Privacy Policy
Effective Date: March 27, 2026 · Last Updated: March 27, 2026
Dealton is a product of GeoMet AI Inc., a corporation incorporated under the laws of the Province of Ontario, Canada ("we", "us", or "our"). We operate the Dealton platform at dealton.ai and app.dealton.ai (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
1. Information We Collect
1.1 Account Information
When you sign in via Google OAuth, we receive:
- Your name and email address from your Google profile
- Your organization's domain (derived from your email)
1.2 Email Data (Gmail Integration)
With your explicit consent via Google OAuth, we access your Gmail account to:
- Read and index email threads relevant to your sales pipeline
- Draft and send emails on your behalf
- Categorize and route conversations to client-specific views
We request the following Gmail API scopes: gmail.readonly, gmail.modify, and gmail.compose. We only process business-related emails that are relevant to your CRM workflows.
1.3 Calendar Data
With your consent, we access Google Calendar to display upcoming meetings and sync scheduling context. Certain features, such as "Create Strategy Call", may create calendar events on your behalf to schedule internal calls. You control which events are created through explicit action within the Service.
1.4 Voice and Call Data
When you use our AI sales call agent ("George"), we process:
- Live audio transcriptions of calls you join
- Text-to-speech responses generated during calls
- Call session metadata (duration, participant count)
Call participants are informed of AI assistance and recording at the start of each session. Transcription data is processed in real time and retained as part of your CRM records.
1.5 Email Tracking Data
When you send tracked emails through Dealton, we collect the following data about your email recipients:
- Email open events (via a tracking pixel)
- Link click events
- Approximate geographic location (city/region level, via IP address lookup)
- Device type and email client (via user agent)
This data is collected to provide you with engagement analytics for your outbound sales communications.
1.6 CRM and Contact Data
You may store the following in your Dealton workspace:
- Contact names, email addresses, titles, and company affiliations
- Deal stages, pipeline status, and lead scores
- Notes, client profiles, and marketing materials
1.7 Payment Information
Payment processing is handled entirely by Stripe. We store your Stripe customer ID and subscription metadata (plan tier, seat count) but never store credit card numbers or full payment credentials on our servers.
1.8 Usage and Log Data
We automatically collect:
- API usage logs (feature usage, request timestamps)
- Session identifiers and authentication tokens
- Error logs for debugging and service improvement
2. How We Use Your Information
| Purpose | Legal Basis |
|---|---|
| Provide and operate the CRM Service | Performance of contract |
| Process and display your email threads | Your consent (Google OAuth) |
| Generate AI-assisted email drafts and summaries | Performance of contract |
| Transcribe and facilitate AI-assisted sales calls | Performance of contract / consent |
| Provide email engagement analytics | Legitimate interest |
| Process payments and manage subscriptions | Performance of contract |
| Improve and maintain the Service | Legitimate interest |
| Respond to support and contact requests | Legitimate interest |
3. Google API Services — Limited Use Disclosure
Dealton's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
- We only use Google user data to provide and improve the user-facing features of the Service that are visible to you.
- We do not transfer Google user data to third parties except as necessary to provide the Service, as required by law, or with your explicit consent.
- We do not use Google user data for serving advertisements.
- We do not allow humans to read your Google user data unless: (a) we have your affirmative consent, (b) it is necessary for security purposes, (c) it is necessary to comply with applicable law, or (d) our use is limited to internal operations and the data has been aggregated and anonymized.
4. Third-Party Service Providers
We share data with the following categories of service providers, solely to operate the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Google Cloud Platform | Infrastructure, data storage, authentication | All Service data (encrypted at rest) |
| Anthropic (Claude AI) | Email summarization, AI-assisted drafting, call context analysis | Email content, conversation context |
| Deepgram | Speech-to-text transcription | Call audio streams |
| ElevenLabs / Cartesia | Text-to-speech voice synthesis | Generated response text |
| Stripe | Payment processing | Billing details, subscription metadata |
| ip-api.com | IP geolocation for email tracking analytics | IP addresses of email recipients |
We require all sub-processors to maintain appropriate security measures and to process data only as instructed by us.
5. Data Storage and Security
- Storage location: Your data is stored on Google Cloud Platform infrastructure located in the United States.
- Encryption: Data is encrypted in transit (TLS 1.2+) and at rest (AES-256 via GCP).
- Access controls: Application-level authentication with session tokens. Organization data is isolated by company domain.
- Credential storage: OAuth refresh tokens are stored server-side and are never exposed to the client.
While we implement industry-standard security measures, no system is 100% secure. We cannot guarantee absolute security of your data.
6. Data Retention
- Active accounts: Your data is retained for as long as your account is active and your subscription is current.
- After cancellation: We retain your data for 90 days following account cancellation to allow for reactivation. After this period, your data is permanently deleted from our systems.
- Backups: Residual copies in encrypted backups may persist for up to 30 days after deletion.
- Legal obligations: We may retain certain data longer if required by law or to resolve disputes.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Delete your personal data ("right to be forgotten")
- Export your data in a portable format
- Revoke consent for Google API access at any time via your Google Account permissions
- Object to processing based on legitimate interest
To exercise any of these rights, contact us at daniel@dealton.ai.
8. Revoking Google Access
You can revoke Dealton's access to your Google account at any time:
- Visit Google Account Permissions
- Find "Dealton" in the list of connected apps
- Click "Remove Access"
Revoking access will stop all Gmail and Calendar integrations. Previously ingested data will be deleted according to our retention policy, or immediately upon your request.
9. Children's Privacy
The Service is intended for business use by individuals aged 18 and older. We do not knowingly collect data from anyone under 18. If we learn that we have collected personal data from a person under 18, we will delete it promptly.
10. International Data Transfers
GeoMet AI Inc. is based in Ontario, Canada. Your data is stored and processed on infrastructure located in the United States. By using the Service, you consent to the transfer of your data to the United States. We ensure appropriate safeguards are in place in accordance with applicable Canadian and international data protection laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA).
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at:
- Email: daniel@dealton.ai
- Web: dealton.ai/contact