DealAI logo
5

Privacy Policy

Last updated: 18/06/2026

1. Who We Are

This Privacy Policy explains how Numedio s.r.o. collects, uses, and protects your personal data when you use DealAI.

Data Controller:

Numedio s.r.o.

Jula Horvátha 903/36

96701 KREMNICA

SLOVAKIA - EU

Email: support@dealai.app

We are registered in the Commercial Register of the District Court Žiar nad Hronom, Section Sro, Insert No. 12345/V.

2. What Data We Collect

We collect the following categories of data:

  • Account data: email address, name, and profile information when you create an account.
  • Usage data: search queries, product uploads, deal interactions, saved products, and feature usage.
  • Device & technical data: IP address, browser type, operating system, device identifiers, and cookies.
  • Support data: messages and communications you send to our support team.

Payment data (credit card details, billing address) is processed by our payment provider, Paddle, and is not stored on our servers.

3. How We Use Your Data

We use your data for the following purposes:

  • To provide the Service: process your searches, identify products, and recommend deals.
  • To manage your account: authenticate you, track credits and subscriptions, and maintain saved products.
  • To improve the Service: analyze usage patterns, fix bugs, and develop new features.
  • For security & fraud prevention: detect and prevent unauthorized access or abuse.
  • To communicate with you: send service updates, billing notifications, and respond to support requests.

4. Legal Basis

Under GDPR, we process your data on the following legal bases:

  • Contract performance: providing the Service you signed up for.
  • Legitimate interests: improving our service, ensuring security, and preventing fraud.
  • Consent: for optional features like marketing communications (you can withdraw consent at any time).
  • Legal obligation: complying with tax, accounting, or regulatory requirements.

5. Who We Share Data With

We do not sell your personal data. We share it only with:

  • Service providers: hosting (Lovable Cloud / Supabase), analytics, error tracking, and support tools — all bound by data processing agreements.
  • Paddle (Merchant of Record): for payment processing, subscription management, tax compliance, and invoicing. Paddle acts as an independent controller for payment data.
  • Professional advisers: legal and accounting professionals, where necessary.
  • Authorities: when required by law or to protect our rights.

6. International Transfers

Your data is primarily stored within the European Economic Area (EEA). Some of our service providers may process data outside the EEA (e.g., United States). In such cases, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions, to protect your data in accordance with GDPR.

7. Data Retention

We retain your personal data for as long as necessary to provide the Service and fulfill the purposes described in this policy. Specifically:

  • Account data: retained until you delete your account or we terminate the Service.
  • Search & usage data: retained for up to 12 months for analytics and improvement, then anonymized or deleted.
  • Payment records: retained for 10 years to comply with tax and accounting obligations.
  • Support communications: retained for 3 years after the last interaction.

8. Your Rights

Under GDPR and applicable data protection laws, you have the following rights:

  • Access: request a copy of the data we hold about you.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion of your data ("right to be forgotten").
  • Restriction: limit how we process your data in certain circumstances.
  • Data portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent: where we rely on consent, you can withdraw it at any time.
  • Lodge a complaint: with the supervisory authority in your country (in Slovakia, the Office for Personal Data Protection).

To exercise any of these rights, please contact us at: support@dealai.app. We will respond within one month.

9. Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS/SSL), access controls, and regular security audits. However, no system is completely secure, and we cannot guarantee absolute security.

10. Cookies

We use cookies and similar technologies to operate the Service, remember your preferences, and analyze usage. By using the Service, you consent to our use of cookies.

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of the Service.

11. Children's Privacy

The Service is not intended for children under 16. We do not knowingly collect data from children under 16. If you believe we have collected data from a child, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. Please review this page periodically for the latest information.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us at: support@dealai.app