Privacy Policy

01 Information We Collect

Account Information. When you register, we collect your name, email address, organization name, role or title, and authentication credentials. If you authenticate via a third-party identity provider, we receive the profile information that provider makes available pursuant to your authorization.

Content You Submit. We collect documents, files, data, text, images, and other content you upload, submit, or transmit through the Services ("User Content"). This may include business, project, financial, operational, or regulatory information.

Usage & Interaction Data. We automatically collect information about how you interact with the Services — including pages and features accessed, actions performed, workflow patterns, session duration and timing, search queries, settings configured, and interactions with any AI-assisted features or outputs. This includes how you respond to, correct, accept, or reject AI-generated content.

Device & Technical Data. We collect IP addresses, browser type and version, operating system, device identifiers, time zone, referral URLs, and related technical information. We also collect performance data, error logs, and crash reports.

Communications. We collect information you send through support channels, feedback forms, in-platform messaging, or direct correspondence.

Payment Information. Billing is processed by our third-party payment processor. We do not store complete payment card numbers. We retain only non-sensitive transaction identifiers provided by the processor.

02 How We Use Information

We use collected information to:

• Provide, operate, secure, maintain, and improve the Services
• Authenticate users and manage access, roles, and permissions
• Process your requests and deliver platform outputs and analytical results
• Develop, train, test, evaluate, and improve our proprietary algorithms, AI models, methodologies, and platform capabilities — including using your interactions with AI-generated outputs for this purpose, as further described in Section 3
• Generate anonymized and aggregated insights that enhance platform intelligence for all users
• Communicate with you about your account, security alerts, platform updates, and, where permitted, promotional materials (with opt-out options provided)
• Process payments and manage billing and subscription relationships
• Enforce our Terms of Service and other agreements
• Detect, investigate, and prevent fraud, abuse, unauthorized access, and security incidents
• Comply with applicable legal obligations, including under Florida law
• Pursue legitimate business interests including analytics, research, product development, and business operations

What We Will Not Do. We will not sell your individually identifiable personal information to unaffiliated third parties for their own independent commercial purposes, including targeted advertising, without your explicit consent. This restriction does not apply to Aggregated Data (defined in Section 3), disclosures to service providers acting on our behalf, or transfers described in Section 5.

03 Platform Intelligence & Aggregated Data

Definition. "Aggregated Data" means statistical, analytical, operational, benchmarking, or derived information that: (a) has been de-identified, anonymized, or aggregated such that it cannot reasonably be used to identify any specific individual, user, or subscriber organization; and (b) is derived from User Content, usage patterns, platform interactions, AI outputs, or feedback. The de-identification process we apply renders source identification not reasonably practicable using commercially available means.

Ownership. Aggregated Data is and remains the sole and exclusive property of DEALTURA. Aggregated Data shall not be deemed User Content, shall not be subject to any subscriber rights or claims, and may be used, transferred, licensed, or commercialized by DEALTURA without restriction or compensation to you.

Permitted Uses. We may use Aggregated Data for any lawful business purpose, including without limitation:

• Training, fine-tuning, validating, and improving our proprietary AI models, algorithms, scoring systems, and analytical methodologies
• Developing, testing, and launching new features, workflows, products, and service offerings
• Generating industry benchmarks, performance metrics, and market research
• Publishing reports, white papers, case studies, or analytical insights (in forms that do not identify any subscriber or individual)
• Demonstrating platform capabilities and performance to prospective clients, partners, investors, or acquirers
• Supporting DEALTURA's internal operations, financial planning, and business development
• Any other purpose consistent with operating, growing, or monetizing our business

AI Interaction Data. Your interactions with AI-generated outputs — including but not limited to corrections you make, content you accept or reject, ratings you provide, and edits you apply — are used to improve the accuracy and quality of our AI systems. By using any AI-assisted feature of the Services, you explicitly consent to this use in anonymized or aggregated form.

No Cross-Subscriber Disclosure. Aggregated Data is processed in ways designed to prevent any other subscriber from identifying your organization as the source. Your identifiable User Content is not shared with other subscriber organizations.

04 Third-Party Sign-In (Google, Microsoft)

We offer optional authentication via Google OAuth 2.0 and Microsoft OAuth. When you use these methods:

• We receive only the profile data you authorize during the consent screen — typically your name, email address, and profile image
• We do not receive or store your Google or Microsoft account password
• We do not access other Google or Microsoft services (such as Gmail, Drive, Calendar, or OneDrive) unless you separately and explicitly authorize that access for a specific feature
• We do not use Google user data to serve advertising or for remarketing purposes
• We use Google user data solely to authenticate your identity and provide the Services you have requested — consistent with the Limited Use requirements of the Google API Services User Data Policy
• You may revoke our access at any time at myaccount.google.com/permissions or via your Microsoft account security settings; revocation may impair access to the Services

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. This policy is available at developers.google.com/terms/api-services-user-data-policy.

05 Information Sharing & Disclosure

We share information only as described below. We do not sell personal information for third-party advertising.

Service Providers. We engage trusted third-party vendors who process data solely on our behalf to help deliver the Services, including cloud hosting providers, AI and machine learning API providers, payment processors, analytics services, email delivery services, and customer support tools. These providers are bound by contractual confidentiality and data processing obligations and may not use data for their own independent purposes.

Within Your Organization. Users within your subscriber organization may access shared User Content and project data according to the role-based permissions established by your account administrators. DEALTURA does not control how you configure internal permissions.

Legal Compliance & Protection. We may disclose information when we have a good-faith belief that disclosure is required by applicable law, regulation, subpoena, court order, or governmental authority; or when necessary to protect the rights, safety, property, or interests of DEALTURA, our employees, users, or the public; or to detect or prevent fraud or illegal activity.

Business Transactions. In connection with any merger, acquisition, financing, reorganization, bankruptcy, receivership, or sale of all or a portion of our business or assets, your information may be disclosed to the relevant parties and their advisors as part of due diligence, and transferred to a successor entity. We will provide notice of any completed transfer that materially affects your rights under this Policy.

Aggregated Data. We may share or publish Aggregated Data (as defined in Section 3) with third parties — including partners, investors, researchers, and the public — without restriction.

Consent. We may share your information for other purposes with your prior express consent.

06 Organizational Data Isolation

We maintain logical separation between the data of different subscriber organizations. Your organization's User Content — including documents, files, inputs, and outputs generated on your behalf — is not made accessible to users of other subscriber organizations through the Services.

We implement access controls, authentication requirements, permission management, and auditing mechanisms to support this separation. The specific technical architecture and implementation details of our isolation systems are proprietary, confidential, and not disclosed publicly.

07 Security

We implement administrative, technical, and physical safeguards designed to protect your information against unauthorized access, use, disclosure, alteration, or destruction. These measures are reviewed and updated as our platform and the threat landscape evolve.

No security system is impenetrable and no transmission of data over the internet can be guaranteed to be completely secure. You are responsible for maintaining the confidentiality of your credentials and for all activity that occurs under your account. You must notify us immediately if you suspect unauthorized access or compromise of your account.

08 Security Incident Notification

In the event of a security breach involving your personal information that meets the notification threshold under the Florida Information Protection Act (FIPA), Fla. Stat. § 501.171 or other applicable law, we will notify affected individuals and, where required, the Florida Department of Legal Affairs, within the timeframes mandated by law — currently 30 days from discovery under FIPA for breaches affecting 500 or more Florida residents, and without unreasonable delay for smaller breaches.

Notifications will be provided via email to the address associated with your account and, if required by law, through substitute notice methods. We may delay notification if law enforcement determines that notification would impede a criminal investigation.

To report a suspected security incident involving DEALTURA systems, contact security@dealtura.com immediately.

09 Data Retention

We retain personal information and User Content for as long as your account is active, as necessary to provide the Services to you, or as reasonably necessary to comply with our legal obligations, resolve disputes, enforce our agreements, and support our business operations.

