DealFilter
Privacy

Privacy Policy.

Last updated · May 13, 2026

DealFilter is a tool for venture investors that scores inbound founder pitches against your fund’s thesis. To do that we read email, run it through AI models, and surface the results in your dashboard. This page explains exactly what we collect, why, who we share it with, and what control you have.

Plain version: we collect only what we need to run the product, we don’t sell anything to anyone, and we don’t send marketing email. If anything below isn’t clear, email hello@dealfilter.io.

1. Who this applies to

This policy applies to anyone who signs up for DealFilter at dealfilter.io or uses any of the apps, dashboards, or APIs we offer. By creating an account or connecting an inbox you agree to the practices described here.

2. What we collect

Account information

When you create an account we collect your email, first and last name, firm name, and self-reported role. Passwords are hashed and salted by Supabase Auth; we never see them in plaintext.

Inbox content (only what you grant)

If you connect a Gmail or Microsoft 365 mailbox via OAuth, we request read-only access to message headers and bodies. We use that access strictly to identify founder pitches and extract signal from them.

  • We do not read non-pitch email. A heuristic filter rejects most mail before a single line is sent to an AI model.
  • Rejected emails are dropped immediately and never stored.
  • Pitches we accept are stored in your firm’s isolated database row with row-level security; no other firm can read them.
  • You can disconnect an inbox at any time from Settings → Connections. We stop fetching new mail immediately and you can request deletion of historical data.

Usage data

We log basic product analytics — which pages you visit, which actions you take inside the dashboard — to debug issues and improve the product. We do not use this data for advertising and do not share it with third-party trackers.

3. How we use what we collect

  • To run the product: score pitches, render your dashboard, deliver your daily digest, surface follow-on activity.
  • To improve the product: aggregate, de-identified usage signals tell us which features matter. We never use your firm’s pitch content to train AI models.
  • To support you: email you about account issues, billing, and critical product changes. Operational only — no marketing newsletters.
  • To comply with legal obligations and protect the service from abuse.

4. Who we share data with

We share data with a small set of infrastructure providers, each bound by contract to keep it confidential and use it only for the purpose we specify. These are:

  • Supabase — hosts the database, authentication, and storage.
  • Vercel — hosts the web application and runs serverless functions.
  • Anthropic — provides the Claude AI models that classify pitches and write briefings. Anthropic does not retain or train on content sent via API.
  • Resend — delivers transactional email (verification, password reset, daily digest).
  • Google / Microsoft — when you connect a mailbox, the OAuth handshake involves the respective provider; subsequent API calls retrieve messages on your behalf.

We do not sell, rent, or trade your data. We do not share data with advertisers, data brokers, or other VC firms.

5. Use of Google user data (limited-use disclosure)

DealFilter’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

  • We only use Google user data to provide and improve features visible to the GP in the DealFilter dashboard.
  • We do not transfer Google user data to third parties except as necessary to provide the service (the infrastructure providers listed above) or as required by law.
  • We do not use Google user data for serving ads.
  • We do not allow humans to read Google user data unless we have your explicit consent for specific messages, it is necessary for security purposes, or it is required by law.

6. Data retention

Pitches and scoring outputs are retained for as long as your account is active so you can review historical decisions. Raw email-queue rows that don’t become pitches are dropped within 30 days. If you delete your account we delete all of your firm’s data within 30 days, except where retention is legally required.

7. Security

We use industry-standard practices: TLS for all traffic, AES-256 encryption at rest for sensitive fields, OAuth tokens encrypted with project-specific keys, row-level security on every table. No system is perfectly secure, but we treat your data the way we’d expect our own to be treated.

8. Your rights

Depending on where you live, you may have rights to access, correct, export, or delete the data we hold about you. You can exercise most of these directly from Settings. For anything that isn’t available in the UI, email hello@dealfilter.io and we’ll respond within 30 days.

9. Children

DealFilter is for professional investors. We do not knowingly collect data from anyone under 18.

10. Changes to this policy

When we make material changes, we’ll update the “last updated” date at the top and, for changes that meaningfully affect your rights, send a notice to the email on your account.

11. Contact

Questions, concerns, or requests: hello@dealfilter.io.