Privacy Policy

Dealorum ("Company," "we," "us," "our," or "Dealorum") operates the Dealorum application (the "App"). This Privacy Policy explains how we collect, use, disclose, and otherwise process personal information in connection with the App and related services.

Please read this Privacy Policy carefully. By accessing or using Dealorum, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy.

1. Information We Collect

Account Information

When you create an account, we collect your full name, email address, phone number, business address, and professional license information (if applicable). You may also provide additional profile information such as your business name, bio, profile photo, and digital business card details.

Transaction & Deal Data

We collect real estate transaction details including property address, purchase price, loan amount, loan type (FHA, Conventional, etc.), client names, client contact information, commission amounts, deal status, deadlines, and contract details. This data is essential to help you track and manage your business.

Client Contact Information

You may store client names, email addresses, phone numbers, and communication history within the App. This information is provided by you and is used to organize your business contacts and manage client relationships.

Document Data

You may upload documents such as scanned agreements, pre-approval letters, underwriting checklists, and contracts. We may extract data from these documents using optical character recognition (OCR) technology (AWS Textract) to populate deal fields and improve document processing accuracy.

AI-Generated Content & Prompts

When you use AI features (post generation, image generation, content suggestions), we collect the text prompts you provide, your voice/tone preferences, and the AI-generated outputs. This data is used to improve the AI service and personalize recommendations. AI processing is performed by Anthropic's Claude API (see Section 4 for details).

Usage & Device Information

We automatically collect information about your interactions with the App, including pages viewed, features used, action timestamps, device type (iOS/web), operating system version, app version, and IP address. We use this data for analytics, troubleshooting, and service improvement. This information is collected via browser cookies and similar tracking technologies.

Email Communications

We send transactional emails (account confirmation, deal updates, payment receipts) via AWS SES. We may also send product announcements and updates. You can manage email preferences in your account settings.

Payment Information

We process subscriptions through Stripe. We do not store credit card numbers directly; Stripe handles all payment processing securely. We receive and store limited payment information: subscription tier, invoice amount, payment status, and billing name/address (see Section 4 for Stripe's privacy practices).

2. How We Use Your Information

We use the information we collect for the following purposes:

• Providing and maintaining the App and its features
• Creating and managing your account and authentication
• Processing your subscription payments and billing
• Generating AI-powered content (posts, images, suggestions) based on your inputs
• Sending transactional and service-related emails
• Analyzing usage patterns to improve the App and user experience
• Detecting, preventing, and addressing fraud, abuse, and security issues
• Complying with legal obligations and enforcing our Terms of Service
• Communicating with you about your account or the App (with your consent)
• Personalizing your experience and recommendations based on your preferences

3. Data Sharing & Third Parties

We do not sell your personal information. We share your data with third-party service providers only as necessary to operate the App:

Amazon Web Services (AWS)

AWS provides cloud infrastructure for data storage (DynamoDB), document storage (S3), authentication (Cognito), email (SES), and OCR services (Textract). Your data is encrypted at rest and in transit. AWS complies with SOC 2, ISO 27001, and GDPR standards.
AWS Privacy Policy

Anthropic (Claude API)

When you use AI features, your prompts and generated content are sent to Anthropic's Claude API for processing. Anthropic uses this data to improve their models, subject to their privacy terms. We recommend reviewing Anthropic's privacy policy. Do not include highly sensitive client information (SSN, financial account numbers) in AI prompts.
Anthropic Privacy Policy

Stripe

Stripe processes all subscription payments and payment methods. Stripe is PCI DSS Level 1 compliant and does not store full credit card data on our servers.
Stripe Privacy Policy

Legal Compliance & Law Enforcement

We may disclose your information if required by law, in response to valid legal processes (subpoena, warrant), or to protect the rights, privacy, safety, or property of Dealorum, our users, or the public.

Business Transfers

If Dealorum is acquired, merged, or undergoes a change of control, your information may be transferred as part of that transaction. We will notify you of any such change and any material changes to this Privacy Policy.

4. Data Security

We implement technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

• HTTPS/TLS encryption for all data in transit
• AES-256 encryption for data at rest in DynamoDB and S3
• AWS Cognito for secure authentication with OAuth2 and multi-factor authentication support
• HTTP-only, Secure, SameSite cookies to prevent CSRF and XSS attacks
• Input validation and sanitization to prevent injection attacks
• Rate limiting to prevent brute-force and DDoS attacks
• Regular security monitoring and logging

While we use industry-standard security measures, no system is completely secure. You are responsible for maintaining the confidentiality of your login credentials. If you believe your account has been compromised, please contact us immediately at support@dealorum.com.

