Privacy Policy
Last updated: March 20, 2026
Introduction
DealMotion B.V. ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our AI-powered sales enablement platform.
Data Controller
Personal Data We Collect
We collect the following categories of personal data:
Account Information
- Full name and business email address
- Password (encrypted)
- Profile information (role, experience, company details)
Content You Create
- Account and contact information you enter
- Research notes, meeting preparations, and follow-up content
- Uploaded documents to your knowledge base
- Meeting recordings and transcripts (when using AI Notetaker)
Calendar Integration Data
When you connect your Google Calendar or Microsoft 365 calendar, we access the following data with read-only permissions:
- Event titles, dates, times, and durations
- Attendee names and email addresses
- Event descriptions (used to detect meeting URLs)
- Meeting locations and online meeting URLs (Zoom, Teams, Google Meet)
- Organizer information and response status
OAuth tokens are encrypted at rest using AES-256 encryption. We request only read-only access and never modify your calendar. You can disconnect your calendar at any time from Settings, which deletes all synced data and revokes our access.
Email Integration Data
When you enable email sync on your connected Microsoft 365 account, we access the following data with read-only permissions:
- Email metadata: subject lines, sender and recipient names and email addresses, dates and times, importance level
- Threading information: conversation IDs and message references (used to group related emails)
- Email body content is NOT automatically stored. You can view an email body on demand, but it is only permanently saved if you explicitly choose to "log" it
- We automatically exclude internal company emails (your own domain) and emails matching your personal never-log rules
- Email metadata is linked to your existing CRM accounts and contacts using email addresses and company domains. This helps you see all communication with a prospect in one place
OAuth tokens are encrypted at rest using AES-256 encryption. You can disable email sync at any time from Settings, which stops syncing and allows you to delete all synced email data. Disabling email sync does not affect your calendar connection.
Data of Email Correspondents (Third Parties)
When a DealMotion user enables email sync, we process limited personal data of their email correspondents (the people they exchange emails with). This section fulfills our transparency obligation under GDPR Article 14.
- Data processed: name, email address, subject lines, and timestamps from business email correspondence
- Source: synced from the DealMotion user's connected email account (Microsoft 365)
- Purpose: linking business communications to CRM records for sales relationship management
- Legal basis: legitimate interest of the data controller (Article 6(1)(f) GDPR) — see our Legitimate Interest Assessment
- Retention: configurable by the user (default 365 days), after which data is automatically deleted
- Your rights: you may request access to, rectification of, or deletion of your personal data at any time by contacting privacy@dealmotion.ai. Upon a deletion request, your data is removed and your email address is added to a suppression list to prevent re-processing
We provide this information publicly as individual notification to all correspondents would involve disproportionate effort (Article 14(5)(b) GDPR), given the volume of business email processed
Technical Data
- IP address and browser type
- Device information and session data
- Usage analytics (features used, timing)
How We Use Your Data
- Provide and improve our AI-powered sales enablement services
- Generate personalized research, preparation, and follow-up content
- Process payments and manage your subscription
- Send transactional emails (account updates, service notifications)
- Ensure security and prevent fraud
- Link business email correspondence to CRM records for a complete view of customer interactions
Legal Basis for Processing
- Contract performance: Processing necessary to provide the service you subscribed to
- Consent: For optional features like calendar integration
- Legitimate interest: For analytics, service improvement, and email integration (linking business email metadata to CRM records for sales relationship management)
- Legal obligation: For tax and accounting records
Data Retention
We retain your data according to the following principles:
- Account data: Retained while your account is active, deleted within 30 days of account deletion
- Content data: Deleted immediately upon account deletion
- Calendar data: Deleted when you disconnect your calendar or delete your account. Synced meeting data covers the next 14 days and is refreshed automatically.
- Billing records: Anonymized and retained for 7 years for tax compliance
- Email data: Configurable retention period (default 365 days). Automatically deleted after your chosen retention period. You can delete all email data immediately by disabling email sync in Settings.
- Technical logs: Automatically deleted after 90 days
Your Rights Under GDPR
As an EU resident, you have the following rights:
- Right of Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate personal data
- Right to Erasure: Request deletion of your personal data
- Right to Data Portability: Receive your data in a machine-readable format
- Right to Object: Object to processing based on legitimate interest
- Right to Withdraw Consent: Withdraw consent where processing is based on consent
You can exercise most of these rights directly from your account settings (Settings → Privacy & Data). For other requests, contact us at privacy@dealmotion.ai.
If you are not a DealMotion user but believe we process your personal data through our email integration feature, you can exercise your rights by contacting privacy@dealmotion.ai. We will respond within one month.
Data Sharing, Transfer, and Disclosure
We do not sell your personal data. We share data only with the third-party service providers listed under Subprocessors below, strictly for operating the service. Specifically regarding Google user data:
- Calendar event data obtained from Google APIs is stored in our encrypted database (Supabase, EU) and used solely to display your meetings and generate AI-powered meeting preparations.
- Attendee email addresses from Google Calendar are used to match meetings with your existing accounts. This data is not shared with, transferred to, or disclosed to any third party beyond our infrastructure providers listed below.
- AI content generation (Anthropic) receives meeting context (titles, attendee names) to generate preparation materials. No raw Google API tokens or full calendar data are sent to AI providers.
- You can revoke access and delete all Google Calendar data at any time via Settings → Integrations → Disconnect.
DealMotion's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
International Data Transfers
Some of our service providers are located outside the EU. We only use providers that:
Have certified under the EU-US Data Privacy Framework (DPF), have signed Standard Contractual Clauses (SCCs), or are located in countries with an EU adequacy decision.
Subprocessors
We use the following third-party service providers:
| Service | Purpose | Location |
|---|---|---|
| Supabase | Database and authentication | EU (Frankfurt) |
| Vercel | Frontend hosting | EU/US |
| Railway | Backend hosting | EU |
| Stripe | Payment processing | US (DPF) |
| Anthropic (Claude) | AI content generation (research, prep, follow-up) | US (DPF) |
| Google AI (Gemini) | AI research assistance | US (DPF) |
| Google Workspace | Calendar event sync (Google Calendar API, read-only) | US (DPF) |
| Microsoft 365 | Calendar and email sync (Microsoft Graph API, read-only) | EU/US (DPF) |
| Pinecone | Knowledge base vector storage | US (DPF) |
| Voyage AI | Text embeddings for knowledge base | US (DPF) |
| Deepgram | Audio transcription | US (DPF) |
| Recall.ai | Meeting bot / AI notetaker | US |
| SendGrid (Twilio) | Transactional email delivery | US (DPF) |
| Exa | Web research and enrichment | US |
| Inngest | Background job processing | US (DPF) |
| Sentry | Error monitoring | US (DPF) |
| PostHog | Product analytics | EU |
DPF = EU-US Data Privacy Framework certified
Security Measures
We implement appropriate technical and organizational measures:
- Encryption of data in transit (TLS) and at rest (AES-256)
- Role-based access control with principle of least privilege
- Security monitoring and logging (without PII)
- Regular security reviews and updates
Cookies
We use only essential cookies:
- Essential cookies: Required for authentication and session management
- Preference cookies: Store your language preference
We do not use tracking cookies or third-party advertising cookies.
Complaints
If you believe we have not handled your personal data properly, you can lodge a complaint with your local data protection authority:
Changes to This Policy
We may update this privacy policy from time to time. We will notify you of significant changes via email or in-app notification. Continued use of the service after changes constitutes acceptance of the updated policy.
Contact Us
For privacy-related questions or to exercise your rights, contact us at: