Last updated: May 20, 2026Version 2026-05-20

Privacy Policy

This Privacy Policy explains how Ved Dhimantkumar Thakar, operating DealFlow OS ("DealFlow OS," "we," "us," or "our"), collects, uses, stores, shares, and protects information when you use our website and services at https://dealflowos.dev/ and any related pages or services that link to this Privacy Policy.

DealFlow OS is a startup tracking and dealflow intelligence platform built for VC firms, analysts, scouts, and investors. It helps teams monitor startups over time, track public traction signals such as hiring, funding, product updates, GitHub activity, and news, manage watchlists, generate AI-assisted research summaries, and organize startup interactions.

By using DealFlow OS, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Services. For privacy questions, contact ved06.thakar@gmail.com.

Terms of Service · Data corrections

Key points

  • We collect account information, workspace information, technical usage data, and information users choose to enter.
  • DealFlow OS is designed for business and startup research — not for storing highly sensitive personal information.
  • Private workspace access is invite-only for approved users and firms.
  • Keep private workspace notes metadata-only; do not enter confidential deal terms, valuations, private diligence, full transcripts, or sensitive personal information.
  • We do not sell personal information.
  • We disclose information to service providers that help us operate the Services (Supabase, Vercel, Groq, Google Custom Search, GitHub, and others).
  • AI outputs may be incomplete or inaccurate and should be independently verified.
  • DealFlow OS does not provide financial, legal, tax, investment, or professional advice.
  • We use reasonable safeguards, but no system can be guaranteed 100% secure.

1. Information We Collect

Information you provide

We may collect information that you provide directly, including:

  • email address;
  • username or account identifier;
  • authentication and account information;
  • workspace membership information;
  • firm or team information;
  • event metadata;
  • watchlists and startup tracking information;
  • startup interaction metadata;
  • founder or company contact information that users choose to enter;
  • user-submitted notes, prompts, summaries, and other workspace content;
  • legal acceptance records;
  • support, privacy, deletion, or correction requests.

Private workspace content

DealFlow OS includes private workspace features for approved users and firms. Private workspace content may include events, startup interactions, watchlists, saved summaries, contact metadata, AI-generated outputs, and related workflow information.

For launch, private workspace notes should be kept metadata-only. Users should not enter confidential deal terms, valuations, private diligence, full conversation transcripts, sensitive founder/company information, financial account information, government identification numbers, passwords, health information, or other sensitive personal information.

Examples of acceptable metadata-only notes include:

  • "Follow up next week"
  • "Met founder at BC Web Summit"
  • "Interested in AI infrastructure"
  • "Send intro to partner"
  • "Founder: John, Company: ExampleAI"
  • "Asked for deck"

Recording and transcription features

DealFlow OS may include browser-based recording or transcription workflows. We do not store raw audio or full live transcripts from the recording workflow on our servers.

Live transcript text may exist temporarily in the browser. If you choose to click Generate, Extract, or a similar AI action, the text you submit may be sent to our AI provider to generate structured summaries, extracted fields, or notes. We may save the resulting structured output or user-approved summary, but we do not intend to store the full raw transcript on our servers.

Users are responsible for obtaining any required consent before recording, transcribing, or submitting conversation content.

Information collected automatically

When you use the Services, we may automatically collect limited technical and usage information, including:

  • IP address;
  • browser type and settings;
  • device type;
  • operating system;
  • referring URLs;
  • pages viewed;
  • timestamps;
  • feature usage;
  • diagnostic and performance information;
  • approximate location derived from IP address.

We do not collect precise GPS location unless we separately ask for permission.

Public startup and company data

DealFlow OS collects and processes public startup and company information from public sources and third-party services. This may include company names, public websites, hiring signals, funding-related information, GitHub activity, public news, product updates, source URLs, public evidence snippets, and related startup research signals.

Public startup data may be incomplete, outdated, inaccurate, or based on third-party sources. Users must independently verify information before relying on it.

2. How We Use Information

We use information to:

  • create and manage user accounts;
  • authenticate users;
  • enforce invite-only private workspace access;
  • provide and operate the Services;
  • manage events, watchlists, startup interactions, and workspace settings;
  • generate AI-assisted summaries, research outputs, and structured information when users request those features;
  • analyze usage trends and improve the Services;
  • protect the Services from abuse, fraud, unauthorized access, and security threats;
  • debug technical issues and improve reliability;
  • send administrative information about the Services, legal terms, or policy updates;
  • respond to user inquiries, privacy requests, deletion requests, and correction requests;
  • comply with legal obligations and enforce our agreements.

We do not use the Services to make automated investment decisions for users.

4. AI Processing

DealFlow OS offers AI-assisted features, including:

  • startup research summaries;
  • AI insights;
  • public evidence summarization;
  • structured information extraction;
  • AI-assisted document or memo generation;
  • startup signal analysis.

We use third-party AI providers, including Groq, to provide these features.

When you click Generate, Extract, or similar AI actions, the information you submit may be sent to our AI provider. This may include user-submitted notes, prompts, public evidence, startup information, or other content needed to generate the requested output.

AI outputs may be incomplete, outdated, or inaccurate. Users are responsible for reviewing and verifying AI outputs before relying on them. AI outputs are not financial, legal, tax, investment, or professional advice.

