DealDaddy Privacy Policy

Last Updated Date: May 28, 2025

Introduction: DealDaddy (“we”, “us,” and "our") is committed to protecting your privacy. This Privacy Policy describes what information we collect and how we use, store, and protect it when you use DealDaddy’s AI-powered inbox agent service (the “Service”). By using DealDaddy, you (the individual or entity accessing or using the Service, referred to as “you”, "your," or “User”) agree to the practices outlined here. This Policy is designed for a global audience with primary emphasis on U.S. privacy compliance.

1. Email Data We Access

We treat all email data and content accessed through supported providers (such as Gmail) as private user data and handle it in accordance with applicable laws and platform policies. When you connect your email account to DealDaddy, we request access only to the data necessary to provide our Service, and only request the minimum API scopes needed to power the specific features you have opted to use. All requested permissions are transparently disclosed through the OAuth consent screen.

For Gmail specifically, this includes:

• Email Messages: DealDaddy uses read access to the content of your emails (including subject lines, body text, attachments, and linked documents) to identify those relevant to private market investment opportunities and to generate useful insights.
• Email Labels: DealDaddy may access and apply labels in your Gmail. For instance, our system might create or update labels to help organize emails identified as investment-related.
• Email Sending: If you explicitly opt in, we may offer features that allow drafting or sending emails on your behalf (such as replying to an investment inquiry). We will never send emails on your behalf without your express permission and the appropriate access scope granted by you.

We do not collect or access data in your email account, including Gmail, that is unrelated to the Service’s purpose. We never request more permissions than needed, and we won’t “future proof” by asking for access to data or features that aren’t required for current functionality.

2. How We Use, Process, and Store Your Data

DealDaddy collects certain user information to operate and improve the Service. This may include your name, email address, account activity, feature usage, communications with our support team, and relevant information derived from your email communications. We use this data for authentication, analytics, service improvement, and customer support. This data is never sold or used for marketing without your explicit consent.

Email Data (Gmail and other providers):DealDaddy uses automated systems to extract insights and structure from your email data and attachments. These algorithms and your email data is used solely to deliver features like opportunity identification, document analysis, and helpful summaries that support your investing workflow.

• Identifying Opportunities: The content of your emails (and attachments or links) is temporarily stored and analyzed on our secure servers to identify mentions of investment deals, introductions, fundraising rounds, or other private market opportunities. We may use AI algorithms to summarize documents or flag key details, but your email content is never used to train third-party AI systems or for any purpose outside of delivering our Service to you. We treat your email text and file contents as confidential and do not use them for advertising, profiling, or any unrelated analytics.
• Organization and Insights: We apply labels or annotations to your emails (within Gmail or in our app interface) to help categorize opportunities. Any analysis or “enhancements” (such as summaries or risk flags) added by DealDaddy are derived from your content and meant for your personal use through the Service. While our systems are continuously trained and refined to improve precision, our automated systems may occasionally misclassify or overlook content; you should not rely solely on system-generated summaries for investment decisions. DealDaddy does not assume ownership of your underlying email content – you retain ownership of your emails – and our enhancements are provided to you as part of the Service.
• Temporary Caching: Email data and attachments are cached on our systems for a limited period to allow our systems to process, analyze, and extract insights. We do not permanently store emails beyond what is needed to deliver results to you. Content that is not identified by our systems as relevant to investment opportunities is excluded from long-term storage. While our AI may temporarily process various types of emails during its analysis, only content deemed pertinent to your investment workflow is retained for continued access. For example, if our system encounters an email about a calendar invitation or unrelated personal correspondence, it may temporarily retain the content during processing, but such messages are excluded from long-term storage.
• No Unauthorized Sharing: We do not share your email contents, including Gmail, with advertisers or other third parties. The only exceptions would be trusted service providers needed to operate DealDaddy (explained below) or if required by law (for instance, responding to a lawful subpoena, and even then, we would inform you where legally permitted). We do not sell your data. We do not use your email information for marketing our services to you without your consent, beyond basic operational communications. Our subprocessors include infrastructure and analytics providers such as cloud hosts and monitoring tools. We can provide a current list upon request.

3. Data Security and Cloud Providers

Audit Readiness: DealDaddy maintains internal security and privacy controls aligned with ISO and SOC 2 standards and is prepared to undergo independent third-party audits as required by platform partners (such as Google) or regulators. This ensures our privacy commitments are verifiable and meet enterprise-grade security expectations. If and when such audits are completed, DealDaddy remains committed to continuously maintaining compliance and transparency over time.

We understand that the security of your data is paramount. DealDaddy employs strict security measures and industry-leading cloud Platform-as-a-Service providers to host and process data:

• Secure Infrastructure: We utilize reputable cloud services such as Amazon Web Services (AWS) for our servers, MongoDB Atlas/Neon for databases, GitHub for code management, and Stripe for any payment processing. These providers maintain high security standards and relevant compliance certifications (for example, AWS is certified under ISO 27001, 27017, 27018, and Stripe is a PCI DSS Level 1 certified payment provider). DealDaddy leverages their robust protections including data encryption at rest and in transit, physical security, and regular security audits.
• Compliance and Certifications: All our major subprocessors undergo independent audits and hold certifications such as ISO 27001 (information security management), ISO 27017 (cloud security), ISO 27018 (cloud privacy), SOC 1/2/3 (systems and organization controls), and for payments, PCI DSS Level 1 (the highest payment card security standard) We only partner with established providers that meet rigorous security and privacy standards, so you can trust that your data is handled with care.
• Access Controls: Within DealDaddy, access to your data is restricted to the AI systems and limited authorized personnel on a need-to-know basis. All such access requires two-factor authentication and is performed from devices that require password entry and have on-disk encryption enabled. Our team does not read your email content unless it’s necessary to resolve a support issue or as required by law, and we will seek permission whenever feasible. We follow the principle of least privilege, meaning our systems request the minimum scopes necessary from Google and our staff only access user data for legitimate support or compliance reasons.

