Privacy Policy

Last updated: May 2026 · DealForge by Polsia, Inc.

DealForge ("we", "us", or "our") is a B2B sales prospecting tool. This policy explains what data we collect, how we use it, and your rights — including rights under the California Consumer Privacy Act (CCPA).

What We Collect

When you use DealForge, we collect:

Account data: your email address, subscription plan, and settings
Prospect data: business contact information you import or that our AI discovers
Usage data: features you use, pages you visit, and actions you take
Email delivery data: delivery, open, and click events from outreach emails sent via SendGrid
Voice data (Closer plan): audio samples you upload for voice cloning; stored encrypted on R2
Payment data: Stripe handles payment processing — we store only subscription status, not card details

How We Use Your Data

Providing the DealForge service and generating AI insights
Sending transactional emails (receipts, trial updates, feature notifications)
Improving accuracy of lead scoring and AI email drafts
Compliance with CAN-SPAM, CCPA, and TCPA obligations

Data Sharing

We do not sell your personal data. We share data only with service providers necessary to operate DealForge: Neon (database), Render (hosting), SendGrid (email delivery), Stripe (payments), Hunter.io and ZeroBounce (email verification), and xAI (voice agent).

Your CCPA Rights (California Residents)

California residents have the right to know what personal data we hold, request deletion of their data, and opt out of data sales (we do not sell data). To exercise any of these rights, submit a deletion request below.

Right to know: email privacy@dealforge.diy to request a data summary
Right to delete: Submit a deletion request →
Right to opt out of sale: we don't sell data — nothing to opt out of
Non-discrimination: we will not penalize you for exercising privacy rights

We will respond to verified requests within 45 days as required by CCPA.

Data Retention

Account data is retained while your account is active and for 30 days after deletion. Prospect data, email logs, and voice call records are retained for 12 months. Immutable compliance logs (voice consent, TCPA opt-out) are retained for 3 years.

Security

All OAuth tokens and API keys are encrypted with AES-256-GCM. All database connections use TLS. Sandbox environments enforce strict env isolation to prevent credential leakage.

Contact

Privacy questions: privacy@dealforge.diy
General support: Contact form