5. Data Retention

We retain your personal information for as long as necessary to provide the App and fulfill the purposes outlined in this Privacy Policy. Specifically:

• Account Information: Retained while your account is active and for 12 months after deletion (for audit and dispute resolution).
• Transaction & Deal Data: Retained while your account is active. You may request deletion; we retain backups for 90 days for data recovery purposes.
• AI-Generated Content: Retained while your account is active. You may delete saved content at any time.
• Usage & Device Data: Retained for up to 1 year for analytics and troubleshooting.
• Payment Records: Retained for 7 years to comply with tax and accounting regulations.

Client contact information (third-party data) is retained as long as you maintain it in the App. When you delete an account, all associated data is scheduled for deletion from production systems within 30 days, though backups may retain data for longer periods.

6. Your Privacy Rights

Depending on your location, you may have the following rights:

California (CCPA / CPRA)

If you are a California resident, you have the right to:

• Know: Request what personal information we collect, use, and share
• Delete: Request deletion of personal information we have collected (with exceptions)
• Correct: Request correction of inaccurate personal information
• Opt-Out: Opt out of the "sale" or "sharing" of personal information (we do not currently sell data, but may share usage data with service providers)
• Non-Discrimination: We will not discriminate against you for exercising your rights

GDPR (EU/EEA Residents)

If you are located in the EU or EEA, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Request we limit how we use your data
• Portability: Request your data in a portable format
• Object: Object to certain processing activities
• Withdraw Consent: Withdraw consent to processing at any time

How to Exercise Your Rights

To exercise any of these rights, please send a request to support@dealorum.com. Please include "Privacy Request" in the subject line and provide sufficient detail to identify your request. You may also manage your account settings directly in the App to access, update, or delete your information. We will respond to requests within 45 days (or as required by law). We may request additional information to verify your identity before processing your request.

Self-Service Account Deletion

You can request account deletion directly from the App by going to Settings → Danger Zone → Delete My Account. When you request deletion, your subscription is cancelled immediately and your account is disabled. Your data (profile, contacts, deals, documents, AI history) is retained for a 30-day grace period, during which you can contact support@dealorum.com to restore your account. After 30 days, all data is permanently and irreversibly deleted from our systems.

Data Export

You can export your contacts data at any time in CSV format from the Contacts page (Pro and Max plans). This allows you to take your data with you if you choose to leave the platform.

7. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

• Authentication Cookies: HTTP-only cookies store your session tokens (id_token, access_token, refresh_token) from AWS Cognito.
• Preference Cookies: LocalStorage and SessionStorage store your theme preference (light / dark mode) and UI settings.
• Analytics: We may use analytics tools to understand usage patterns. Any third-party analytics are configured to respect privacy (e.g., anonymized IP addresses).

You can control cookies through your browser settings. Disabling cookies may affect App functionality.

8. Children's Privacy

Dealorum is not intended for users under 13 years of age, and we do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has created an account, we will delete that account and associated data promptly. If you believe a child under 13 has provided information to us, please contact support@dealorum.com.

9. International Data Transfers

The App is hosted on AWS servers located in the United States. If you are accessing Dealorum from outside the U.S., your personal information will be transferred to and processed in the United States. By using the App, you consent to this transfer and processing under U.S. laws. For EU/EEA residents, we rely on Standard Contractual Clauses and appropriate safeguards to ensure adequate protection of your data.

10. Third-Party Links

The App may contain links to third-party websites and services (e.g., Zillow, Bankrate, MBS Live) that are not operated by Dealorum. This Privacy Policy does not apply to external links, and we are not responsible for their privacy practices. Please review the privacy policies of any third-party sites before providing your information.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. The "Last updated" date at the top of this policy indicates when it was last revised. Continued use of the App following the posting of revised Privacy Policy means you accept and agree to the changes. We encourage you to review this policy regularly.

12. Contact Us

If you have questions about this Privacy Policy, our privacy practices, or your personal information, please contact us:

We will respond to your inquiry within 10 business days. For California residents, you may also file a complaint with the California Attorney General's office.