Privacy Policy

01 Overview

DealCap is a real-estate analysis tool intended for adults 18 and older. We collect the minimum information needed to run your account, calculate deals, and improve the product. We do not sell your data, and we do not show third-party ads.

02 Information we collect

Account information

When you sign up via Clerk, we receive your email address and name. If you sign in with Google or another provider, we receive whatever that provider shares (typically name and email).

Deal & usage data

We store the deals you save, the inputs you enter (purchase price, rent, expenses, financing terms), and the exports you generate. This data is private to your account and stored in our Supabase database.

Billing

Payments are processed by Stripe. We never see or store full card numbers — only the last four digits and a token from Stripe. Your Stripe customer ID is stored in our database to manage your subscription and credit balance.

Cookies & analytics

We use session cookies required for authentication (managed by Clerk). We also use Vercel Speed Insights for privacy-respecting, aggregate performance analytics. No cross-site tracking or advertising cookies. See Section 08 for full details.

03 How we use it

• To provide the service — sign-in, calculations, exports, AI commentary.
• To bill you for Pro plans and credit packs via Stripe.
• To send transactional email (receipts, password resets).
• To improve the product through aggregated, anonymized usage statistics.
• To prevent abuse and meet legal obligations.

04 Lawful basis for processing

Where the GDPR or equivalent legislation applies, we rely on the following lawful bases to process your personal data:

Contract performance

Processing your account information, deal data, and billing details is necessary to deliver the service you signed up for. Without this processing we cannot operate your account or provide the features you have requested.

Legitimate interests

We process aggregated, anonymized usage data to understand how the product is used and to improve it. We also process certain data for fraud prevention and security purposes. In each case we have weighed our interests against yours and concluded that our legitimate interests are not overridden by your rights. You may object to this processing under GDPR Art. 21 — see Section 07.

Legal obligation

We are required by law to retain certain billing and tax records (typically for 7 years). We process and retain this data solely to meet our regulatory and legal obligations.

Consent

Optional analytics cookies (Vercel Speed Insights) are set only with your consent, which you can give or withdraw at any time via the cookie banner or your account settings. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

05 Sharing & subprocessors

We share data only with the vendors needed to run DealCap:

• Stripe — payment processing and subscription management.
• Clerk — authentication and user management.
• Supabase / AWS — database hosting and storage.
• Vercel — application hosting and edge network.
• Anthropic — AI deal commentary generation.

Each vendor is contractually bound to handle your data only for the purposes we direct. We do not sell, rent, or trade personal information.

Cross-border data transfers

All of our major vendors — Clerk, Stripe, Vercel, and Anthropic — are US-based companies. As a result, your data may be transferred to and processed in the United States. Where transfers originate from the European Economic Area (EEA) or the United Kingdom, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission to ensure an adequate level of protection for your personal data. If you would like a copy of the relevant SCCs, please contact us at [email protected].

06 Data retention

We retain your account data for as long as your account is active. If you delete your account, we erase your deals, inputs, and personal information within 30 days, except where we are legally required to retain billing records (typically 7 years for tax purposes).

07 Your rights

You can access, export, correct, or delete your data at any time from your account settings. You can also email us and we'll handle it within 30 days. Depending on where you live, you have the following rights:

GDPR (EEA & UK)

• Access & correction: Request a copy of the personal data we hold about you, or ask us to correct inaccurate data.
• Deletion: Ask us to erase your personal data where there is no longer a lawful basis for processing it.
• Data portability (Art. 20): Receive the personal data you have provided to us in a structured, commonly used, machine-readable format, and have that data transmitted to another controller where technically feasible.
• Right to object (Art. 21): Object at any time to processing of your personal data that is based on our legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your rights.
• Withdraw consent: Where processing is based on consent (e.g., optional analytics cookies), you may withdraw that consent at any time via the cookie banner or by contacting us. Withdrawal does not affect prior lawful processing.
• Lodge a complaint: You have the right to lodge a complaint with your national Data Protection Authority (DPA) — for example, the ICO in the UK, the CNIL in France, or the relevant authority in your EU member state.

CCPA (California residents)

• Right to know: Request disclosure of the categories and specific pieces of personal information we have collected about you, and how it is used and shared.
• Right to delete: Request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to opt out of sale: We do not sell personal information. There is nothing to opt out of, but this right applies to you if that ever changes.

To exercise any of these rights, email us at [email protected]. We will not discriminate against you for exercising your privacy rights.

08 Cookies & consent

We use a cookie banner to obtain your consent before setting any non-essential cookies. Here is what we set and why:

Essential cookies

Session and authentication cookies are set by Clerk to keep you signed in. These are strictly necessary for the service to function and cannot be declined. They expire when you sign out or after a rolling inactivity period.

Analytics cookies (optional)

With your consent, Vercel Speed Insights collects aggregate, privacy-preserving performance metrics (page load times, Web Vitals). No individual user profiles are built, and no data is shared with advertising networks. You can decline or withdraw consent at any time via the cookie banner.

What we do not use

We do not set advertising cookies, cross-site tracking cookies, or any cookies used to build profiles for third-party ad targeting.

09 Security

Data is encrypted in transit (TLS 1.2+) and at rest. Authentication is handled by Clerk, which uses industry-standard hashing and supports hardware-key two-factor authentication. Access to production systems is restricted and logged. No system is perfectly secure, but we take this seriously and will notify affected users promptly if we discover a breach.

10 Children's privacy

DealCap is a financial analysis tool intended solely for adults 18 years of age or older. We do not knowingly collect or solicit personal information from anyone under 18. If you are under 18, please do not use DealCap or submit any personal information to us. If you believe a minor has created an account, please contact us immediately at [email protected] and we will delete the account and associated data promptly.

11 Changes to this policy

If we make material changes, we'll email you and post a notice at the top of this page at least 30 days before they take effect. The effective date at the top of this document reflects the last update.

12 Contact us

Questions, requests, or concerns about your data? Reach out — a real human reads every email.