DealOS← Back to sign in

Privacy Policy

Last updated: 8 July 2026

DealOS is a due-diligence platform for mergers and acquisitions. Buyers and sellers run a series of recorded “Understand Sessions”, and our analysis engine (ALICE) turns those conversations and supporting documents into structured findings. This policy explains what personal data we collect, why, who we share it with, and the rights you have over it.

DealOS is operated by [Legal entity name](“DealOS”, “we”, “us”), [registered address]. For any privacy question or to exercise your rights, contact [privacy@yourdomain].

1. Who this policy covers

It applies to everyone who uses DealOS: buy-side and sell-side users invited to a deal, and anyone who takes part in an Understand Session. If your organisation invited you to a deal, that organisation decides what data is processed on the deal (it is the “controller”), and DealOS processes it on their behalf as well as being a controller for our own account and security data.

2. Data we collect

  • Account & identity — your name, email address, company, job title on a deal, and a securely hashed password (handled by our authentication provider).
  • Deal information — the target company, deal type and structure, pillars and questions, and the buyer/seller team members on each deal.
  • Understand Session recordings & transcripts — audio captured during sessions (in person via the host’s device, or on Google Meet via a meeting-assistant bot), the resulting transcripts, and speaker labels.
  • Documents — files you upload to a deal’s Data Room, and the facts our engine extracts from them.
  • Derived analysis — extracted facts, risks, gaps, tasks, coverage scores, and an activity log of who did what and when.
  • Calendar data — if you connect Google Calendar, we read free/busy availability and create/modify meeting events for scheduling. We do not read the content of unrelated events.
  • Financial data — if you connect an accounting system (e.g. Xero) or a bank via open banking, we access the specific read-only data needed for the Financial pillar.
  • Technical data — logs, IP address, and basic usage needed to run and secure the service.

3. Recorded conversations

Understand Sessions are recorded and transcribed — that is the core of how DealOS works. Anyone joining a session is shown that it is being recorded before it begins. Recordings and transcripts are used to produce the deal’s findings and can be re-processed to improve accuracy. Do not use a session to discuss information you are not authorised to record or share.

4. How we use your data

  • To provide the service — run sessions, extract facts, schedule calls, manage tasks, and collaborate across the deal team.
  • To generate analysis using automated processing and AI models (see processors below).
  • To secure the platform, prevent abuse, debug, and meet legal obligations.
  • To communicate with you about your account and deals.

We do not sell your personal data, and we do not use your deal content to train third-party foundation models beyond what is required to return a result for your own request.

5. Legal bases (UK/EU GDPR)

  • Performance of a contract — to deliver the platform you or your organisation signed up for.
  • Legitimate interests — to operate, secure, and improve the service, balanced against your rights.
  • Consent — where you connect an optional integration (calendar, accounting, banking) or where consent is otherwise required. You can withdraw it at any time.
  • Legal obligation — where we must retain or disclose data by law.

6. Service providers (processors)

We share data with vetted providers who process it only to run DealOS on our instructions:

  • Cloud hosting & database — application hosting and our Postgres database, storage, and authentication.
  • Speech-to-text — transcription of session audio.
  • Meeting capture — a meeting-assistant bot that joins scheduled Google Meet calls to capture audio/transcripts.
  • AI processing — a large-language-model provider that extracts and structures facts from transcripts and documents.
  • Integrations — Google (Calendar) and financial-data providers (e.g. accounting and open-banking aggregators) when you connect them.

A current list of sub-processors is available on request at [privacy@yourdomain].

7. Sharing within a deal

A deal is collaborative. Members of your side see your team’s activity; findings, tasks, and shared documents are visible to the relevant parties on the deal. Documents you upload privately, and the facts our engine derives, are visible only to your side unless you choose to share them. We may also disclose data where required by law or to protect our rights and users.

8. International transfers

Some providers may process data outside the UK/EEA. Where they do, we rely on appropriate safeguards such as UK/EU Standard Contractual Clauses or an adequacy decision.

9. Retention

We keep deal data — including recordings, transcripts, documents, and findings — for as long as the deal is active and for a reasonable period afterwards to support the parties, unless a controller instructs deletion sooner. Account data is kept while your account is open. When data is no longer needed, we delete or anonymise it.

10. Security

Data is encrypted in transit, access is restricted on a need-to-know basis, integration tokens and secrets are stored securely, and financial connections are read-only. No system is perfectly secure, but we work to protect your data with appropriate technical and organisational measures.

11. Your rights

Subject to law, you may request access to your data, correction, erasure, restriction, a portable copy, or object to certain processing, and you can withdraw consent for optional integrations. To make a request, contact [privacy@yourdomain]. If your data is processed on a deal by another organisation, we may direct your request to them as the controller. You can also complain to the UK Information Commissioner’s Office (ICO) or your local data-protection authority.

12. Children

DealOS is a business tool and is not intended for anyone under 18.

13. Changes to this policy

We may update this policy from time to time. Material changes will be reflected by the “last updated” date above and, where appropriate, communicated to you.

14. Contact

Questions about this policy or your data? Email [privacy@yourdomain], or write to [Legal entity name, registered address].

Sign in·Create an account