Find out what your business is worth for just $199
DealVital
Legal

Privacy policy

Last updated: June 5, 2026

1. What we collect

We collect three categories of information:

  • Account information — name, email, password hash, and (for subscribers) billing information via Stripe. We do not store credit card numbers on our servers.
  • Business information you provide through the diagnostic — revenue, margins, customer concentration, operations, and other inputs that allow us to generate your deliverables.
  • Usage data — pages visited, deliverables generated, deal-room activity, IP addresses, browser type. We use server-side analytics and may use third-party privacy-conscious analytics.

2. How we use it

To generate your deliverables, provide and improve the Service, send transactional and account email, prevent abuse, and meet legal obligations.

3. Third parties we share with

  • Stripe for payment processing.
  • Anthropic for AI model inference. Your business data is transmitted to Anthropic only as needed to generate your specific deliverables, under their commercial data terms.
  • Bluehost for hosting and transactional email (SMTP).
  • Google reCAPTCHA for spam protection on forms.
  • Buyers you invite to your deal room see only the documents you have explicitly granted them access to, on the deal-room URL you control.

We do not sell your data. We do not share it with third parties for marketing purposes.

4. Deal-room data

When you grant a buyer access to your deal room, we log their email, their access activity, and any Q&A or offer activity they perform inside the room. This log is visible to you (the seller) and is used to provide the activity-tracking and watermarking features that are core to the deal room.

5. Retention

Account and deliverable data are retained while your account is active. Deal-room data is retained for 12 months after the deal-room window closes. Closed accounts are purged on request; some data may be retained as required by law or to defend against claims.

6. Security

HTTPS in transit. Password hashing with current best practices. Encrypted database backups. We do not promise unbreakable security; no service can.

7. Your rights (CCPA, GDPR)

You have the right to access, correct, port, and delete your personal information. Submit a request through our contact form and we will respond within 30 days. California residents and EU/UK data subjects have additional rights under CCPA and GDPR respectively.

8. Cookies

We use essential session cookies for login and a small set of analytics cookies for product improvement. We do not run third-party advertising cookies.

9. Children

The Service is not intended for use by anyone under 18. We do not knowingly collect information from children.

10. Changes

We may update this policy. Material changes will be announced via email or on the Service. The "last updated" date at the top reflects the most recent revision.

11. Contact

Privacy questions: use our contact form.