Deal14 ("we", "us", "our"), a product of EnovixPro LLC, is an M&A deal modelling platform for SBA 7(a) acquisitions. This Privacy Policy explains what information we collect, how we use it, and your rights in relation to it. By using Deal14, you agree to the practices described here.
1. Information We Collect
We collect information you provide directly when you create an account and use Deal14:
- Account information: your name, email address, and password.
- Deal data: business financials (revenue, EBITDA, P&L statements, balance sheets), deal structure inputs, valuation assumptions, and analyst notes you enter into the platform.
- Personal financial data: if you use the Personal Finances panel, information such as net worth, assets, liabilities, and equity injection amounts.
- Usage data: pages visited, features used, session duration, and error logs, collected automatically to improve the service.
- Payment information: billing details processed by Stripe (we never store your full card number — see Section 6).
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and improve the Deal14 platform.
- Authenticate your account and maintain session security.
- Calculate deal models, DSCR projections, and valuation outputs.
- Process payments and manage your subscription through Stripe.
- Send transactional emails (account confirmation, password reset) via Resend.
- Diagnose technical issues and monitor platform reliability.
- Comply with applicable legal obligations.
We do not use your deal data to train machine learning models, sell to third parties, or benchmark against other users' data.
3. AI Features and Data Sharing with Third-Party LLMs
Important: When you use AI Analysis or AI Data Room Extraction features, the deal data you have entered — including financial figures, business descriptions, and analyst notes — is transmitted to a third-party large language model (LLM) API for processing.
Specifically:
- If you use Deal14's platform AI credits (server-side path), your deal data is sent to Anthropic's Claude API. Anthropic's data handling is governed by Anthropic's privacy policy at anthropic.com/privacy.
- If you use your own API key (BYOK path), your deal data is sent directly to the provider whose key you supply (Anthropic or OpenAI). Their respective privacy policies apply.
- We do not permanently store the content of AI prompts or responses beyond what is needed to complete the request and log credit usage.
By using AI features, you acknowledge that deal data will leave Deal14's infrastructure and be processed by a third-party LLM provider. If your deals are subject to NDAs or strict confidentiality obligations, please review the relevant provider's data handling policy before using AI features, or use Privacy Mode to redact sensitive identifiers before running analysis.
4. Data Storage and Infrastructure
- Your account data and deal data are stored in a PostgreSQL database hosted by Supabase, Inc. (US-based). Supabase is SOC 2 Type II certified.
- Document uploads (Data Room) are stored in Supabase Storage (S3-compatible object storage).
- Deal14 is deployed on Vercel's edge infrastructure.
- All data is transmitted over encrypted connections (TLS 1.2+).
- Deal14 does not currently offer data residency selection — all data is stored in the United States.
5. Cookies and Local Storage
Deal14 uses:
- Authentication cookies set by Supabase to maintain your login session.
- Browser localStorage to store UI preferences such as privacy mode state and onboarding completion flags.
- No third-party advertising or tracking cookies.
6. Payment Processing
Payments are processed by Stripe, Inc. Deal14 does not store your credit card number, CVV, or full billing details. Stripe operates as an independent data controller for payment information. Stripe's privacy policy is available at stripe.com/privacy.
We store your Stripe Customer ID to manage subscriptions and credit purchases, and we receive webhook notifications from Stripe confirming payment outcomes.
7. Data Sharing
We do not sell, rent, or share your personal data or deal data with third parties for their own marketing purposes. We share data only as follows:
- Service providers: Supabase (database), Vercel (hosting), Stripe (payments), Resend (email), Anthropic/OpenAI (AI features — see Section 3).
- Legal compliance: if required by law, court order, or regulatory authority.
- Business transfer: in the event of a merger or acquisition, your data may transfer to the successor entity under the same privacy commitments.
8. Data Retention and Deletion
- Your account and deal data are retained for as long as your account is active.
- You may delete individual deals at any time from within the platform.
- To request full account deletion, contact us at privacy@deal14.com. We will delete your account and associated data within 30 days, except where retention is required by law.
- Stripe transaction records are retained per Stripe's standard retention policy (typically 7 years for financial compliance).
9. Security
We implement reasonable technical and organisational measures to protect your data, including encrypted connections, row-level security (RLS) on all database tables, and API key segregation. However, no system is completely secure. You are responsible for maintaining the confidentiality of your account password and any API keys you store in the platform.
10. Children's Privacy
Deal14 is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice within the platform. Continued use of Deal14 after changes take effect constitutes acceptance of the revised policy.
12. Contact
For privacy-related questions or data deletion requests:
- Email: privacy@deal14.com (EnovixPro LLC)
- Product: deal14.com