage against your plan.
- To process payments and manage subscriptions.
- To send transactional emails (sign-in, verification, password reset, invitations).
- To monitor reliability, prevent abuse, and comply with legal obligations.
3. AI processing
To produce outputs, your prompts and the parsed text of any attached documents are sent to third-party large-language-model (LLM) providers for processing. We send only what is needed to fulfil your request. We do not sell your data and we do not use your workspace content to train our own models. Provider API keys are held server-side and never exposed to your browser.
4. Service providers (sub-processors)
We rely on a small number of vendors to run the Service, including: an LLM provider for generation, Stripe for payments, a transactional email provider, and cloud hosting and managed-database infrastructure. Each receives only the data needed to perform its function and is bound to protect it.
5. Data retention
We retain account and workspace data for as long as your account is active or as needed to provide the Service. Uploaded document content is ephemeral and is not retained after processing. Billing and audit records are kept as required for legal and accounting purposes. You can request deletion of your account and associated data (see “Your rights”).
6. Security
We apply industry-standard safeguards: encryption in transit (HTTPS), server-side handling of provider credentials, encryption of stored secrets, tenant isolation, and metadata-only logging that redacts content and secrets. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
7. Your rights
Depending on your location, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise these rights, contact us at the address below. If you signed in with Google, you can also revoke DealDesk’s access from your Google Account permissions at any time.
9. International transfers
Your data may be processed in countries other than your own, including by the service providers listed above. Where required, we rely on appropriate safeguards for such transfers.
10. Children
The Service is intended for business and professional use and is not directed to individuals under 18. We do not knowingly collect data from children.
11. Changes to this Policy
We may update this Policy from time to time. Material changes will be reflected by updating the “Last updated” date above and, where appropriate, by notice within the Service.
12. Contact
Questions about this Policy or your data? Contact us at privacy@dealdesk.upledge.org.