Privacy Policy

If you choose to connect your Google account, our application may access certain Google data strictly to provide the features you enable.

• Gmail: Read and send email content and metadata as necessary to draft, send, and organize messages you initiate within the app.
• Google Calendar: Read and create events in order to schedule meetings and reminders based on your explicit actions.
• Google Sheets: Create and update spreadsheets to run analyses and sensitivity models you request.
• Google Drive: Create, copy, and export documents and spreadsheets you request (e.g., LOIs, reports), and manage access where you instruct us to do so.

We do not use Google data for advertising, and we do not sell Google data. Access is limited to the minimum necessary to provide the requested functionality, and only while those features are in use.

Deal Manager AI's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Limited Use Commitments. For Gmail/Calendar scopes, we (i) use Google user data only to provide user-facing features you request; (ii) do not transfer Google user data to third parties except as necessary to provide or improve those features, comply with law, or with your explicit consent; (iii) do not use Google user data for advertising; and (iv) do not allow human access to Google user data except with your consent, to comply with applicable law, or for security/abuse investigations.

Revocation & Deletion. If you disconnect Google, we cease access immediately and delete stored Google-derived content within a reasonable period (typically ≤30 days) unless we must retain it to comply with law, resolve disputes, or enforce agreements.

We rely on trusted service providers to deliver specific functionality. Depending on the features you enable, we may transfer limited information to the following categories of processors strictly to provide the Services:

• OpenAI (Models such as GPT-4o/GPT-5.4): We send text you provide (e.g., prompts, document excerpts, workbook cell data) to generate summaries, analysis, embeddings for semantic search, and background quality audits. OpenAI does not use API data for model training. See OpenAI's API Data Usage Policy for details.
• Google Gemini (Cloud AI): We send text and property data to generate investor summaries, property images, and vector embeddings for natural language property search. Gemini may receive deal form data (property details, financial metrics) when generating narrative content, and parcel descriptions (addresses, lot sizes, zoning) for embedding. Google Cloud AI does not use customer data for model training under commercial terms. See Google Cloud Gemini Data Governance for details.
• Anthropic Claude (API): Our primary AI provider for the Excel Add-in, document analysis, and financial modeling. Claude receives extracted document text, workbook cell values and formulas, and conversation context. We use Anthropic's commercial API, which has a zero-retention policy—data is deleted immediately after the response is generated and is never used for model training. See Anthropic's API Documentation for details.
• Perplexity AI: Used for live market research, cap rate lookups, comparable sales data, and web search. Perplexity receives your research question and property address—it does not receive your uploaded files, spreadsheet data, or deal details. See Perplexity Help Center for details.
• Microsoft Graph (Outlook and Calendar): If connected, we access and send email and event data necessary to perform actions you initiate (similar to our Google integrations).
• Zoom: If connected, we manage meeting creation and may access cloud recording metadata as needed to power requested features.
• Twilio: Powers voice features (call initiation, IVR, and similar). We may process call metadata and audio streams as necessary to complete the feature you request. We do not store audio recordings unless you explicitly save or upload them.
• Dropbox: If connected, we upload/download files and manage folders to store documents you choose to sync to your Dropbox account.
• HubSpot: If connected, we sync contacts, companies, and deals you select between our application and your HubSpot CRM.
• Stripe: Processes payments and subscriptions. We do not store raw card details on our servers.
• Clerk: Provides authentication and user management.
• Convex: Primary application data store for documents, messages, and integration tokens.
• Vercel (hosting and file storage via Vercel Blob): Hosts our application and stores certain uploaded files as part of the document workflow.
• Google Maps Platform: Geocoding, places search, and maps display to support property analysis and location context for addresses you provide.
• ATTOM Data Solutions: Property intelligence and parcel data provider. When you request property information, we send addresses you provide to ATTOM to retrieve property details, assessments, ownership records, and market data. ATTOM data is displayed within the Services and may be exported with proper attribution. We do not share your personal information with ATTOM beyond the addresses you explicitly request to analyze.
• LightBox (LightboxRE): Property and parcel data provider. When you request property searches, batch processing, or owner portfolio queries, we send addresses and owner names you provide to LightBox to retrieve parcel data, assessments, ownership information, and market analytics. LightBox data is displayed within the Services and may be exported with proper attribution. We do not share your personal information with LightBox beyond the addresses and queries you explicitly request to analyze.
• RentCast: Rental market data and property analytics provider. When you request rental market information or property valuations, we send addresses you provide to RentCast to retrieve rental rates, market trends, and property analytics. RentCast data is displayed within the Services and may be exported with proper attribution. We do not share your personal information with RentCast beyond the addresses you explicitly request to analyze.
• First Street Foundation (Flood Data): Climate and flood risk data provider. When you request flood risk analysis or climate data for properties, we send addresses you provide to First Street to retrieve flood risk scores, historical flood data, and climate projections. First Street data is displayed within the Services and may be exported with proper attribution. We do not share your personal information with First Street beyond the addresses you explicitly request to analyze.
• Apollo.io: B2B contact and company data provider. When you use contact enrichment or company lookup features, we send names, email addresses, or company names you provide to Apollo to retrieve professional contact information, company details, and business intelligence. Apollo data is displayed within the Services and may be exported with proper attribution. We do not share your personal information with Apollo beyond the queries you explicitly request.
• Manus AI (a Meta company): Autonomous AI agent for complex multi-step tasks. Manus was originally developed by a Chinese-backed company with headquarters in Singapore. In December 2025, Manus was acquired by Meta Platforms, Inc. and now operates under Meta ownership with servers hosted in the United States, subject to U.S. regulatory standards. Under Meta's API terms, Manus does not use private user data or task outputs to train its base models. When you use Manus AI features, your deal context (property details, financial metrics, workbook data) is transmitted to Manus to generate the requested analysis or document. Manus is used when you select it from the model dropdown in the Excel Add-in or web chat, and also during new deal analysis in Financial Analysis where Manus powers the initial deal processing. Raw uploaded files are not sent to Manus unless you explicitly attach them in a Manus chat session. We recommend you do not share sensitive information such as social security numbers, birthdates, or other personally identifiable information (PII) when using Manus AI. For more details, see our Manus AI Disclaimer.
• Pinecone: Vector database used to improve document search and extraction accuracy for files you upload when that feature is enabled.
• SMTP Email Provider: Sends application and notification emails using configured SMTP credentials.

