Privacy Policy

1. Roles and Responsibility

Dealfluence's Services are offered to companies and other legal entities for professional use (our "Subscribers").

• Data Controller: Dealfluence is the data controller for personal data related to user accounts, communication, and technical usage of our platform.
• Data Processor: This Privacy Policy does not apply to any input submitted to, output generated by, or documents uploaded to our Services ("Content"). We process Content as a data processor on behalf of our Subscribers (the data controllers). Processing of Content is governed by the relevant Data Processing Agreement (DPA).

2. Personal Information We Collect

2.1 Information You Provide to Us

• User Account Information: Name, email address, role, and account credentials.
• Communication Information: Contents of messages, support tickets, and feedback.
• Social Media Information: Information provided when interacting with our LinkedIn or other Social Media Pages.

2.2 Information We Automatically Collect

When you use our Services, we collect Technical Information:

• Log & Device Data: IP address, browser type, operating system, and time zone.
• Usage Data: Features used, actions taken, and volume of queries. We never store data from your uploaded documents in a way that violates our Security Policy.
• Cookies: We use only essential cookies for basic site functionality. We use privacy-friendly analytics (Vercel Analytics) that do not use cookies or collect personal data.

2.3 Publicly Available Information

We may collect publicly available information about Subscribers and prospects (e.g., from LinkedIn or company registers) to facilitate our business operations.

3. How We Use Personal Data & Legal Basis

We process personal data for purposes including providing our Services, communicating with you, improving our platform, and complying with legal obligations. Our legal bases include contract performance, legitimate interests, and consent where applicable.

4. Disclosure of Personal Information

We may share your information with:

• Vendors and Service Providers: Hosting (e.g. AWS/Azure), analytics, and email providers.
• Affiliates: Entities under common control with Dealfluence.
• Legal Requirements: When necessary to comply with law or protect our rights.
• Business Transfers: In case of merger, sale, or reorganization.

5. Data Location and International Transfers

Primary Data Location

Dealfluence is committed to high-level data sovereignty. Your personal data is primarily stored and processed on secure servers located in Finland.

Use of Global Service Providers

While our primary infrastructure is located in Finland, we utilize certain global service providers to deliver and improve our Services. In these cases, limited personal data may be accessed from or transferred to locations outside the European Economic Area (EEA), such as the United States.

Safeguards for International Transfers

Whenever data is transferred outside the EEA, Dealfluence ensures a level of protection essentially equivalent to that guaranteed within the EU by implementing the following safeguards:

• Adequacy Decisions: We prioritize partners in countries approved by the European Commission.
• Standard Contractual Clauses (SCCs): We use the latest standard clauses approved by the EU Commission to ensure our partners follow GDPR-level security.
• Data Privacy Framework (DPF): For US-based providers, we ensure they are certified under the EU-US Data Privacy Framework where applicable.

6. Your Rights

• Right to Access: Request a copy of your data.
• Right to Rectification: Correct inaccurate information.
• Right to Erasure ("Right to be Forgotten"): Request deletion of data no longer needed.
• Right to Restriction: Limit how we process your data.
• Right to Object: Object to processing based on legitimate interest or direct marketing.
• Right to Data Portability: Receive your data in a machine-readable format.
• Right to Withdraw Consent: At any time where processing is based on consent.
• Right to Lodge a Complaint: You have the right to contact the Data Protection Ombudsman if you have concerns.

To exercise these rights, contact: privacy@adeu.ai. We may require identity verification before processing requests.

7. Security

We use technical and organizational measures including encryption, physical access controls, and network monitoring. Detailed information is available in our Security Policy.

8. Data Retention

• Contractual data: Retained for the duration of the Subscriber Agreement.
• Legal obligations: (e.g., accounting) Generally retained for 6-10 years as required by law.
• Marketing/Analytics: Retained as long as you are an active user or until you opt-out. Non-contractual data is generally deleted after 12 months of inactivity.

9. Changes to This Policy

We may update this policy. The "Last Updated" date at the top indicates the latest revision. Your continued use of the Service constitutes acceptance of the updated policy.

10. Contact Information