Data Security & Compliance

Security and privacy are foundational to dealmkr. Our platform is built to protect sensitive CRM data, communication data, AI-generated content, and company information.

1. Security Overview

dealmkr uses a modern, defense-in-depth security architecture based on:

  • Zero-trust principles
  • Isolation between customers
  • Strong encryption
  • Continuous monitoring
  • Least-privilege access control

We treat your data with the highest level of care.

2. Data Hosting & Residency

We provide regional data hosting to meet compliance requirements:

  • EU customers: Data stored exclusively in EU data centers
  • US customers: Data stored in US-based data centers

No cross-region transfers occur without explicit approval.

3. Encryption Standards

3.1 Encryption In Transit

All data is encrypted using TLS 1.2+.

3.2 Encryption At Rest

All databases, storage buckets, vector stores, and metadata are encrypted using AES-256.

3.3 Secrets Management

OAuth tokens, API keys, and credentials are stored in encrypted vaulted environments.

4. Access Controls

  • Role-based access (RBAC)
  • No standing internal access to customer data
  • Access granted only for support and only with customer approval
  • All admin access is logged and monitored
  • SSO supported (Google, Microsoft, SAML on request)

5. Application Security

5.1 Secure Development Practices

  • Privacy by design
  • Peer-reviewed code
  • Automated security scanning
  • CI/CD pipelines with mandatory checks

5.2 Vulnerability Management

  • Regular penetration testing
  • Dependency monitoring
  • Fast patching of critical vulnerabilities

6. AI & Model Security

6.1 Your Data Is Never Used to Train External Models

AI partners (e.g., OpenAI) process your data only to generate responses. They cannot train on or retain your data.

6.2 Tenant Isolation

Each customer has isolated:

  • Vector embeddings
  • Metadata
  • Retrieval logic

6.3 Secure AI Processing

  • Data minimization applied at prompt level
  • Secure API calls with strict authorization
  • No long-term storage by model providers

7. Integrations & API Security

dealmkr integrates securely with:

  • HubSpot
  • Salesforce
  • Google Workspace
  • Microsoft 365
  • Email, calendar, and communication tools

OAuth2 is used for authentication. We never store CRM or email passwords.

8. Data Processing (GDPR / UK-GDPR)

dealmkr acts as:

  • Data Processor: For CRM data, emails, documents, transcripts
  • Data Controller: For account info, billing, and platform analytics

A full Data Processing Agreement (DPA) is available upon request or automatically applies to EU/UK accounts.

Processor obligations include:

  • Processing only based on customer instructions
  • Ensuring confidentiality
  • Implementing strong technical and organizational measures
  • Supporting data subject rights
  • Assisting with DPIAs
  • Breach notifications
  • Secure deletion upon termination

9. International Data Transfers

Where international transfers occur, dealmkr relies on:

  • Standard Contractual Clauses (SCCs)
  • UK IDTA/Addendum
  • Adequacy decisions
  • Strong additional encryption

10. Incident Response

Our incident response program includes:

  • 24/7 monitoring
  • Automated security alerts
  • Rapid detection and containment
  • Root cause analysis
  • Timely customer communication (GDPR compliant)

11. Business Continuity

  • Daily encrypted backups
  • Redundant infrastructure
  • Disaster recovery and failover mechanisms
  • Business continuity testing

12. Customer-Controlled Data Management

Customers can:

  • Disconnect integrations at any time
  • Delete emails, transcripts, and documents
  • Export deal data
  • Request permanent deletion of all platform data
  • Manage user permissions and SSO enforcement

13. Contact

For security, compliance, or data protection questions, contact us at hello@getdealmkr.com