4. Your Choices and Controls

We believe it’s important you have control over your data and how it’s used. Here are the ways you can manage or revoke DealDaddy’s access and request data actions:

• Google Access Revocation: You can revoke DealDaddy’s access to your Google account at any time. This can be done through your account settings in the DealDaddy Web app. Alternatively, this can be done through your Google account’s security settings (under “Third-party apps with account access”), where you can remove DealDaddy’s OAuth permissions. Revoking access will immediately prevent our Service from reading or processing your Gmail data. You may also contact us at support@dealdaddy.io if you need guidance on disconnecting your account.
• Account Termination: If you wish to stop using DealDaddy entirely, you may simply revoke the Google access as noted above. You can also request that we deactivate or delete your DealDaddy account. Terminating your account will disable the Service’s features and we will no longer retrieve any new email data. Once a user account is terminated, DealDaddy will retain any cached inbox data only as long as required for operational integrity or compliance with applicable laws, not for active processing, typically no longer than 14 days. After that, all such content is purged from our systems.
• Data Deletion Requests: You have the right to request deletion of the data that DealDaddy has stored about you. We provide a straightforward process: just email us at privacy@dealdaddy.io with your deletion request. Upon verification of your identity (for your security), we will delete your user account and all associated data, including any cached email content, analysis results, and personal information from our systems, unless retention is required by law. We will confirm once the deletion is completed. Please note that deleting our stored data does not remove emails or labels within your connected email account; you would manage those directly within your email provider's interface (e.g., Gmail, Outlook).
• Data Access and Portability: On request, we can provide a summary of the data we have collected or generated about you (such as a list of identified investment opportunities or labels applied). We aim to be transparent, and you may reach out to support@dealdaddy.io to exercise any rights you have under applicable law to access or download your data.
• Opt-Out of Communications: We may send you service-related emails (for example, important updates or alerts about a new opportunity found). If we send any promotional communications, you will have the ability to opt out. Simply use the unsubscribe link in such emails or adjust your preferences in your account settings. Operational emails relevant to the Service (like security notices or privacy updates) may still be sent as needed.

5. Global Availability and Data Transfers

DealDaddy is available to users around the world. Our primary user base and operations are in the United States, and our servers are generally located in the U.S. If you are accessing the Service from outside the U.S., be aware that your data (including email content) will be transferred to and processed in the United States (and potentially other countries where our service providers maintain facilities). We rely on approved legal mechanisms for any international data transfers and apply the same high privacy standards regardless of your country of residence.

Users from the European Union or other regions with data protection laws have the right to additional protections. DealDaddy complies with applicable data protection regulations such as the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) where relevant. This means you may have rights to access, correct, or delete your personal data, or not to be discriminated against for exercising these rights. We honor such rights and provide tools or support to exercise them (as described in Your Choices and Controls above).

By using DealDaddy, you acknowledge that your information may be processed in the U.S. and other jurisdictions as necessary for us to provide the Service. We will protect your data in transit and at rest, and any third parties processing your data on our behalf will be subject to strict security and privacy obligations.

6. Compliance with Google API Policies

DealDaddy’s integration with Gmail abides by Google’s policies for user data. We want to reassure you and Google that we only use your Google data in ways you have permitted for the intended functionality of our Service. In particular, DealDaddy’s use and transfer of information received from Google APIs to any other app will adhere to Google’s API Services User Data Policy (including the “Limited Use” requirements). “Limited Use” means we do not use your Gmail data for any purposes other than providing the features you expect, and we do not allow human access to read your data except with your consent or as necessary for security or compliance. We also comply with Google’s Developer Policies and Google API Terms of Service in all aspects of our app’s design and operations. (You can find Google’s API use policies on their site, including the Google API Services User Data Policy and the Google API Terms of Service.)

Furthermore, DealDaddy has completed Google’s OAuth verification process for the sensitive Gmail scopes we require. Our OAuth consent screen accurately represents our identity and needs, following Google’s branding guidelines for OAuth. For example, we only use Google’s official “Sign in with Google” buttons and branding as permitted, and we make clear that our application is not Google itself. (DealDaddy is an independent service; while we use Google’s technology to integrate with Gmail, we are not affiliated with or endorsed by Google.)

7. Updates to This Policy

We may update this Privacy Policy from time to time as our Service evolves or as required by law. If we make significant changes, we will notify you in a timely manner. For example, we may send an email to the address associated with your account or display a prominent notice within the app or on our website (or do both). The “Last Updated” date at the top will always indicate the latest revision. We encourage you to review this Policy periodically. Continued use of DealDaddy after a Policy update constitutes your acceptance of the changes. We maintain records of major policy updates for internal audit purposes and accountability.

8. Contact Us

For additional information about how your data is handled under our broader service agreement, you may also review our Terms of Service.

We are committed to protecting your privacy and data. If you have questions or concerns about this Privacy Policy or how DealDaddy handles your data, please contact us at:

DealDaddy, Inc.
447 Broadway #825
New York, NY 10013
Email: privacy@dealdaddy.io