We do not sell your personal information. Transfers to these processors are limited to what is required to provide the requested feature and are subject to contractual confidentiality and security obligations.

Sub-processor Listing. We publish a current list of sub-processors (infrastructure, analytics, AI, and service providers) at /legal/subprocessors. We may update that list as our Service evolves.

Property Data Providers (ATTOM, LightBox, RentCast, First Street, Apollo): When you use property search, batch processing, flood risk analysis, contact enrichment, or owner portfolio features, we send only the addresses and property-related queries you explicitly provide to these data providers. We do not share your account information, personal details, or other content with these providers. Property data retrieved from these providers is displayed within the Services and stored in your account for your use.

Retention Window. We may retain property-data responses for performance and history within your account; we also periodically refresh data from providers to maintain accuracy.

Export Footer. Exports containing provider data include an attribution footer (e.g., "Data Sources: ATTOM / LightBox / RentCast / First Street / Apollo ©. Licensed for use within Deal Manager AI. No redistribution or model training."). You agree not to remove these notices. We maintain audit logs of data exports for compliance purposes. For more information about export restrictions and permitted uses, see ourTerms of Service.

We do NOT use your data to train AI models, and our AI providers do NOT use your data to train their models under our commercial API agreements.

We use commercial API endpoints configured to opt out of provider model training where available. Our AI providers state in their commercial terms and documentation that content sent via their APIs is not used to train models unless a customer explicitly opts in. We have not opted in.

Your content, documents, and prompts are processed solely to provide you with the Services you request. For current provider policies, see:

• OpenAI: OpenAI's API Data Usage Policy
• Google Gemini: Google Cloud Gemini Data Governance
• Anthropic Claude: Anthropic's API Documentation
• Perplexity AI: Perplexity Help Center
• Manus AI (Meta): Manus Privacy Policy

Important Note: These protections apply specifically to data processed through commercial API usage. The policies may differ for consumer/free tier accounts that users might have directly with these providers outside of our Services.

We do not sell your personal information. We may share information with trusted service providers who assist in operating the Services (e.g., cloud hosting, analytics, email delivery) under contractual obligations of confidentiality and security. We may also share information if required by law or to protect rights, safety, and security.

We use essential cookies and similar technologies to enable core functionality such as authentication and session management. We do not use third‑party advertising cookies. You can control cookies via your browser settings; however, disabling essential cookies may impact functionality.

We retain information for as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements.

• Account and profile data: retained while your account remains active.
• Documents and uploads: retained until you delete them or your account is deleted.
• Chat and analysis history: retained to provide context and history until you delete it.
• Property search queries and results: retained to provide search history and context until you delete them or your account is deleted.
• Data export logs: retained for compliance and audit purposes as required by data provider licensing terms.
• Integration tokens: retained until you disconnect/revoke the integration or delete your account.
• Payment records: retained as required for tax, audit, and regulatory compliance.
• System logs: retained for a limited time for security and troubleshooting.

We implement technical and organizational measures designed to protect information against unauthorized access, loss, misuse, or alteration. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

Human Access Policy. We restrict human access to customer content. Limited, audited access may occur to investigate security, fraud, or abuse; to comply with law; or with your explicit permission for support. Access is role-based and logged.