Privacy Policy

1. Introduction

Dealstash ("we," "us," or "our"), operated by Jack Morgan, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our deal pipeline management platform. Please read this policy carefully. By using Dealstash, you consent to the practices described in this policy.

2. Information We Collect

We collect the following types of information:

Account Information

When you create an account, we collect your name, email address, password (stored securely via hashing), and firm name. If you sign up via Google OAuth, we receive your name and email from Google.

Deal and Business Data

All deal information you enter into Dealstash, including deal names, markets, financial data, notes, files, and decision logs. This data is entered voluntarily by you and belongs to your firm.

Usage Data

We collect information about how you interact with the Service, including pages visited, features used, and actions taken. This is used to improve the Service and is collected via Vercel Analytics.

Payment Information

Payment information (credit card details, billing address) is collected and processed directly by Stripe. We do not store your full payment card information. We receive confirmation of payment status and Stripe customer identifiers from Stripe.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process transactions and manage your subscription
• Send you account-related notifications and updates
• Respond to your support requests and inquiries
• Monitor and analyze usage patterns to improve the Service
• Detect and prevent fraudulent or unauthorized activity
• Comply with legal obligations

We do not sell your personal information or use your deal data for any purpose other than providing the Service to you.

4. Data Storage

Your data is stored using Supabase, a managed database platform hosted on AWS infrastructure in the United States. All data is encrypted in transit using TLS and encrypted at rest. We implement reasonable technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction.

File uploads (such as Offering Memorandums) are stored in Supabase Storage, also hosted on US servers with access controlled by Row Level Security policies that ensure only members of your firm can access your firm's files.

5. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following limited circumstances:

• Service Providers: We share data with infrastructure providers (Supabase, Vercel, Stripe) solely to operate the Service. These providers are contractually bound to protect your data.
• Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction with notice to you.
• With Your Consent: We may share information for any other purpose with your explicit consent.

6. Cookies

Dealstash uses cookies and similar tracking technologies to maintain your authentication session and improve your experience. Specifically:

• Authentication cookies: Used by Supabase to maintain your login session. Required for the Service to function.
• Analytics: Vercel Analytics collects anonymized usage data. No personally identifiable information is stored in analytics cookies.

You can configure your browser to refuse cookies, but this may affect your ability to use the Service.

7. Your Rights

You have the following rights regarding your personal information:

• Access: You may request a copy of the personal information we hold about you.
• Correction: You may request correction of inaccurate information.
• Deletion: You may request deletion of your account and associated data.
• Portability: You may request an export of your deal data in a standard format.
• Opt-out: You may opt out of non-essential communications at any time.

To exercise these rights, contact us at jack@getdealstash.com. We will respond within 30 days.

8. Data Retention

We retain your data for as long as your account is active. If you cancel your subscription, we retain your data for 30 days to allow for reactivation, after which it may be permanently deleted. You may request immediate deletion by contacting us. Anonymized, aggregated usage data may be retained indefinitely for product improvement purposes.

9. Children's Privacy

Dealstash is not directed at children under the age of 18. We do not knowingly collect personal information from children under 18. If you believe we have inadvertently collected such information, please contact us immediately and we will take steps to delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice within the Service. Your continued use of the Service after changes take effect constitutes your acceptance of the revised policy. We encourage you to review this policy periodically.

11. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: