Privacy Policy

Transparency is our core value. Here is how we handle your data, your tracking analytics, and your content.

1. Data We Collect

When you use DealTicket.app, we collect the following categories of information:

Account Information
  • Identity Data: Name, email address, company name, and profile picture — provided directly by you or received from social login providers (Google, Facebook, APSense).
  • Credentials: Passwords are stored using bcrypt hashing. We never store your password in plain text.
Content & Communication Data
  • Messages: All chat messages sent within deal rooms are stored on our servers.
  • Files: Uploaded attachments (images and PDFs) are stored on our servers. Maximum 3 files per deal room.
  • Deal Information: Deal offers, pricing, and acceptance status you enter into tickets.
Technical Data
  • IP Address: Collected on each page visit for security and fraud prevention.
  • Browser & Device: Browser type and operating system information.
  • Access Logs: Page URIs visited, timestamps, and associated user IDs.

2. Authentication & Accounts

DealTicket.app supports multiple sign-in methods. Depending on the method you choose, we receive different data:

  • Email Registration: We collect your name, email, and password. An activation code is sent to verify your email address (valid for 7 days).
  • Google Sign-In: We receive your Google ID, name, email, and profile picture via Google OAuth.
  • Facebook Sign-In: We receive your Facebook ID, name, email, and profile picture via the Facebook Graph API.
  • APSense Sign-In: We receive your APSense user ID, username, email, and name via APSense Single Sign-On.

We also provide Magic Link sharing, which generates a one-time access code (valid for 7 days) that allows invited users to join a deal room after signing in.

3. Activity Tracking

DealTicket tracks certain activity to provide transparency between deal participants:

  • Page Views: Each deal room tracks the total number of page views.
  • Access Logs: The ticket creator can see who accessed the deal room and when (last 20 entries).
  • Message Read Receipts: Senders can see whether their messages have been read by other participants.
  • File View Tracking: The system records which members have viewed uploaded attachments.
  • Member Presence: Last access time of each participant is visible to other members.

We do not sell any tracking or activity data to third-party advertisers. This data is only visible to participants within the same deal room.

4. AI Content Processing

Our AI features are powered by Google Gemini and provide the following capabilities:

  • Message Polish: Rewrites your messages in a selected tone (Professional, Friendly, Formal, Casual, or Persuasive) and optionally translates them.
  • Message Translation: Translates incoming messages into your preferred language.
  • Message Analysis: Analyzes incoming messages for sentiment, intent, and suggested response strategies.
How Your Data Is Processed
  • Input Data: When you use an AI feature, the text you submit is sent to Google Gemini's API for processing.
  • No Training: Your business data is not used to train public AI models.
  • AI Logging: We log AI usage (model used, token counts, credits deducted, and AI responses) for billing and service improvement purposes.
  • Per-User Privacy: AI analysis results (translations, sentiment analysis) are stored privately per user and are not visible to other participants.
AI Credits

Each AI operation costs 5 credits. Credits are included in your plan and can also be purchased separately. Purchased credits do not expire.

5. Forms & Lead Capture

Business and Enterprise users can create lead capture forms that automatically generate deal rooms upon submission.

  • Form Data: When someone submits a form, all field values (name, email, and any custom fields) are stored and linked to the generated deal room.
  • Submission Logging: Each form submission is logged with the submitted data, associated ticket ID, and timestamp.
  • Submitter Accounts: If the submitter is a registered user, their submission is linked to their account. If not, an account may be created based on the provided email.

6. Payments & Billing

All payments are processed securely through PayPal. We do not store your credit card or PayPal account details on our servers.

  • Transaction Data: We store the PayPal transaction ID, subscription ID, payment amount, payer email, and payment date for invoicing purposes.
  • IPN Verification: We verify all payments directly with PayPal's servers using Instant Payment Notification (IPN) to prevent fraud.
  • Invoices: Payment records are available in your account for download. Invoice details include transaction ID, date, amount, and item description.

7. Cookies & Sessions

DealTicket.app uses the following cookies to operate the service:

  • Session Cookie (ci_session): Required to maintain your login session. Expires when you close the browser.
  • Remember Me Cookie (remember_token): Optional, set when you choose "Remember Me" at login. Valid for 14 days. Stored as a hashed token.

All cookies are set with HTTPOnly and SameSite=Lax flags for security. We do not use third-party advertising or analytics cookies.

8. Third-Party Services

DealTicket.app integrates with the following third-party services to provide its features:

  • Google Gemini API: Processes text for AI Polish, Translation, and Analysis features. Subject to Google's Privacy Policy.
  • Google OAuth: Used for Google Sign-In authentication.
  • Facebook Graph API: Used for Facebook Sign-In authentication.
  • APSense: Used for APSense Single Sign-On and partner messaging.
  • PayPal: Processes all subscription and credit purchase payments. Subject to PayPal's Privacy Policy.

We only share the minimum data necessary with each provider to deliver the service. We do not sell your data to any third party.

9. Email Communications

DealTicket.app sends the following types of emails:

  • Account Emails: Activation codes, password reset links, and account verification — these are required and cannot be disabled.
  • Notification Emails: New message alerts, payment confirmations, and account upgrade notifications.

You can opt out of notification emails at any time from your Account Settings or by clicking the unsubscribe link in any notification email. Required account and security emails cannot be disabled.

10. Security

We take the following measures to protect your data:

  • Password Hashing: All passwords are hashed using bcrypt before storage.
  • Secure Cookies: Authentication cookies use HTTPOnly and SameSite flags to prevent cross-site attacks.
  • Magic Link Security: One-time access codes are cryptographically generated (20 characters) and expire after 7 days or first use.
  • File Validation: Uploaded files are validated for type and size. Filenames are randomized to prevent path-based attacks.
  • CSRF Protection: All form submissions and AJAX requests are protected against cross-site request forgery.

11. Contact Us

If you have questions about this policy or wish to exercise your data deletion rights, please contact us.