Last updated: June 2026
This Privacy Policy explains how Dealflow SARL ("Dealflow", "we", "us") collects, uses, and protects your information when you use the Data Cleaning platform ("Service"). By using the Service you agree to this policy.
Dealflow SARL is the controller of your personal data. Contact: privacy@dealflow.eu. Our registered office is in Luxembourg.
| Category | Data | Source |
|---|---|---|
| Account data | Email address, hashed password, role | You, on sign-up |
| HubSpot cache | Companies, contacts, and associations from your HubSpot portal | Your HubSpot portal via API |
| Usage data | Pipeline run logs, merge history, dismissed pairs, review actions | Generated by your use of the Service |
| Billing data | Stripe customer ID, subscription status, plan tier | Stripe, when you subscribe |
| Communication data | Email address used for transactional emails (trial updates, digests) | You, on sign-up |
We do not collect payment card numbers. These are held by Stripe under their own privacy policy.
Legal basis (GDPR): performance of a contract (Art. 6(1)(b)) for providing the Service and billing; legitimate interests (Art. 6(1)(f)) for operational emails and service improvement.
To run deduplication efficiently we cache a local copy of your HubSpot companies and contacts in an encrypted SQLite database hosted on our VPS. This cache:
We share data only with the following sub-processors, all of whom provide adequate safeguards:
| Sub-processor | Purpose | Location |
|---|---|---|
| OVHcloud | VPS hosting for the application and database | EU (France) |
| Stripe | Payment processing and subscription management | EU / US |
| Resend | Transactional email delivery | US (SCCs in place) |
| HubSpot | CRM data source and merge target | US (SCCs in place) |
We do not sell your data to any third party.
If you are in the EU or UK you have the right to: access, correct, or delete your personal data; object to or restrict processing; data portability; withdraw consent where consent is the legal basis; lodge a complaint with your supervisory authority.
To exercise any right, or to request deletion of your entire portal, email privacy@dealflow.eu. We will respond within 30 days. You can also delete your portal data immediately from within the Service (Settings → Delete account).
HubSpot API tokens are encrypted at rest using Fernet symmetric encryption. The database files are stored on an OVHcloud VPS with access restricted to the application process. We use HTTPS for all data in transit. Daily backups are retained for 7 days.
We use one HttpOnly session cookie (dc_session) to authenticate you after login. We do not use advertising cookies, analytics cookies, or third-party trackers.
We may update this policy to reflect changes in the Service or legal requirements. We will notify you by email at least 14 days before material changes take effect. Continued use of the Service after the effective date constitutes acceptance.
Questions about this policy: privacy@dealflow.eu