Short version: deeltrack stores your data securely in the cloud using Firebase/Google Cloud infrastructure with encryption in transit and at rest. We do not sell or share your data with third parties. Sensitive investor information (SSNs, bank details) is protected with envelope encryption backed by Google Cloud KMS.
1. Who We Are
deeltrack ("we," "us," "our") operates the deeltrack platform at deeltrack.com. We are a software company providing organizational tools for real estate syndicators. We are not a financial institution, investment adviser, or broker-dealer.
2. What Data We Collect
2.1 Data You Enter Into the Platform
All deal information, investor records, financial projections, distribution history, and documents that you enter into deeltrack are stored securely using cloud infrastructure (Firebase/Google Cloud) with encryption in transit and at rest. This includes:
- Deal names, terms, financial projections, property addresses
- Investor names, email addresses, phone numbers, accreditation status
- Distribution amounts and history
- Capital call records
- Generated document content
- Firm settings and profile information
2.2 Account Data
When you create an account, your credentials are managed through Firebase Authentication with industry-standard security practices including password hashing and secure session management.
2.3 Usage Data
deeltrack may collect basic usage information to operate and improve the platform, including: page views, feature usage events, session duration, browser type and version, and IP address for security and fraud prevention purposes. This data is not sold or shared with third parties beyond the infrastructure providers listed in Section 4.
3. How We Use Data
| Data Type | Purpose | Stored Where |
|---|
| Deal & investor data | Provide platform functionality | Cloud (Firebase/Google Cloud) |
| Account credentials | Authentication | Cloud (Firebase/Google Cloud) |
| Settings | Personalization | Cloud (Firebase/Google Cloud) |
| Usage analytics | Platform improvement | Cloud (Firebase/Google Cloud) |
4. Data Sharing
We do not sell, rent, or share your personal or deal data with third parties. The following third-party services process limited data as part of platform operations:
- Firebase / Google Cloud: Our cloud infrastructure provider. All deal data, investor records, documents, and account information are stored in Google Cloud Firestore and Firebase Storage. Google's privacy and security practices are governed by the Google Cloud Data Processing Terms.
- Microsoft Graph API: Transactional emails (capital call notices, distribution notifications, team invites) are sent from admin@deeltrack.com via Microsoft 365. Recipient email addresses are processed by Microsoft's email infrastructure.
- Stripe: Payment processing for subscriptions. Stripe processes your billing information (card number, billing address) per Stripe's Privacy Policy. deeltrack does not store credit card numbers.
- OpenStreetMap / Nominatim: When you use the portfolio map, property location strings are sent to Nominatim's geocoding API to determine coordinates. No personal investor data is sent.
- Google Fonts / Font Awesome CDN: These services may log your IP address when loading fonts and icons. This is standard for CDN usage.
5. Investor Data — Special Obligations
If you use deeltrack to store information about your investors (names, emails, financial information, accreditation status), you are acting as the data controller for that information. You are responsible for:
- Obtaining appropriate consent from investors to store their information;
- Complying with applicable data protection laws (CCPA, GDPR if applicable);
- Ensuring that sensitive investor data (SSNs, EINs, bank account numbers) is entered only through deeltrack's encrypted fields;
- Deleting investor data when no longer needed or upon investor request.
Sensitive investor data is encrypted using envelope encryption with Google Cloud KMS. The encryption keys never leave Google's infrastructure. You can export or delete your organization's data through Settings → Data Export or Settings → Delete Account.
6. Data Security
deeltrack employs multiple layers of security to protect your data:
- Encryption in transit: All connections to deeltrack use TLS 1.3 encryption (HTTPS).
- Encryption at rest: Data stored in Google Cloud Firestore and Firebase Storage is encrypted at rest using AES-256.
- Sensitive data encryption: Investor SSNs, EINs, and bank account details are additionally encrypted using envelope encryption with Google Cloud KMS. Encryption keys never leave Google's hardware security modules.
- Authentication: Accounts are secured with Firebase Authentication. Passwords are hashed and never stored in plaintext.
- Access control: Firestore security rules enforce organization-level data isolation and role-based access (GP vs. Investor).
- Rate limiting: All Cloud Functions are rate-limited to prevent abuse.
- Security headers: Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, and XSS protection headers are enforced on all pages.
7. California Residents (CCPA)
California residents have the right to know what personal information is collected, to delete personal information, and to opt-out of the sale of personal information. We do not sell personal information. You can request deletion of your data at any time through Settings or by contacting admin@deeltrack.com.
8. Children's Privacy
deeltrack is not directed to individuals under 18 years of age. We do not knowingly collect information from minors.
9. Changes to This Policy
We will post changes to this policy on this page with an updated effective date. We will notify registered users by email of any material changes at least 30 days in advance.
10. Contact
Privacy questions: privacy@deeltrack.com