Privacy Policy

Company: DEALRICH ("DEALRICH", "we", "us", "our")
Website: dealrich.ai
Contact: privacy@dealrich.ai

DEALRICH provides software that helps Search Funds, Private Equity firms, and M&A brokers identify, validate, and enrich potential targets and contacts (the "Services"). This Privacy Policy explains how we collect, use, share, and protect information in connection with our website, products, and related communications.

If you are a customer using the Services, your organization's agreement with DEALRICH (e.g., the Master Service Agreement and Data Processing Addendum) also governs how we process personal data on your organization's behalf.

1) Roles & Scope

For website visitors, webinar sign-ups, sales inquiries, and our own marketing lists, DEALRICH is the data controller.

For customer content that you upload to or connect with the Services (e.g., company records, contact details, notes), DEALRICH acts as a data processor to your organization, which is the controller. We process that data only per your instructions and agreement.

This policy applies to our public website, apps, and communications. It does not apply to third-party sites and services we do not control.

2) Information We Collect

A. You provide to us

Account & Billing: name, business email, role, organization, billing contact, payment method (processed by our payment partner), tax info.

Communications: demo requests, support tickets, surveys, and any content you choose to send.

Customer Content (processor context): datasets you upload or sync; configuration, tags, scoring preferences; optional review comments.

B. Collected automatically

Usage & device data: IP address, device/OS/browser, pages viewed, features used, timestamps, referral source, crash logs, and diagnostic data generated by your interaction with the Services.

C. From third parties (B2B context)

Business contact & firmographic data from public registries, commercial data providers, and lawful open sources to help customers identify and reach relevant business contacts.

Attribution & analytics partners for campaign performance.

We do not knowingly collect information about children and our Services are not directed to individuals under 16.

3) How We Use Information

We use information to:

  • Provide and secure the Services (authenticate users, operate features, prevent fraud/abuse, ensure availability).
  • Process data on your behalf (ingest, enrich, verify, score, deduplicate, export to your systems) under our contract and your instructions.
  • Improve and develop the Services (analytics, troubleshooting, research, quality assurance, model and rules tuning).
  • Communicate with you (service notifications, security updates, support, marketing—with opt-out options).
  • Comply with legal obligations and enforce terms.

Legal bases (EEA/UK)

Where GDPR/UK-GDPR applies, our bases include: Contract (Art. 6(1)(b)), Legitimate Interests (Art. 6(1)(f)) such as improving and securing the Services and B2B marketing to business contacts, and Consent where required for specific activities. For processor activities, the controller's legal basis applies.

4) Sharing & Disclosures

We may share information with:

  • Vendors and service providers we engage to operate, secure, and support the Services (e.g., hosting, cloud storage, email, analytics, support, payment processing). They may access information solely to perform services for us and are bound by confidentiality and data protection terms.
  • Your direction (e.g., exports to your CRM, sequencer, or storage).
  • Professional advisors (legal, audit, accounting) under confidentiality.
  • Corporate transactions (merger, acquisition, financing, or sale of assets) subject to this Policy's protections.
  • Legal reasons (to comply with law, lawful requests, or to protect rights, safety, and security).

We do not sell personal information. For CPRA, we also do not "share" personal information for cross-context behavioral advertising without your consent.

5) International Transfers

We may process and store information in countries other than where it was collected. When transferring personal data from the EEA/UK/Switzerland, we rely on appropriate safeguards such as the EU Standard Contractual Clauses (and UK Addendum) and implement additional measures where required.

6) Data Retention

We retain personal data only as long as necessary for the purposes described or as required by law. For customer content (processor data), we retain it per your settings and contract, and delete or return it at contract end or upon instruction, subject to legal holds and backups.

7) Security

We employ technical and organizational measures appropriate to the risk, including encryption in transit, access controls, least-privilege principles, logging, and employee confidentiality obligations. While no system is 100% secure, we work to protect information against unauthorized access, use, alteration, and destruction.

8) Your Rights

Depending on your location, you may have rights to:

  • Access, correct, or delete personal data;
  • Object to or restrict certain processing;
  • Data portability;
  • Withdraw consent where processing is based on consent;
  • Lodge a complaint with a supervisory authority.

For requests relating to data we process as a processor for a customer, please contact your organization (the controller). We will support them as required. For controller data (e.g., website leads), contact us at privacy@dealrich.ai.

9) B2B Marketing

We may send product updates and invitations to business emails based on legitimate interests or applicable soft opt-in rules. You can opt out at any time via the link in each email or by contacting us.

10) Automated Processing

Our Services perform scoring and enrichment of company and contact records to prioritize potential targets. This does not produce legal or similarly significant effects on individuals. Customers control how they use scores in their workflows.

11) Third-Party Links

Our website may link to third-party sites or services. We are not responsible for their privacy practices. Review their policies before providing personal information.

12) California Privacy (CCPA/CPRA)

California residents have the rights to know/access, correct, delete, and opt out of sale/share of personal information, and not to be discriminated against for exercising these rights.

Categories collected: identifiers (business contact details), internet activity (usage data), professional information, inferences related to B2B interests.

Retention: as described above.

Sensitive PI: not used for inferring characteristics.

Submit requests at privacy@dealrich.ai. If we act as a service provider for your organization, we will refer your request to them.

13) Children's Privacy

The Services are intended for business users and are not directed to children under 16. We do not knowingly collect data from children.

14) Changes to This Policy

We may update this Policy from time to time. The "Effective date" will reflect the latest version. If changes materially affect your rights, we will provide advance notice where required.

15) Contact Us

Questions or requests about this Policy?
Email: privacy@dealrich.ai