DealHub

Privacy Policy

Effective April 19, 2026

This Privacy Policy describes how Loki Group, Inc., a Delaware corporation ("Company", "we", "us") collects, uses, discloses, and protects information in connection with the DealHub platform and related services (the "Service"). By using the Service, you acknowledge the practices described in this Policy.

1. Information We Collect

We collect the following categories of information:

  • Account information. Name, email, organization name, and role, collected when you or your administrator creates an account. Authentication is handled by our provider Clerk.
  • Your Content. Deal records, companies, contacts, tasks, activity notes, investment theses, attachments, and other information you submit to the Service.
  • Usage data. Pages viewed, features used, approximate timing of actions, and basic device/browser metadata, collected automatically to operate and improve the Service.
  • AI interactions (paid tiers only). Prompts you submit to AI-powered features and the deal context attached to those prompts, processed by our AI provider Anthropic solely to generate responses.
  • Payment information (paid tiers only). Billing contact and payment-method details collected by our payment processor. We do not store full card numbers on our servers.

2. How We Use Information

We use the information described above to:

  • provide, maintain, and secure the Service;
  • authenticate users and enforce account, tier, and seat restrictions;
  • respond to your requests and communicate with you about the Service;
  • process payments and manage subscriptions;
  • generate AI responses to your prompts (paid tiers only);
  • diagnose and fix bugs, monitor performance, and improve reliability;
  • comply with legal obligations, resolve disputes, and enforce our agreements.

We do not sell your personal information, and we do not use Your Content to train machine-learning models that are not specific to your organization.

3. Legal Bases (EU/UK users)

Where GDPR or UK GDPR applies, we rely on the following legal bases: (a) performance of our contract with you (to provide the Service); (b) our legitimate interests (to secure, operate, and improve the Service); (c) your consent, where required; and (d) compliance with legal obligations.

4. Subprocessors

We use the following third-party subprocessors to operate the Service. Each is bound by contractual confidentiality and security obligations.

  • Clerk — authentication and user-identity management.
  • Supabase — primary database and file storage (hosted in the United States).
  • Vercel — application hosting and edge delivery.
  • Anthropic — AI model inference, used only when you invoke AI features on paid tiers.

5. Sharing & Disclosure

We share information only as needed to operate the Service or where required by law:

  • Within your organization. Other users in your organization may see Your Content based on role-based access controls configured by your administrator.
  • Subprocessors. As listed above, to provide specific Service functionality.
  • Legal requests. When compelled by valid legal process, or to protect the rights, safety, and security of the Company, our users, or the public.
  • Business transfers. In connection with a merger, acquisition, or sale of assets, subject to standard confidentiality protections.

6. Data Retention

We retain account information for as long as your account is active. Your Content is retained until you (or your administrator) delete it or your account is terminated. After termination, we retain Your Content for a reasonable export window (typically 30 days) before deletion. We may retain limited logs and backups for a longer period to meet legal, accounting, or security requirements.

7. Security

We use industry-standard measures including encryption in transit, row-level security on multi-tenant data, role-based access controls, rate limiting on all API endpoints, and input validation. No system is perfectly secure. Report any suspected vulnerability to legal@lokiequity.com.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • access and receive a copy of your personal information;
  • correct inaccurate personal information;
  • request deletion of your personal information;
  • port your personal information to another service;
  • object to or restrict certain processing; and
  • withdraw consent where processing is based on consent.

To exercise any of these rights, email legal@lokiequity.com. We will verify your identity and respond within a reasonable period consistent with applicable law. You also have the right to lodge a complaint with your local data protection authority.

9. Cookies & Session Storage

The Service uses cookies and similar technologies (such as browser session storage) solely to keep you signed in, remember your preferences (e.g., theme), and maintain security. We do not use advertising cookies. You can clear cookies at any time from your browser, though doing so may sign you out.

10. International Data Transfers

The Service is operated in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States or other countries where our subprocessors operate. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for these transfers.

11. Children

The Service is not directed to individuals under the age of 18, and we do not knowingly collect personal information from individuals under 18.

12. California Residents (CCPA/CPRA)

California residents have specific rights under the California Consumer Privacy Act and the California Privacy Rights Act, including the rights to know, delete, correct, and opt out of the sale or sharing of personal information. We do not sell personal information and do not share personal information for cross-context behavioral advertising. To exercise any California-specific right, contact legal@lokiequity.com.

13. Changes

We may update this Policy from time to time. If we make material changes, we will notify you by email or by a notice in the Service before the change takes effect.

14. Contact

Questions about this Policy, or requests related to your personal information, can be sent to legal@lokiequity.com.