Privacy Policy

Last updated: February 2026

1. Data We Collect

We collect the following categories of personal information:

  • Account Information: Name, email address, password, and role (investor or operator).
  • Verification Data: Legal name, phone number, accreditation type, business details (for operators).
  • KYC Data: Date of birth, nationality, tax identification numbers (stored as hashed values), address, government-issued ID documents, selfie images, source of funds information, and PEP status.
  • Usage Data: Pages visited, deals viewed, introductions requested, messages sent.

2. KYC Data Handling

KYC data is collected for regulatory compliance purposes. We take special care to protect this sensitive information:

  • Tax identification numbers (SSN, EIN, ITIN) are hashed using SHA-256 before storage. The raw values are never stored.
  • Identity documents are stored in encrypted storage buckets with restricted access.
  • KYC data is accessible only to authorized compliance personnel.
  • KYC approvals expire after one year, after which re-verification may be required.

3. How We Use Your Data

  • To create and manage your account.
  • To verify your identity and accreditation status.
  • To facilitate introductions between investors and operators.
  • To comply with anti-money laundering (AML) and know-your-customer (KYC) regulations.
  • To send transactional emails (verification updates, deal alerts, messages).
  • To improve the Platform and user experience.

4. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. KYC records and identity verification documents are retained for a minimum of 5 years after account closure, as required by applicable anti-money laundering regulations. You may request deletion of non-regulated data by contacting us.

5. Third-Party Sharing

We do not sell your personal information. We may share data with:

  • Service Providers: Email delivery (Resend), hosting (Vercel), database (Supabase), and file storage services that help us operate the Platform.
  • Regulatory Authorities: When required by law, regulation, or legal process.
  • Operators: Limited contact information shared only when you request an introduction to a specific deal.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data (subject to legal retention requirements).
  • Object to or restrict certain processing of your data.
  • Data portability where technically feasible.

To exercise these rights, contact us at privacy@dealbridge.com.

7. Security

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, access controls, and regular security reviews. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. Contact

For privacy-related questions or requests, contact us at privacy@dealbridge.com.