Privacy Policy

1. Scope and Role

DealSeal generally acts as a service provider or processor on behalf of dealerships, lenders, and enterprise organizations that control transaction data. In some cases (such as account administration, billing, and support), DealSeal may act as a controller for limited business information.

This policy applies to platform users, administrators, and organization representatives. It does not replace customer-specific contractual privacy terms or legal obligations imposed on dealers/lenders under applicable law.

2. Information We Collect

Depending on platform use, we may collect:

• Account and organization data: names, business contact details, user credentials, role/access assignments, and workspace identifiers.
• Transaction and document data: deal details, uploaded documents, form metadata, workflow status, and audit history.
• Operational and device data: IP address, request metadata, timestamped events, and system logs used for security and reliability.
• Integration and billing data: API key identifiers, usage records, subscription details, and payment-provider references.
• Support communications: messages, issue reports, and service tickets submitted to our team.

3. How We Use Information

We use information to:

• Provide, operate, and maintain the DealSeal platform and platform modules (including Deal Builder and Deal Scan).
• Process workflows, document generation tasks, verification functions, and compliance support activities.
• Authenticate users, enforce role-based access controls, and secure platform sessions.
• Detect, prevent, and investigate fraud, abuse, and security incidents.
• Monitor performance, reliability, and service usage for operational improvement.
• Support billing, invoicing, customer communications, and contractual administration.
• Comply with applicable legal, regulatory, and contractual obligations.

4. AI and Automated Processing

DealSeal may use AI-assisted tools to support document preparation, validation prompts, and workflow efficiency. These capabilities are designed as support functions and do not replace required human/legal review by authorized users.

We apply reasonable controls around AI-assisted processing, including scoped service usage, access controls, and audit logging where available.

5. Legal Bases and Compliance Context

Where applicable, we process information based on one or more of the following: contractual necessity, legitimate interests in secure operations, legal obligations, and authorized customer instructions.

Customers remain responsible for determining lawful grounds for transaction data submitted through the platform and for providing required notices and consents to consumers.

6. Information Sharing and Disclosure

We may share information:

• With your organization and authorized users under your account/workspace.
• With service providers that support hosting, storage, security, analytics, communications, and billing.
• With integration partners when configured by your organization.
• When required by law, subpoena, court order, or lawful governmental request.
• To enforce platform terms, protect rights/safety, or investigate suspected unlawful activity.
• In connection with a merger, acquisition, financing, or corporate reorganization (subject to applicable safeguards).

We do not sell personal information for monetary consideration.

7. Security Safeguards

We maintain administrative, technical, and organizational safeguards designed to protect information, including:

• Encrypted transport channels in production environments.
• Security header hardening, controlled CORS configuration, and rate-limiting controls.
• Role-based access controls and authenticated platform sessions.
• Monitoring, logging, and incident response support processes.

No security program can guarantee absolute protection, but we continuously improve controls based on risk, operational experience, and evolving standards.

8. Data Retention

We retain information for as long as necessary to provide services, satisfy contractual commitments, support audit and security obligations, resolve disputes, and comply with legal requirements.

Retention periods may vary by data category, workspace configuration, and applicable law.

9. Your Privacy Rights and Choices

Subject to applicable law and your role, you may have rights to access, correct, update, or delete certain personal information, and to object to or restrict certain processing.

If your data is managed by a dealership, lender, or enterprise customer, you should direct requests to that organization first. We will support customer-directed requests where required.

10. International and Regional Privacy Requirements

If applicable, DealSeal supports privacy compliance obligations under relevant regional frameworks through contractual commitments, processor obligations, and reasonable transfer safeguards.

Specific regional disclosures or addenda may be provided separately for enterprise customers when required.

11. Children's Privacy

DealSeal is intended for business and professional use and is not directed to children.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect platform enhancements, legal changes, or updated operational practices.

Material updates may be communicated through platform notices or other reasonable channels. Continued platform use after an effective date constitutes acceptance of the updated policy.

13. Contact

For privacy questions, requests, or incident-related concerns, please contact the DealSeal support or compliance channel provided within your organization's platform workspace.