Privacy Policy

This Policy explains how DealStratum (“we,” “us,” “our”) collects, uses, shares, retains, and deletes information when you use our websites, applications, and services (the “Service”). It is governed by the laws of the State of Florida, United States. By using the Service you agree to this Policy and to our Terms of Service.

1. Overview

DealStratum is a deal-sourcing and broker-outreach platform for acquisition entrepreneurs and search funds. To provide it, we process three broad categories of information: information you give us (your account and the content you create), information we generate as you use the Service (usage and operational data), and factual business-contact information aggregated from publicly available sources for the Broker Directory. This Policy describes each, and — importantly — how and when we delete it.

2. Information We Collect

2.1 Account & profile data

Your name, email address, password (stored only as a salted hash), and workspace settings.

2.2 Billing data

Subscription plan, billing address, and invoice/transaction history. Payments are processed by Stripe; we do not store full payment-card numbers — Stripe holds those. We retain a brand/last-four reference and invoice records for accounting and tax purposes.

2.3 Content you create

The information you put into your workspace: contacts and their details, deals, buy boxes, sourcing targets, outreach sequences, message drafts and replies, mail campaigns, and any documents you upload (for example NDAs, proof-of-funds statements, teasers, and credibility materials). Document files are stored in encrypted object storage.

2.4 Connected mailbox

If you connect an email account, we store your mailbox credentials in encrypted form and access messages solely to send your outreach and read the replies for that workspace. We do not sell, mine, or repurpose your mailbox content for any other purpose.

2.5 Usage & device data

Log, device, and activity data (such as IP address, browser type, pages viewed, and feature usage) used to operate, secure, debug, and improve the Service.

2.6 Directory data

Factual business-contact information about brokers and advisors, aggregated from publicly available sources. See Section 5.

3. How We Use Information

We use information to:

• provide, maintain, secure, and improve the Service;
• process payments and manage your subscription;
• power sourcing, the Directory, outreach, and reply features;
• send service and transactional communications;
• detect, prevent, and respond to fraud, abuse, and security incidents; and
• comply with legal obligations and enforce our Terms.

We do not use your workspace content, uploaded documents, or connected-mailbox messages to train machine-learning models for third parties.

4. How We Share Information

We do not sell your personal account information. We share data only as needed to run the Service:

• Service providers / sub-processors who process data on our behalf under contract — for example Stripe (payments), Google (mailbox connection), object-storage and infrastructure providers, AI providers (for drafting features), and data/mail vendors;
• Legal & safety — to comply with law, respond to lawful requests, or protect the rights, safety, and property of DealStratum, our users, or the public; and
• Business transfers — in connection with a merger, acquisition, or sale of assets, subject to this Policy.

5. The Broker Directory & Publicly Available Information

The Directory consists of factual business-contact information aggregated from publicly available sources — information that brokers and advisors have themselves made public (for example on their own websites, public business marketplaces, and professional-association directories). Under privacy laws such as the CCPA/CPRA, information lawfully made available to the general public is generally not treated as protected “personal information.” We do not include private data, photographs, or sensitive personal information in the Directory.

Removal / opt-out: if you are a listed broker or advisor, you may request removal at our directory removal page. We process verified removal requests promptly and remove the corresponding entries from the public Directory.

6. Data Retention, Deletion & Account Cancellation

We keep personal information only as long as we need it to provide the Service or to meet legal obligations, and then we delete or anonymize it. Our default posture is data minimization — we would rather not hold sensitive material than retain it.

6.1 Cancellation is immediate, permanent, and irreversible

6.2 What is deleted

On cancellation we permanently delete, for your workspace:

• uploaded documents and their underlying files (NDAs, proof-of-funds, teasers, credibility materials);
• all contacts and their details;
• every conversation, sent message, and reply;
• connected-mailbox credentials;
• deals, sourcing lists, buy boxes, mail campaigns, and related content; and
• your login and, for team accounts, the logins of members whose only workspace was yours.

6.3 What we retain

We retain only limited billing and transaction records — such as invoices and credit/payment history — for accounting, tax, audit, and legal-compliance purposes. These records are kept in a form no longer linked to your personal profile (your account is removed; the financial record remains as an anonymized entry).

6.4 Export your documents first

Because deletion cannot be undone, the cancellation flow lets you download all of your uploaded documents as a single archive before you confirm. We encourage you to do so — once you confirm, those files are gone.

6.5 Team workspaces

If you are the owner of a team workspace, canceling deletes the workspace and all of its data for all members — not just you. Only the workspace owner can cancel and delete the account.

6.6 Backups

Residual copies may persist briefly in routine, secured operational backups and are overwritten on our ordinary backup cycle. We do not restore deleted workspace data from backups except where required by law.

7. Your Rights & Choices

Depending on your location, you may have rights to access, correct, delete, export, or restrict the use of your personal information, and to opt out of certain processing. You can delete your account and data at any time using the in-app cancellation flow (Settings → Billing). To make any other request, email hello@dealstratum.com or use the directory removal page above. We do not sell personal information and will not discriminate against you for exercising your rights.

8. Security

We use reasonable technical and organizational measures to protect information — including encryption of stored mailbox credentials and document files, access controls, and tenant isolation. No system is perfectly secure, and we cannot guarantee absolute security. If we become aware of a breach affecting your information, we will notify you and regulators as required by law.

9. Cookies & Analytics

We use essential cookies for authentication and security, and limited analytics to understand and improve usage. You can control cookies through your browser; disabling essential cookies may break sign-in.

10. International Users

DealStratum is operated from the United States and your information is processed there. By using the Service you understand that your information will be transferred to and processed in the U.S., which may have data-protection laws different from those in your country.

11. Children

The Service is not directed to anyone under 18, and we do not knowingly collect their data. If you believe a minor has provided us information, contact us and we will delete it.

12. Changes to This Policy

We may update this Policy; material changes are reflected by the “Last updated” date at the top. Significant changes affecting how we handle your data will be communicated through the Service or by email.

13. Contact

Privacy questions or requests: hello@dealstratum.com.