Privacy Policy — Dealyze

We built Dealyze to help real estate investors work faster — not to harvest your data. This policy explains what we collect, why we collect it, and how we protect it. We've written it in plain language so you actually understand it.

1. Information We Collect

We collect only what we need to provide the service:

Uploaded documents — PDFs you upload (rent rolls, T12s, offering memos, appraisals). These are processed to generate your underwriting analysis.
Account email — Your email address, used to send your customer ID, receipts, and product updates (with your consent).
IP address and device info — Collected automatically for security, fraud prevention, and basic usage analytics.
Usage data — Pages visited, features used, and actions taken within the app. Used to improve the product.

2. How We Use Your Information

We use your information solely to provide and improve the Dealyze service:

Process your uploaded documents to generate underwriting analyses.
Send transactional emails (receipts, customer ID, account notices).
Improve the product based on how it's being used.
Detect and prevent fraud or abuse.

        We do not use your documents to train AI models. We do not use your data for advertising. We do not sell your information to third parties — ever.
      

3. Data Retention

We keep your data only as long as necessary:

Uploaded documents (PDF files) — Deleted immediately after processing. Your PDF is never stored on our servers. It is loaded into memory, processed by our AI, and permanently removed within seconds of upload.
Extracted financial data — The numbers extracted from your document (NOI, cap rate, rent roll, etc.) are stored and associated with your account so you can review past analyses in your dashboard. This data is retained while your account is active and deleted within 30 days of account closure upon request.
Account data — Retained while your account is active. Deleted within 30 days of account closure upon request.
Billing records — Retained as required by law (typically 7 years) for tax and accounting purposes.

4. Data Security

We take reasonable and industry-standard steps to protect your data:

All data transmitted between your browser and our servers uses 256-bit TLS encryption.
Our hosting provider encrypts data at rest at the infrastructure level.
Access to production systems is restricted to authorized personnel.
We conduct regular security reviews.

No system is 100% secure. If you discover a security vulnerability, please contact us at [email protected].

5. Third-Party Services

We use a small number of trusted third-party services to operate Dealyze:

OpenAI — Used to extract financial data from your uploaded documents. Documents are processed via OpenAI's API and are subject to OpenAI's data processing terms. OpenAI is GDPR-compliant and does not use API inputs to train models by default.
Stripe — Used to process payments. Stripe is PCI-DSS compliant and GDPR-compliant. We never store your full card details.
Railway — Used to host the Dealyze application. Railway operates on infrastructure that meets SOC 2 compliance standards.

We do not use advertising networks, social media trackers, or analytics services that sell your data.

6. Cookies

Dealyze uses a small number of cookies to make the service work. We do not use cookies for advertising or cross-site tracking.

Session cookies — Used to keep you logged in after you authenticate via magic link. These are essential for the service to function and expire when you log out or after your session ends.
Stripe cookies — Set by Stripe during checkout to process payments securely and prevent fraud. These are subject to Stripe's Privacy Policy.
Analytics cookies — We may use basic, privacy-respecting analytics to understand how the product is used (e.g., which pages are visited, how often features are accessed). We do not use Google Analytics or any analytics service that sells your data.

You can clear cookies at any time through your browser settings. Clearing session cookies will log you out of Dealyze.

7. Your Rights

Depending on where you live, you have certain rights regarding your personal data:

California residents (CCPA):

Right to know what personal information we collect and how it's used.
Right to delete your personal information.
Right to opt out of the sale of personal information (we don't sell it, but you have this right).
Right to non-discrimination for exercising your privacy rights.

EU/UK residents (GDPR):

Right of access — request a copy of your personal data.
Right to rectification — correct inaccurate data.
Right to erasure — request deletion of your data.
Right to data portability — receive your data in a structured format.
Right to object — object to certain types of processing.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

8. Do Not Sell My Personal Information

        We do not sell personal information. Ever. Dealyze does not sell, rent, or trade your personal information to any third party for commercial purposes.
      

If you have any questions about this, contact us at [email protected].

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we'll update the "Last updated" date at the top of this page. For material changes, we'll notify you by email. Your continued use of Dealyze after changes take effect means you accept the updated policy.

10. Contact Us

Questions about this Privacy Policy? We're happy to help.

Email: [email protected]
Website: getdealyze.com