Privacy Policy

This Privacy Policy applies to information handled through DealTitan-branded websites, authenticated product surfaces, report sharing pages, email workflows, and diligence collaboration features.

In many cases, DealTitan is a service provider or processor acting on behalf of an investment firm, fund, advisory business, accelerator, or other organization that uses the platform. In those cases, that organization may separately determine how Customer Content is uploaded, reviewed, shared, retained, or deleted.

If you use DealTitan through an employer, client, or sponsoring organization, that organization may access workspace data, account metadata, uploaded materials, and generated reports according to its permissions and internal policies.

Where privacy law requires a legal basis, we generally process information to perform our contract with the relevant customer or user, to pursue legitimate interests such as security and product reliability, to comply with legal obligations, or based on consent where consent is the appropriate basis.

We may collect the following categories of information:

• Account and profile data, such as name, email address, password hash, company name, job title, role, invitation status, and acceptance timestamps for legal terms.
• Customer Content, such as uploaded pitch decks, memos, startup questionnaire answers, diligence notes, generated reports, share-link labels, and related metadata.
• Organization and workflow data, such as team visibility settings, report access history, CRM records, investment analysis status, and operational logs tied to your workspace.
• Technical and security data, such as IP address, device or browser details, session identifiers, CSRF tokens, failed login counters, account lock events, and audit or security event logs.
• Communications data, such as invitation emails, password reset requests, support messages, product update preferences, and email delivery logs.
• Public and third-party source data used to ground analyses, such as company websites, market sources, public web search results, and other sources referenced in reports.
• Shared report access data, such as the time a share link was accessed, the IP address used, and the browser user agent associated with that access.

We collect information from several sources, depending on how the platform is used:

• Directly from you or your organization when you register, upload files, answer questionnaires, create reports, create share links, or contact support.
• From workspace administrators, inviters, or teammates who provision accounts, assign permissions, send invitations, or share reports and questionnaires with you.
• Automatically from your browser, device, and use of the service through logs, cookies, session records, security tooling, and application telemetry.
• From public, licensed, or customer-provided sources that are used to ground analyses, validate claims, or enrich diligence outputs.
• From service providers and integrations that help us host infrastructure, deliver email, process AI requests, manage queues, or monitor reliability.

We use information to operate and improve the service, including to:

• Authenticate users, provision accounts, assign permissions, and maintain organization workspaces.
• Store documents, run AI-assisted analysis workflows, generate reports, answer diligence questions, and support secure sharing.
• Communicate with you about invitations, password resets, product operations, service notices, support, and optional marketing messages where permitted.
• Detect, investigate, and prevent fraud, unauthorized access, abuse, security incidents, and policy violations.
• Debug performance issues, monitor infrastructure, maintain availability, enforce retention schedules, and improve product quality.
• Comply with legal obligations, enforce contracts, respond to lawful requests, and protect our rights, users, and the public.

We may disclose information in the following circumstances:

• Within your organization, including to workspace admins, authorized teammates, and users who are granted access to jobs, reports, or questionnaires.
• To service providers that help us host infrastructure, store files, deliver email, process model requests, maintain security, or support operations under contractual restrictions.
• To recipients you or your organization choose when creating share links, sending questionnaire invitations, or otherwise distributing reports.
• To professional advisers, auditors, insurers, regulators, courts, law enforcement, or counterparties when required to comply with law or protect rights and safety.
• In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our business, subject to customary confidentiality protections.

We do not currently sell personal information and we do not use personal information for cross-context behavioral advertising.

DealTitan relies on third-party providers to deliver core functionality. Depending on the workflow used, Customer Content and extracted text may be processed by model providers such as OpenAI and Google Gemini in order to classify documents, summarize materials, generate diligence output, or perform related analysis tasks.

We also use infrastructure and communications providers to host the application, store uploaded files, manage caching and job processing, deliver transactional email, and monitor reliability. Depending on deployment, those providers may include cloud hosting and object storage vendors, Redis or queue infrastructure, email delivery providers, and error monitoring services configured to reduce default PII transmission. These providers may process personal information only on our behalf and subject to their contractual and legal obligations.

When grounding or validating reports, the service may query public or licensed sources and embed source URLs or citations into output. Those external sources have their own privacy terms and practices.

We use essential cookies and similar storage mechanisms to keep the service secure and functioning. These technologies may store or transmit session identifiers, CSRF tokens, authentication state, inactivity timeouts, and user interface preferences such as theme settings.

• Essential session cookies help keep you signed in and protect against unauthorized requests.
• Security-related cookies and logs help us detect suspicious activity and investigate incidents.
• Local browser storage may be used to remember non-sensitive product preferences.

If you disable essential cookies, parts of the service may not function correctly.

We retain information for as long as needed to provide the service, maintain your organization’s workspace, comply with law, resolve disputes, and enforce agreements. Retention periods may vary by data type, customer configuration, and legal context.

• Completed analyses may be archived after approximately three years under our current retention tooling.
• Certain audit and security logs may be retained for approximately two years, subject to operational and legal needs.
• Expired sessions, temporary caches, and short-lived workflow artifacts may be cleaned up automatically on a shorter schedule.

We maintain safeguards designed to protect information, including encrypted connections in production, access controls, tenant isolation measures, audit logging, and security monitoring. No internet or storage system can be guaranteed to be 100% secure, and you should avoid sending information through the service unless you are comfortable with that residual risk.

Depending on where you live and our role with respect to your information, you may have rights to request access to, correction of, deletion of, or portability for personal information, or to object to or limit certain processing.

• You may update certain account information directly through your organization or workspace administrator.
• You may opt out of optional marketing emails by using the unsubscribe link or contacting us.
• If we process your information on behalf of an organization, we may direct your request to that organization because it controls the underlying workspace data.
• California residents may have rights under the CCPA/CPRA to know, access, correct, delete, and obtain information about how personal information is collected, used, retained, and disclosed, subject to statutory exemptions and our role as a service provider where applicable.
• Residents of other U.S. states may have similar rights, including portability, appeal rights, and in some cases opt-out rights for targeted advertising, sale, or certain profiling activities where those activities apply.
• We do not currently sell personal information or share it for cross-context behavioral advertising.

To submit a privacy request, contact support@dealtitan.com . We may need to verify your identity or confirm authority before fulfilling a request.

DealTitan is intended for professional and business users and is not directed to children under 13. We do not knowingly collect personal information from children in that age group through the service.

If you access the service from outside the United States, your information may be processed in the United States and other jurisdictions where we or our service providers operate.

We may update this Privacy Policy from time to time. When we do, we will post the revised version here and update the effective date above. Material changes may also be communicated through the product, by email, or through your organization’s administrative contact where appropriate.