Deal It Privacy Policy

Last Updated: November 1, 2025

(Original Korean version shall prevail in case of conflict.)

1. Introduction

This Privacy Policy explains how Glancey Co., Ltd. ("we," "us," or "the Company") collects, uses, and protects your personal information when you use Deal It, our AI-powered trade document generation and verification platform (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

Account Information

  • Email address: Required for account creation and communication
  • Password: Encrypted and stored securely
  • Name or organization information: Optional, used to optimize your service experience

Service Usage Data

  • Documents and trade data you input into the Service
  • Generated documents and verification reports
  • Usage patterns and service interactions
  • Team and organization information (when using team features)

Email Integration Data (Gmail)

If you choose to integrate your Gmail account, we collect and process the following information:

  • Email content: subject, body (text and HTML), sender, recipients, and metadata
  • Email attachments: files attached to emails are stored and analyzed for trade document extraction
  • Google OAuth tokens: securely stored to access your Gmail account (you can revoke access at any time)
  • Email participants: names and email addresses of senders, recipients, and CC participants
  • Synchronization data: we sync emails from the past 3 months when you first connect, and receive real-time notifications for new emails

Gmail integration is optional. You can enable or disable it at any time through your account settings. When you revoke access, we will stop collecting new emails but may retain previously collected data as described in the Data Retention section.

Google User Data Privacy Policy

This section discloses how Deal It accesses, uses, shares, stores, and retains Google user data when you connect your Google account and authorize Gmail or basic profile access.

Scopes Used

  • https://www.googleapis.com/auth/gmail.readonly
  • https://www.googleapis.com/auth/gmail.send
  • https://www.googleapis.com/auth/userinfo.email
  • https://www.googleapis.com/auth/userinfo.profile

Data Accessed

  • Basic profile and account info: Google user ID, email address, name, and profile picture (from UserInfo API).
  • Gmail data (only after you explicitly connect Gmail): email metadata (e.g., headers such as From/To/Subject/Date/Message-ID/Labels), message body (text/HTML), and attachments metadata/content as required to perform import/sync that you initiate.

Data Usage

  • Authenticate and link your account, verify identity, and manage your integration state.
  • Import and process relevant emails and attachments you choose to sync in order to generate, validate, and cross-check trade documents and related records.
  • When applicable, update Gmail labels only as part of user-initiated workflows to reflect processing status.

Data Sharing

  • We do not sell Google user data and do not use it for advertising.
  • We do not share Gmail content with third parties except trusted service providers (e.g., cloud hosting/monitoring/email delivery) acting as processors under appropriate data processing agreements and solely to operate the Service.
  • We do not allow unrelated third-party access to your Gmail content. If you collaborate within your organization on Deal It, visibility follows your organization’s settings and your explicit actions.

Data Storage & Protection

  • OAuth tokens (access/refresh, scope, expiry) are stored server-side to maintain your authorized connection and are used only to call Google APIs on your behalf.
  • All data is transmitted over TLS. We apply access controls and the principle of least privilege. Our infrastructure uses encryption at rest and industry-standard security practices provided by our cloud providers.

Data Retention & Deletion

  • We retain imported Gmail content and OAuth tokens while your integration is active and only as long as needed to provide the Service.
  • If you disconnect Gmail or delete your account, we revoke and delete stored OAuth tokens promptly. Account deletion triggers our standard deletion flow; your data is permanently deleted after applicable retention/grace periods.
  • You can request data deletion through in-app settings (Account Deletion) or by contacting support@dealit.ai.

AI Processing Data

To provide AI-powered features such as document generation and consistency verification, we process your data using AI models:

  • Vector embeddings: We generate vector embeddings (using OpenAI text-embedding-3-small model) from your emails and trade deals to enable similarity search and content matching
  • AI analysis: We use AI to automatically analyze emails to determine if they are trade-related and extract relevant trade information
  • Document verification: We use AI to verify consistency across trade documents (Invoice, Packing List, Bill of Lading, etc.)

Technical Information

  • IP address and device information
  • Browser type and version
  • Log data and timestamps
  • Session information for authentication

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, maintain, and improve the Service functionality
  • Customer Support: To respond to your inquiries and provide technical assistance
  • Service Improvement: To analyze usage patterns and enhance our AI models and features (using anonymized or aggregated data)
  • Email Processing: To automatically analyze emails, extract trade information, and link emails to relevant trade deals
  • Similarity Search: To enable search functionality using vector embeddings for finding related emails and deals
  • Team Collaboration: To enable team-based access control and shared workspaces
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes
  • Marketing Communications: To send marketing emails only with your explicit consent

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

Third-Party Service Providers (Subprocessors)

We engage third-party service providers to help us deliver the Service, including cloud infrastructure, AI processing, and email integration services. These subprocessors are carefully selected and required to maintain appropriate security and privacy standards.

For a complete and up-to-date list of our subprocessors, including their purpose and data processing details, please visit our Subprocessors page. We will notify you of any material changes to this list at least 30 days in advance.

Team and Organization Sharing

  • Team Members: If you use team features, your organization members and team members may have access to shared data within your workspace according to the permissions you or your organization administrator set

Other Sharing Circumstances

  • Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy
  • With Your Consent: We may share your information with third parties when you explicitly consent to such sharing

Anonymized and Aggregated Data

We may use anonymized or aggregated data (that cannot identify you) to enhance our AI models, analyze service usage patterns, and improve our Service. We may share such non-identifiable data with third parties for service improvement purposes.

5. Data Storage and Security

Your data may be stored on servers located outside your country of residence. We implement appropriate technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

6. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy.

Upon account deletion, we retain your data for 90 days for legal or operational purposes, after which it will be permanently deleted. Backup data is deleted on a rolling basis as technically feasible.

Some information may be retained longer if required by law or for legitimate business purposes (e.g., payment records, dispute resolution).

7. Your Rights

You have the following rights regarding your personal information:

  • Access: You can request access to the personal information we hold about you
  • Correction: You can update your account information at any time through your account settings
  • Deletion: You can request deletion of your account and associated data at any time
  • Data Portability: During the 90-day retention period after account deletion, you may request export of your data
  • Marketing Opt-out: You can opt-out of marketing communications at any time by following the unsubscribe link in our emails or by contacting us

To exercise these rights, please contact us at support@dealit.ai.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and hold certain information. Cookies are files with a small amount of data that may include an anonymous unique identifier.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

9. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us so we can delete such information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

We implement appropriate safeguards to protect your information when it is transferred internationally, including ensuring that any third parties with whom we share information provide adequate protection for your data.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

We will also notify you via email of any material changes to this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Glancey Co., Ltd.
Email: support@dealit.ai

Effective Date: November 1, 2025