Following account closure or termination, we will retain identifiable User Content for a period sufficient to support any data export you request, after which it will be deleted or anonymized in accordance with our internal data management procedures. Aggregated Data derived from your account's data may be retained and used by DEALTURA indefinitely.

We may adjust retention practices based on legal, regulatory, technical, or operational requirements. Backup copies of data may persist in encrypted form for a limited additional period beyond active deletion, consistent with our disaster recovery practices.

10 Your Rights & Choices

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, or port your personal data, and to object to certain processing. To exercise any available right, contact privacy@dealtura.com. We will respond within the timeframe required by applicable law and may require identity verification before processing requests.

Some requests may be limited where we have a legitimate legal basis to retain the information or where deletion would conflict with our legal obligations, dispute resolution, or enforcement rights. We will communicate any applicable limitations when we respond to your request.

You may update your account profile information directly within the Services. You may opt out of non-essential marketing communications using the unsubscribe mechanism in our emails or by contacting us at the address in Section 16.

11 California Residents — CCPA Rights

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights regarding personal information. This section supplements the rest of this Policy.

Categories of Personal Information Collected. As described in Section 1, we collect identifiers (name, email, IP address), professional information (company, role), internet and usage activity data, and inference data derived from the above.

Purposes for Collection. As described in Section 2, we collect this information to provide and improve the Services, for internal research and analytics, for security, and to comply with legal obligations.

Sale or Sharing of Personal Information. We do not sell California residents' personal information for monetary consideration. We do not share personal information with third parties for cross-context behavioral advertising. We use Aggregated Data as described in Section 3, which does not constitute a "sale" or "sharing" under the CCPA.

Your CCPA Rights. You have the right to: (a) know what personal information we collect, use, disclose, and sell about you; (b) request deletion of your personal information (subject to exceptions); (c) correct inaccurate personal information; (d) opt out of the sale or sharing of personal information (not applicable here as we do not sell); and (e) non-discrimination for exercising your rights.

To submit a verifiable CCPA request, contact privacy@dealtura.com or call our support line. We will respond within 45 days, with an extension of up to 45 additional days where required. We cannot respond to your request if we cannot verify your identity.

If you use an authorized agent to submit a request, we may require written proof of your authorization.

12 Cookies & Tracking Technologies

We use cookies, pixel tags, local storage, and similar technologies to operate and analyze the Services:

• Essential cookies — required for authentication, session integrity, and core platform functionality. These cannot be disabled without impairing access
• Preference cookies — store your interface settings and configuration choices across sessions
• Analytics cookies — collect aggregated, de-identified usage data to help us understand how the platform is used and identify areas for improvement

Non-essential cookies can be managed through your browser settings. We do not use cookies to serve third-party advertising or to track you across unaffiliated websites.

13 Do Not Track

Some browsers transmit "Do Not Track" (DNT) signals to websites. Because there is no consistent industry standard for responding to DNT signals, our Services do not currently alter their data collection or use practices in response to DNT signals. We will revisit this policy as standards develop. The choices described in Section 12 remain available regardless of DNT settings.

14 Children

The Services are directed exclusively to business professionals and organizations. We do not knowingly collect personal information from any individual under 18 years of age. If we become aware that we have collected personal information from a minor, we will take prompt steps to delete it. If you believe we may have collected information from a minor, please contact us at privacy@dealtura.com.

15 Changes to This Policy

We may update this Privacy Policy at any time. For changes that materially affect how we collect, use, or share your personal information, we will provide reasonable advance notice via email to the address associated with your account and/or via a prominent in-platform notification. Non-material clarifications or administrative updates may be made without advance notice.

The "Last Updated" date at the top of this page reflects the most recent revision. Your continued use of the Services after a revised Policy becomes effective constitutes your acceptance of the updated terms. If you do not accept a revised Policy, you must discontinue use of the Services. Disputes arising from your use of the Services are governed by the version of this Policy in effect at the time of the relevant activity, unless otherwise required by law.

Privacy disputes are governed by the laws of the State of Florida, as further described in our Terms of Service.

16 Contact

For privacy questions, rights requests, or security concerns, contact us: