Privacy Policy | DealAGI

1. Overview

DealAGI ("we", "our", or "us") operates an AI-powered voice sales agent platform accessible at app.dealagi.ai. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and what rights you have over it.

This policy applies to:

•Customers — companies and individuals who sign up and use the DealAGI platform

•Prospects — individuals whose information is collected during AI-assisted sales calls conducted through the platform

•Website visitors — anyone visiting dealagi.ai

If you are a Prospect whose data was collected during a sales call, please contact the company that used DealAGI to reach you. They are the data controller for that interaction; DealAGI acts as a data processor on their behalf.

2. Data We Collect

We collect the following categories of personal data:

Account & Customer Data

•Name, email address, company name, job title

•Billing information (processed by Stripe — we do not store card numbers)

•Account credentials and authentication tokens

Prospect Data (collected during AI sales calls)

•Name, email address, company, job title

•Conversation transcripts and audio recordings

•AI-generated qualification scores, summaries, and call notes

•Behavioural signals from the call (intent, engagement, objections raised)

Usage & Technical Data

•Pages visited, features used, and session duration

•IP address, browser type, device type

•Error logs and performance data

We do not intentionally collect sensitive personal data such as health information, racial or ethnic origin, political opinions, or financial account details.

3. How We Use Your Data

We use personal data for the following purposes:

Service delivery

•To provide, operate, and improve the DealAGI platform

•To run AI voice agents and generate call transcripts, summaries, and qualification scores

•To display lead and pipeline intelligence in your dashboard

Communications

•To send account-related emails (onboarding, billing, support)

•To notify you of product updates and new features (you can opt out at any time)

Security & compliance

•To detect and prevent fraud, abuse, and unauthorised access

•To comply with legal obligations

AI model improvement

•We do not use your call transcripts or prospect data to train third-party AI models without explicit consent. Transcripts are processed by Anthropic's Claude API strictly to generate in-session responses and summaries.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and United Kingdom, our legal bases for processing personal data are:

•Contract performance — processing necessary to deliver the services you signed up for

•Legitimate interests — improving our platform, ensuring security, and preventing fraud

•Legal obligation — complying with applicable laws and regulations

•Consent — where we have explicitly asked for and received your consent (e.g. marketing emails)

You may withdraw consent at any time without affecting the lawfulness of prior processing.

5. Subprocessors & Data Sharing

We share data with the following trusted subprocessors to operate our service:

SubprocessorPurposeLocation

SupabaseDatabase hosting and authenticationTokyo, Japan (ap-northeast-1)

AnthropicAI language model (Claude) for generating responses and summariesUnited States

VapiVoice AI infrastructure — speech-to-text and text-to-speechUnited States

VercelApplication hosting and edge deliveryTokyo, Japan (nrt1)

StripePayment processingUnited States

All subprocessors are required to handle personal data in accordance with GDPR and applicable data protection laws. We do not sell personal data to third parties.

We may disclose personal data if required by law or to protect the rights, property, or safety of DealAGI, our users, or the public.

6. Data Retention

We retain personal data for the following periods:

•Account data — retained for the duration of your subscription plus 90 days after account closure

•Call transcripts and prospect data — retained for 12 months from the date of the call, unless your plan or a data deletion request specifies otherwise

•Usage and technical logs — retained for 90 days

•Billing records — retained for 7 years as required by applicable tax law

You may request earlier deletion of your data at any time (see Section 8).

7. Data Security

We take security seriously and implement the following measures:

•Row-Level Security (RLS) on all database tables — each customer can only access their own data

•All data in transit is encrypted using TLS 1.2 or higher

•Authentication is handled by Supabase Auth with industry-standard JWT tokens

•Access to production systems is restricted to authorised personnel only

•Third-party subprocessors are vetted for their own security practices

No method of transmission over the Internet is 100% secure. If you discover a security vulnerability, please report it to security@dealagi.ai.

8. Your Rights

Depending on your location, you may have the following rights:

•Right of access — request a copy of the personal data we hold about you

•Right to rectification — request correction of inaccurate data

•Right to erasure ("right to be forgotten") — request deletion of your personal data

•Right to data portability — receive your data in a structured, machine-readable format

•Right to restrict processing — ask us to limit how we use your data

•Right to object — object to processing based on legitimate interests

•Right to withdraw consent — where processing is based on consent

To exercise any of these rights, email us at privacy@dealagi.ai. We will respond within 30 days. We may ask you to verify your identity before processing the request.

If you are in the EEA or UK and believe we have not handled your data correctly, you have the right to lodge a complaint with your local supervisory authority.

9. Cookies

We use a minimal set of cookies:

•Authentication cookies — essential for keeping you logged in (session management via Supabase Auth). These are strictly necessary and cannot be disabled.

•Preference cookies — used to remember your settings and language preferences.

We do not currently use advertising or third-party tracking cookies. If this changes, we will update this policy and request your consent where required.

10. International Data Transfers

Our primary data storage is in Tokyo, Japan (Supabase). Some subprocessors, including Anthropic and Vapi, process data in the United States.

For transfers from the EEA or UK to countries without an adequacy decision, we rely on Standard Contractual Clauses (SCCs) as the transfer mechanism. Anthropic and Vapi maintain their own GDPR-compliant data transfer frameworks.

11. Children's Privacy

DealAGI is a B2B platform intended for use by businesses and professionals. We do not knowingly collect personal data from individuals under the age of 16. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by displaying a prominent notice in the app at least 14 days before the changes take effect. The "Last updated" date at the top of this page will always reflect the most recent version.

Continued use of DealAGI after changes take effect constitutes your acceptance of the updated policy.

13. Contact Us

For any privacy-related questions, requests, or complaints:

Email: privacy@dealagi.ai

Company: DealAGI

Website: https://dealagi.ai

We aim to respond to all privacy enquiries within 5 business days.

Questions about this policy?

Email us at privacy@dealagi.ai — we aim to respond within 5 business days.