DealTracer
Electronic circuit board background

Privacy Policy

Last Updated: January 26, 2026

At TriSagent, LLC dba DealTracer ("we," "us," or "our"), we provide AI-driven contract monitoring for businesses ("Customers"). This policy explains how we handle data when you ("Customer" or "you") integrate our services with your business email and workflows.

1. Scope & B2B Nature

DealTracer is a Business-to-Business (B2B) service. By using the platform, you represent that you are acting on behalf of a business entity. While our services are not intended for individual consumers, we adhere to the privacy standards required by the GDPR (EU) and CCPA/CPRA (California).

2. Information We Collect

  • Account Information: Name, business email, physical address, phone number, professional title, and similar information you volunteer.
  • Financial Information: Subscription details and transaction history (processed securely via Stripe).
  • System & Usage Data: tenant_id, SaaS tool performance metrics, and IP addresses.
  • Integrations (Email & SharePoint): We connect to your business ecosystem (e.g., Google Workspace or Microsoft 365) via OAuth or IMAP.
    • Email: Our AI agents analyze emails to identify contract-related information.
    • SharePoint: Contracts identified during processing are stored back within your own Microsoft SharePoint environment.
    • Metadata: We do not store the full body or attachments of your contracts on our servers. We only extract and store metadata (e.g., contract value, renewal dates, parties, summaries) required to deliver our services. We do not store any metadata that is not visible to you in the DealTracer interface.
  • Direct Communications: We store the content of any emails, support requests, or feedback you send directly to us.
  • Cookies: We use essential cookies for security and Google Analytics to understand usage.

3. Third-Party Service Providers (Sub-processors)

We utilize SOC 2 compliant (or higher) infrastructure. We do not sell or share your data with third parties for their own commercial benefit.

  • Hosting & Infrastructure: We utilize Google Cloud Platform (GCP) as our primary launch environment. We also maintain full support for Amazon Web Services (AWS) for customers requesting specific infrastructure deployments or self-hosted VPC options. Cloudflare is used for edge security and CDN.
  • Operations & Billing: Microsoft 365 (including SharePoint), Google Workspace, Slack, HubSpot (CRM), and Stripe (Payments).
  • AI Services: OpenAI (unless you opt for the "Bring Your Own LLM" / BYOLLM configuration).
  • Analytics: Google.

4. AI Data Handling

  • No Model Training: We do not use your business metadata or private communications to train global AI models.
  • BYOLLM Option: You may choose to use your own API keys for LLM processing to maintain complete control over your data pipeline.

5. Data Retention, Location, & Sanitization

  • Service Metadata: Extracted metadata is retained for the duration of your active service agreement to power your dashboard and alerts. All metadata is permanently destroyed within 30 days of account termination.
  • Business Records: Basic account profile information, plan levels, and billing records are retained for at least 7 years for tax and legal audit requirements.
  • Support & Communications: Correspondence sent directly to us is retained indefinitely unless you explicitly request its deletion.
  • Data Sanitization & "Spillage": The Customer is responsible for ensuring only relevant contract-related data is shared with the platform. DealTracer reserves the right to charge a technical fee for the manual isolation and certified destruction of sensitive data inadvertently shared by the Customer ("Data Spillage").
  • Geography: Data is stored in the United States. For organizations with specific residency requirements, DealTracer offers regional data center selection or self-hosted deployment options.

6. Your Rights

Regardless of your location, you have the right to:

  • Access & Portability: Request a copy of the metadata we have stored.
  • Deletion: Request the removal of your account and communication history.
  • Opt-Out: Manage your cookie preferences or AI processing configurations.

To exercise these rights, please contact us at [email protected].

7. Security

We implement AES-256 encryption for data at rest and TLS 1.3 for data in transit. We conduct regular security reviews of all third-party sub-processors and maintain a "least privilege" access model for all integrations.