1. Introduction
DealDNA, Inc. (“DealDNA,” “we,” “us,” or “our”) operates the DealDNA platform located at dealdna.ai (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By accessing or using the Service, you consent to the practices described in this policy.
2. Information We Collect
2.1 Information You Provide
- Account Information: Name, email address, phone number, organization name, and job title when you register for an account.
- Payment Information: Credit card details, billing address, and transaction history processed through our payment provider (Stripe). We do not store full credit card numbers on our servers.
- Platform Data: Property records, lead information, contact details, deal data, campaign content, and other information you input into the Service.
- Communications: Emails, chat messages, and support requests you send to us.
2.2 Information Collected Automatically
- Usage Data: Pages visited, features used, clicks, session duration, and interaction patterns collected through PostHog analytics.
- Device Information: IP address, browser type and version, operating system, device type, and screen resolution.
- Cookies: Session cookies for authentication, preference cookies for settings, and analytics cookies for usage tracking.
- Error Data: Application errors and performance metrics collected through Sentry for service improvement.
2.3 Information from Third Parties
We may receive property data, public records, and market information from third-party data providers to enhance the Service. This includes county assessor records, MLS data, census information, and other publicly available datasets.
3. How We Use Your Information
- Provide, maintain, and improve the DealDNA platform and its features
- Process transactions, send billing notifications, and manage your subscription
- Send campaign messages (SMS, email, voice, direct mail) on your behalf through integrated providers
- Generate AI-powered property scores, risk assessments, and deal analysis
- Provide customer support and respond to your inquiries
- Send service-related communications (account verification, security alerts, feature updates)
- Monitor and analyze usage trends to improve the Service
- Detect, prevent, and address fraud, security issues, and technical problems
- Comply with legal obligations and enforce our Terms of Service
4. Data Sharing and Disclosure
We do not sell your personal information. We share data only with the following categories of recipients:
- Service Providers: Supabase (database hosting), Vercel (application hosting), Stripe (payment processing), Twilio (SMS/voice), Resend (email delivery), Lob (direct mail), Retell (AI calling), Sentry (error tracking), PostHog (analytics), and Crisp (customer support chat).
- Skip Trace Providers: When you request skip traces, we share property addresses with our skip trace vendor to retrieve contact information. Results are cached and subject to data retention limits.
- Legal Requirements: We may disclose information when required by law, subpoena, court order, or regulatory request.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
- With Your Consent: We may share information for other purposes with your explicit consent.
5. TCPA & Communication Compliance
DealDNA provides tools for outbound communications including SMS, email, voice calls, and direct mail. We enforce compliance safeguards including:
- Internal Do Not Call (DNC) list management synchronized with National DNC Registry
- Immediate opt-out processing for all communication channels
- Time-of-day restrictions (8:00 AM – 9:00 PM recipient local time)
- Frequency caps to prevent excessive contact
- Consent tracking and audit logs for compliance documentation
You remain solely responsible for ensuring proper consent is obtained before initiating outreach campaigns through the Service.
6. Data Security
We implement industry-standard security measures to protect your information:
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Row-Level Security (RLS) policies for multi-tenant data isolation
- API key authentication with SHA-256 hashing (keys are never stored in plaintext)
- Rate limiting on all API endpoints (100 requests/minute per key)
- Regular security audits and penetration testing
- Automated vulnerability scanning in CI/CD pipeline
- SOC 2 Type II compliance through infrastructure providers
7. Data Retention
- Account Data: Retained for as long as your account is active, plus 30 days after account closure for data export purposes.
- Skip Trace Results: Cached for 90 days, then automatically purged.
- Campaign Logs: Retained for 12 months for compliance audit purposes.
- Analytics Data: Aggregated usage data retained for 24 months; individual session data retained for 90 days.
- Billing Records: Retained for 7 years as required by tax and financial regulations.
8. Your Rights
8.1 CCPA Rights (California Residents)
- Right to Know: Request a copy of the personal information we have collected about you in the preceding 12 months.
- Right to Delete: Request deletion of your personal information, subject to legal retention requirements.
- Right to Opt-Out: We do not sell personal information, so this right is satisfied by default.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
8.2 General Rights (All Users)
- Access: Request a machine-readable export of your data at any time from Settings.
- Correction: Update inaccurate personal information through your account settings.
- Portability: Export your properties, contacts, leads, and deals in CSV format.
- Marketing Opt-Out: Unsubscribe from marketing emails via the link in any marketing communication.
9. Cookies & Tracking
We use the following categories of cookies:
- Essential Cookies: Required for authentication and security. Cannot be disabled.
- Functional Cookies: Remember your preferences (theme, layout, filters).
- Analytics Cookies: PostHog analytics to understand usage patterns. Can be disabled in account settings.
We do not use third-party advertising cookies or cross-site tracking.
10. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us and we will take steps to delete such information.
11. International Data Transfers
Your information is processed and stored in the United States. By using the Service, you consent to the transfer of your information to the United States. Our infrastructure providers maintain appropriate safeguards for international data transfers where applicable.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice on the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.
13. Contact Us
For privacy inquiries, data access requests, or concerns: