Privacy policy

This policy explains how Heritage Financial Advisors S.A.S. ("Heritage") collects, stores, processes and shares personal data when you use Dealflou (the "Platform"). It is drafted to be compliant with GDPR (EU), LGPD (Brazil), CPRA (California) and APPI (Japan).

Account data (name, email, firm), platform telemetry (IP, user agent, timestamp on every audit event), content you upload (documents, NDAs, IOIs, offers), and billing data (via Stripe; see Stripe's privacy policy for processor details).

Processing is conducted under (a) contract performance for account data and platform telemetry, (b) legitimate interest for security audit events, and (c) consent for optional notification subscriptions.

Each workspace pins to an in-region replica based on the firm's country of incorporation: EU (Frankfurt), US (Virginia), Brazil (São Paulo) or APAC (Singapore). Writes commit only to the home region.

Supabase (database + auth), Resend (transactional email), Stripe (billing), Anthropic and OpenAI (AI diligence inference on documents you opt in to process via AI).

You may request access, rectification, deletion, restriction of processing, portability and objection. Email privacy@dealflou.com or your firm admin. We respond within 30 days.

Audit events are retained for 7 years to satisfy financial-services audit norms. Account data is retained for the life of the contract plus 90 days. Documents in a data room are deleted on workspace closure unless retention is contractually extended.

AES-256 at rest, TLS 1.3 in transit, RLS-isolated tenancy, per-viewer document watermarking, audit chain end-to-end. Full controls list at /security.

Email privacy@dealflou.com. Data Protection Officer: dpo@dealflou.com.