Privacy Policy

Last updated: March 2026

1. Information We Collect

Account Information

When you register, we collect your email address and password (stored securely). You may optionally provide your name.

Real Estate Transaction Data

When you upload settlement statement PDFs, we store the original PDF documents and process and store the extracted data including property addresses, close dates, commission amounts, agent names, and fee breakdowns. This data is essential to providing the Service.

Financial Data

We store journal entries, GL account mappings, and posting records generated from your deal data. When you connect QuickBooks Online or Google Sheets, we store OAuth tokens (encrypted) to maintain your authorized connections.

Usage Data

We collect basic usage information such as login timestamps, pages visited, and feature usage for the purpose of improving the Service. We do not use third-party analytics or tracking scripts.

Payment Information

Payment processing is handled by Stripe. We do not store your credit card number or full payment details. We store your Stripe customer ID and subscription status to manage your account.

2. How We Use Your Data

We use your data to:

  • Provide and operate the Service, including AI-powered data extraction
  • Process your deals, generate journal entries, and post to your connected integrations
  • Manage your account and subscription
  • Send transactional emails (account verification, password reset, deal notifications)
  • Improve the Service and fix bugs
  • Respond to your support requests

We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except as described below.

3. Third-Party Services

We share data with the following third-party services as necessary to operate the Service:

  • AI Processing Services — Settlement statement PDFs are sent to AI services for data extraction. Your data is not used to train AI models.
  • QuickBooks Online (Intuit) — When you authorize the QBO integration, deal data and journal entries are transmitted to your QuickBooks company. Only data you explicitly approve is posted.
  • Google Sheets — When you authorize the Google Sheets integration, deal data is written to your specified spreadsheet.
  • Stripe — Handles payment processing. Receives your email and payment method information.
  • Resend — Sends transactional emails on our behalf. Receives your email address and email content.
  • Honeybadger — Error monitoring service. May receive technical error details (never including raw financial data or credentials).
  • Fly.io — Cloud hosting provider. Our application and database are hosted on Fly.io infrastructure.

4. Data Security

We implement the following security measures to protect your data:

  • Encryption in transit: All connections use TLS/HTTPS encryption.
  • Encryption at rest: Sensitive data including OAuth tokens and API credentials are encrypted using industry-standard encryption.
  • Data isolation: Your data is logically isolated from other users. You cannot access another user's data.
  • Password security: Passwords are hashed using industry-standard algorithms.
  • Session security: Sessions are stored in signed, HTTP-only cookies with SameSite protection.

5. Data Retention

We retain your data for as long as your account is active. If you cancel your subscription, your data remains accessible. If you delete your account, we will delete your personal data within 30 days.

Uploaded PDFs are stored for the duration of your account. You may request deletion of specific PDFs at any time.

6. Your Rights

You have the right to:

  • Access: View all data associated with your account through the Service interface.
  • Correct: Update your account information and deal data at any time.
  • Delete: Request deletion of your account and associated data by contacting us.
  • Disconnect: Revoke third-party integrations (QBO, Google Sheets) at any time by contacting us.

California Residents

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your personal information, and the right to opt out of the sale of your personal information. We do not sell personal information. To exercise your rights, contact us at the address below.

7. Cookies

We use only essential cookies:

  • Session cookie: Required to maintain your authenticated session.
  • Remember-me cookie: Optional, used to keep you logged in between sessions if you choose.
  • Security cookie: Used for cross-site request forgery (CSRF) protection.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

8. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

10. Contact

If you have questions about this Privacy Policy or your data, please contact us at support@dealsplit.ai.