Privacy policy.

How Ryan Dunn LLC (doing business as DealStringer) collects, uses, shares, and protects information.

§ 01Scope and Who We Are

This Privacy Policy applies to information we collect:

• From subscribers and prospective subscribers ("Subscriber Information")
• About business professionals included in our business intelligence database ("Business Contact Information")

For purposes of GDPR, UK GDPR, and similar laws, Ryan Dunn LLC acts as data controller for both Subscriber Information and Business Contact Information.

§ 02Information We Collect

Subscriber Information. We collect:

• Name, work email, employer, job title
• Billing and subscription information
• Information you submit through The Brief
• Account and usage data
• Support communications
• Technical information (IP address, browser type, device information, log timestamps, session metadata)

Business Contact Information. As part of operating the Service, we maintain a database of business contact and professional activity information about business professionals at organizations. This may include:

• Professional name and job title
• Employer affiliation and work history
• Business email and business phone (where lawfully available)
• Publicly available professional activity
• Publicly available business signals (job postings, funding announcements, press releases, RFPs)

We obtain Business Contact Information from: public corporate filings, government records, press releases, corporate websites, RFP and procurement postings, publicly available professional profiles (in compliance with applicable terms of service), and licensed third-party data providers who represent that they have obtained the data lawfully.

§ 03How We Use Information

Subscriber Information is used to:

• Provide, personalize, and improve the Service
• Process payments and manage subscriptions
• Detect abuse, fraud, or security issues
• Respond to support requests
• Comply with legal obligations
• Send service and (where permitted) marketing communications

Business Contact Information is used to:

• Curate The File for subscribers
• Match business signals and intelligence to subscriber briefs
• Maintain data quality

We do not:

• Sell Subscriber personal information
• Use one subscriber's Brief to enrich another subscriber's File
• Use Business Contact Information to make decisions about individuals' credit, employment, housing, insurance, or other matters governed by the FCRA or similar laws
• Use the Service to perform automated decision-making producing legal or similarly significant effects on individuals

§ 04Lawful Bases for Processing (GDPR / UK GDPR)

Where GDPR or UK GDPR applies, our lawful bases are:

• Contract performance for processing Subscriber Information
• Legitimate interests for processing Business Contact Information for B2B sales research, balanced against data subject rights as described in Section 7 and Section 8
• Legal obligation for tax, accounting, fraud prevention, and regulatory compliance
• Consent where required (e.g., certain marketing communications)

You may withdraw consent at any time. Withdrawal does not affect the lawfulness of prior processing.

§ 05Sharing and Service Providers

We share information only as necessary to operate the Service. Categories of service providers include:

• Stripe for billing and payment processing
• Email delivery providers for sending The File and transactional emails
• Cloud hosting and infrastructure providers including Microsoft Azure
• Analytics and security providers
• Licensed business intelligence data providers

Service providers are bound by contractual obligations to use information only for authorized purposes and to maintain appropriate security.

We may also disclose information (a) to comply with legal obligations or lawful requests, (b) to protect rights, security, or property, or (c) in connection with a merger, acquisition, financing, or sale of assets (with notice to affected individuals where required by law).

We do not sell personal information as defined by the CCPA and analogous laws.

§ 06Data Retention

We retain information only as long as necessary for the purposes described in this Policy or as required by law:

• Active Subscriber data: for the duration of the subscription, plus 30 days
• Billing and tax records: 7 years (required by U.S. tax law)
• Support correspondence: 2 years
• Security and operational logs: up to 12 months
• Business Contact Information: continuously refreshed; outdated records purged within 90 days of identification
• Suppression list (opt-out requests): retained indefinitely to honor opt-out requests

After applicable retention periods, we delete or de-identify information unless legally required to retain it.

§ 07Your Privacy Rights

Depending on your location, you may have rights regarding your personal information.

