How DealSharp handles personal data

This policy explains what we collect, why we collect it, how long we keep it, and the rights available to you under data protection laws including the GDPR.

Effective date: May 10, 2026

Short version: we use personal data to provide DealSharp, support users, secure the service, improve product reliability, and respond to demo or support requests. We do not sell personal data. We do not use customer content, uploaded documents, negotiation transcripts, voice recordings, or strategy-chat content to train general AI models. We require our subprocessors not to use DealSharp customer data to train their own models.

Who We Are

DealSharp provides negotiation training, strategy coaching and live negotiation support tools for professional teams. For privacy questions, contact us at ekjosbakken@dealsharp.ai or hsigmond@dealsharp.ai.

Personal Data We Collect

Account and contact data: name, work email, company, role, authentication identifiers and demo-request information.
Customer content: deal descriptions, negotiation setup data, chat messages, uploaded documents, transcripts, notes, comments and other material users choose to provide.
Voice and session data: audio, generated transcripts, feedback, scores, timestamps and session metadata where voice features are used.
Technical data: device, browser, IP address, log events, security telemetry, cookies or similar identifiers needed to operate and secure the service.
Communications: emails, support requests, feedback and related correspondence.

Purposes and Legal Bases

Provide the service: to run simulations, strategy chat, document analysis, live mode, accounts and support. Legal basis: contract or steps requested before entering a contract.
Security and reliability: to prevent abuse, debug issues, monitor availability and protect the platform. Legal basis: legitimate interests and legal obligations.
Product improvement: to improve workflows, usability and reliability using aggregated, de-identified or internal operational data where possible. Legal basis: legitimate interests.
Sales and communications: to respond to demo requests and service inquiries. Legal basis: consent, legitimate interests or pre-contractual steps, depending on the context.
Compliance: to meet legal, tax, audit and regulatory obligations. Legal basis: legal obligation.

AI Processing and Training

DealSharp may send prompts, customer content, documents, transcripts or related context to AI infrastructure providers solely to generate the requested service output. We do not permit those providers or other subprocessors to use DealSharp customer data to train or improve their general models. We do not sell, rent or trade customer content.

Subprocessors

We use carefully selected subprocessors for hosting, authentication, storage, email delivery, analytics, security monitoring, transcription, voice generation and AI inference. Subprocessors may process personal data only under written instructions, confidentiality obligations, security commitments and restrictions that prohibit training on DealSharp customer data. Where required by the GDPR, we use data processing terms and transfer safeguards such as Standard Contractual Clauses or adequacy decisions.

International Transfers

Personal data may be processed in the EEA, the United Kingdom, the United States and other countries where we or our subprocessors operate. Where personal data is transferred outside the EEA or UK, we rely on appropriate safeguards such as adequacy decisions, Standard Contractual Clauses and supplementary security measures where needed.

Retention

We keep personal data only as long as reasonably necessary for the purposes described above, unless a longer retention period is required by law, contract, security needs or dispute handling. Customers may request deletion of account data and customer content, subject to backups, legal holds and legitimate retention needs.

Security

We use technical and organisational safeguards designed to protect personal data, including access controls, encryption in transit, restricted production access, logging and operational security controls. No system is perfectly secure, but we work to keep risk proportionate to the sensitivity of the data.

Your Rights

Depending on your location, you may have the right to access, correct, delete, restrict or object to processing of your personal data, request portability, withdraw consent, and lodge a complaint with a supervisory authority. EEA users may contact their local data protection authority.

Children

DealSharp is intended for professional users and is not directed to children. We do not knowingly collect personal data from children.

Changes

We may update this policy as the service develops. If changes are material, we will take reasonable steps to notify users or customers.