Do not submit confidential deal terms, full transcripts, sensitive personal information, private diligence, or unauthorized third-party information into AI features.

5. Sharing of Information

We do not sell personal information.

We may disclose information to service providers that help us operate the Services. These providers process information on our behalf for purposes such as hosting, authentication, database storage, analytics, AI processing, public startup research, security, email delivery, and support.

ProviderPurpose
SupabaseAuthentication, database, backend infrastructure
Supabase AuthAccount registration and authentication
VercelWebsite hosting, infrastructure, deployment, logs
Vercel AnalyticsBasic usage analytics and performance insights
GroqAI-generated summaries, extraction, and research outputs
Google Custom SearchPublic web research and startup evidence discovery
GitHub APIPublic repository and company signal research
Resend, if enabledAdministrative emails and notifications

We may also disclose information:

  • during a merger, acquisition, financing, sale of assets, or similar business transaction;
  • to comply with law, court orders, or legal process;
  • to protect rights, safety, security, and prevent abuse;
  • with your consent or at your direction.

6. Cookies and Similar Technologies

We use cookies and similar technologies to operate DealFlow OS, keep users signed in, remember legal acceptance preferences, secure private workspace access, and understand basic usage of the Services.

These may include:

  • authentication/session cookies;
  • legal acceptance cookies;
  • functional cookies;
  • analytics or performance technologies such as Vercel Analytics.

We do not use targeting cookies, retargeting pixels, advertising cookies, or social media tracking plugins.

You can control cookies through your browser settings. Disabling certain cookies may prevent parts of the Services, such as login or private workspace access, from working properly.

7. International Transfers

We may transfer, store, and process information in countries other than where you are located, including Canada, the United States, and other countries where our service providers operate.

These countries may have data protection laws that differ from those in your jurisdiction. Where required, we rely on appropriate safeguards such as contractual protections and Standard Contractual Clauses.

8. Data Retention

We retain personal information for as long as necessary to provide the Services, maintain user accounts and workspaces, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and operate backups or audit logs.

When we no longer have a legitimate need to process personal information, we will delete, anonymize, or securely isolate it where possible.

Users may request deletion of their account or certain workspace data by contacting us at ved06.thakar@gmail.com.

9. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect personal information.

These safeguards may include authentication controls, private route protection, Supabase row-level security, invite-only private workspace access, service-role restrictions, security headers, encrypted private workspace fields where implemented, transcript storage minimization, and operational security controls.

Some private workspace metadata may be encrypted at rest to reduce database-breach exposure. This encryption helps protect against database-only leaks, but it is not full end-to-end encryption unless we explicitly state otherwise. Our application server may still decrypt certain information when needed to provide the Services to authorized users.

No method of transmission or storage is completely secure. We cannot guarantee absolute security.

10. User Rights and Choices

Depending on where you live, you may have rights to:

  • access personal information we hold about you;
  • correct inaccurate information;
  • request deletion of personal information;
  • request a copy of your information;
  • object to or restrict certain processing;
  • withdraw consent where processing is based on consent;
  • appeal a privacy request decision where applicable.

To exercise privacy rights, contact ved06.thakar@gmail.com. We may need to verify your identity before processing your request.

Signed-in users can also delete their account from Team → Account. For workspace-wide deletion or public company corrections, see our data corrections page.

11. Public Data Corrections and Removal Requests

DealFlow OS may display public startup and company information from third-party or public sources. If you believe public company data, founder/contact information, startup evidence, or AI-generated summaries are inaccurate, outdated, or should be corrected or removed, contact ved06.thakar@gmail.com.

We will review correction and removal requests in accordance with applicable law and our operational capabilities.

12. United States Privacy Rights

If you are a resident of certain U.S. states, you may have specific privacy rights under applicable state laws. These rights may include the right to know, access, correct, delete, obtain a copy of, or opt out of certain uses of personal information.

We do not sell personal information. We do not use personal information for targeted advertising or profiling that produces legal or similarly significant effects.

To exercise U.S. privacy rights, contact ved06.thakar@gmail.com.

13. Do-Not-Track and Global Privacy Control

Some browsers offer Do-Not-Track signals. There is currently no uniform standard for responding to Do-Not-Track signals, and we do not respond to them at this time.

We do not currently have Global Privacy Control enabled unless stated otherwise.

14. Children's Privacy

DealFlow OS is not intended for children. We do not knowingly collect personal information from children under 13, or under the applicable age required by local law.

If you believe a child has provided personal information to us, contact ved06.thakar@gmail.com.

15. No Investment Advice

DealFlow OS provides startup research, public evidence, AI-generated summaries, and workflow tools for informational purposes only.

Data may be incomplete, outdated, inaccurate, or based on third-party/public sources. Nothing in DealFlow OS is financial, legal, tax, investment, or professional advice. Users must independently verify all information before making decisions.

16. Updates to This Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Last updated" date.

If we make material changes, we may notify users by posting a notice or by other appropriate means.

17. Contact

For questions, privacy requests, correction requests, deletion requests, or concerns, contact:

Ved Dhimantkumar Thakar
Email: ved06.thakar@gmail.com