All Individuals. You may request access to, correction of, or deletion of your personal information by emailing privacy@dealstringer.com. We will verify your identity and respond within the timeframe required by applicable law (generally 30 to 45 days).

California Residents (CCPA / CPRA). You have rights to know, access, delete, correct, limit use of sensitive personal information, and opt out of any "sale" or "sharing" (as defined by the CCPA). We do not sell or share personal information as defined by the CCPA. To exercise rights, email privacy@dealstringer.com or use the "Your Privacy Choices" link in our Service footer. You may designate an authorized agent. We will not discriminate against you for exercising your rights.

EU / UK / EEA Residents (GDPR / UK GDPR). You have rights of access, rectification, erasure, restriction of processing, data portability, objection to processing (including profiling), and to lodge a complaint with your supervisory authority. To exercise rights, email privacy@dealstringer.com. You have the right to object to processing based on our legitimate interests; if you object, we will cease processing your Business Contact Information unless we demonstrate compelling legitimate grounds that override your rights.

Other U.S. States. Residents of Virginia, Colorado, Connecticut, Utah, Texas, and other states with comprehensive privacy laws have similar rights and may exercise them through the same channels.

§ 08Business Contact Opt-Out and Suppression

If your business contact information appears in our database, you may:

• Request a copy of the information we hold about you
• Request correction of inaccurate information
• Request deletion or permanent suppression from future processing

Submit requests to privacy@dealstringer.com. We will honor verified suppression requests by adding your record to a permanent suppression list to ensure your information is not re-added by future data refreshes. We will respond within 30 days. We may request reasonable identity verification.

Article 14 Notice (GDPR / UK GDPR). Where we collect Business Contact Information from sources other than the data subject, we provide notice in compliance with Article 14 through this Privacy Policy and, where required, through direct notification. If you are an EU/UK data subject whose information appears in our database and you have not received direct notice, contacting privacy@dealstringer.com will provide you with full Article 14 disclosure.

§ 09Cookies and Analytics

We use:

• Essential cookies for authentication and session management
• Limited analytics cookies to understand aggregate site usage

We do not use advertising cookies, retargeting pixels, or cross-context behavioral advertising.

You can manage cookies through your browser settings.

§ 10Security

We use commercially reasonable safeguards, including:

• Encryption in transit (TLS 1.2+) and at rest
• Role-based access controls
• Segregated production environments
• Logging and monitoring
• Regular security review

Breach Notification. In the event of a security incident affecting your personal information, we will notify you and applicable authorities as required by law, generally within 72 hours of discovery for incidents affecting EU/UK data subjects and as soon as practicable under applicable U.S. state law.

No security system is completely secure, and we cannot guarantee absolute security.

§ 11International Data Transfers

DealStringer operates from the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the U.S.

For transfers from the EU, UK, or Switzerland to the U.S., we rely on:

• Standard Contractual Clauses approved by the European Commission and UK ICO
• Supplementary measures including encryption and access controls
• Other valid transfer mechanisms as applicable law evolves

You may request a copy of our SCCs by emailing privacy@dealstringer.com.

§ 12Children's Privacy

The Service is intended for business use by adults. We do not knowingly collect information from individuals under 18. If we discover we have collected information from a person under 18, we will delete it.

§ 13Data Broker Registration

Where required by state law, DealStringer registers as a data broker. Current registrations:

• California: [Registration ID to be added]
• Vermont: [Registration ID to be added]
• Texas: [Registration ID to be added]
• Oregon: [Registration ID to be added]

§ 14Enterprise Customers, Data Processing Addendum

For enterprise customers requiring a Data Processing Addendum ("DPA") for GDPR Article 28 or analogous compliance, contact legal@dealstringer.com.

§ 15Changes to This Policy

We will post material changes at least 30 days before they take effect and notify active subscribers by email.

§ 16Contact

EU Representative (if applicable): [If processing EU data subjects' information at scale, an EU representative under GDPR Article 27 will be designated and listed here.]