Privacy Policy

1. Introduction

Lion Eye Digital Ltd ("we", "our", or "us"), trading as Dealist, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Dealist service ("Service").

By using the Service, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly when you:

• Account Registration: Email address, name, and authentication credentials (managed by Auth.js / NextAuth and, optionally, Google OAuth)
• Property Information: Property listings you save, including URLs, addresses, prices, descriptions, and images
• Notes and Comments: Any notes, tags, or comments you add to properties
• Deal Packages: Deal packages you create and share with others
• Payment Information: Billing details processed by Stripe (we do not store full payment card details)
• Support Communications: Messages you send to our support team

2.2 Information Collected Automatically

When you use the Service, we automatically collect:

• Usage Data: Pages viewed, features used, time spent, click data
• Device Information: Browser type and version, operating system, device identifiers
• Log Data: IP address, access times, error logs
• Cookies: See Section 7 for details on cookies

2.3 AI Processing Data

When you use AI-powered features:

• Property data you request to analyze is sent to third-party AI providers (Anthropic Claude and OpenAI)
• AI-generated analysis, insights, and recommendations are stored in your account
• Area intelligence data from public APIs (postcodes.io, police.uk, schools API) is cached temporarily

3. How We Use Your Information

We use collected information for:

• Providing the Service: Managing your account, saving properties, generating AI analysis
• Processing Payments: Handling subscriptions and billing through Stripe
• Improving the Service: Analyzing usage patterns to enhance features and user experience
• Customer Support: Responding to inquiries and providing technical assistance
• Security: Detecting, preventing, and addressing fraud, security issues, and technical problems
• Communications: Sending service updates, security alerts, and administrative messages
• Legal Compliance: Complying with legal obligations and enforcing our Terms of Service
• Marketing: With your consent, sending promotional materials about new features or services

4. Data Sharing and Disclosure

4.1 Third-Party Service Providers

We share information with trusted third-party service providers who assist in operating our Service:

• Google: Optional OAuth authentication, if you choose to sign in with Google
• Stripe: Payment processing and subscription management
• Neon (PostgreSQL): Database hosting and storage
• Vercel: Web hosting and infrastructure
• Anthropic Claude: AI-powered property analysis
• OpenAI: AI-powered insights and content generation

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.2 Public APIs

We access public UK data sources to enhance area intelligence:

• postcodes.io: Geographic and demographic data
• police.uk: Public crime statistics
• Schools API: Educational facility information

These are read-only queries; we do not share your personal data with these services.

4.3 Deal Package Sharing

When you create and share a deal package, you explicitly choose to make specific property data accessible to others via a shareable link. This is an intentional sharing action initiated by you.

4.4 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (subpoenas, court orders, warrants)
• Government or regulatory requests for information
• Situations involving potential threats to safety or security
• Protection of our rights, property, or safety

4.5 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

4.6 No Sale of Personal Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

5. Data Storage and Security

5.1 Data Location

Your data is stored in secure data centers located in the European Union (primarily London, UK region via Neon and Vercel). By using the Service, you consent to the transfer and storage of your information in these locations.

5.2 Security Measures

We implement industry-standard security measures to protect your information:

• Encryption in transit (HTTPS/TLS)
• Encryption at rest for sensitive data
• Regular security audits and vulnerability assessments
• Access controls and authentication requirements
• Secure API key management
• Database connection pooling with SSL
• Content Security Policy (CSP) headers
• CORS protection

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5.3 Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specific retention periods:

• Account Data: Retained until you delete your account
• Property Data: Retained until you delete properties or your account
• Billing Records: Retained for 7 years for tax and accounting purposes
• Log Data: Retained for 90 days for security and troubleshooting
• Backup Data: May persist in backups for up to 30 days after deletion

6. Your Rights and Choices

6.1 GDPR Rights (UK and EU Users)

Under the UK GDPR and EU GDPR, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restriction: Restrict processing of your data in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing of your data
• Right to Withdraw Consent: Withdraw consent for data processing at any time
• Right to Lodge a Complaint: File a complaint with the Information Commissioner's Office (ICO)

6.2 Exercising Your Rights

To exercise any of these rights:

• Account Settings: Update personal information directly in your account
• Data Export: Use the data export feature in your account settings
• Account Deletion: Delete your account from settings (permanent action)
• Contact Us: Email support@dealist.co.uk for assistance with data requests

We will respond to valid requests within 30 days as required by GDPR.

6.3 Marketing Communications

You can opt out of marketing emails by:

• Clicking "unsubscribe" in any marketing email
• Updating your communication preferences in account settings
• Contacting us at support@dealist.co.uk

Note: You cannot opt out of service-related communications (account notifications, security alerts, billing updates).

7. Cookies and Tracking Technologies

7.1 What Are Cookies

Cookies are small text files stored on your device by your web browser. We use cookies and similar technologies to provide and improve the Service.

7.2 Types of Cookies We Use

• Essential Cookies: Required for authentication and core functionality (cannot be disabled)
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how you use the Service to improve it

7.3 Cookie Management

You can control cookies through:

• Your browser settings (to block or delete cookies)
• Our cookie consent banner (where applicable for non-essential cookies)

Note: Disabling essential cookies may prevent you from using certain features of the Service.

7.4 Third-Party Cookies

Some third-party services we use (Stripe, Vercel, Google OAuth) may set their own cookies. We do not control these cookies. Please refer to those services' privacy policies for information on their cookie practices.

8. Children's Privacy

Our Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us, and we will take steps to delete such information.

9. International Users

While our Service is primarily designed for UK users, we may accept users from other jurisdictions. By using the Service from outside the UK, you consent to the transfer of your data to the UK and EU for processing and storage as described in this policy.

We comply with applicable data protection laws, including GDPR for EU users and UK GDPR for UK users.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on this page
• Updating the "Last updated" date
• Sending an email notification for significant changes (where we have your email)

Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

11. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

• Contract: Processing necessary to provide the Service you've signed up for
• Legitimate Interests: Improving our Service, security, fraud prevention
• Consent: Marketing communications (where you've opted in)
• Legal Obligation: Compliance with laws and regulations

12. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Supervisory Authority:
If you are based in the UK or EU and believe we have not addressed your concerns adequately, you have the right to lodge a complaint with your local data protection authority. For UK users: