Privacy Policy

1. Introduction

Deadpoint ("we," "us," "our," or "Company") is committed to protecting your privacy and ensuring you understand how we collect, use, and safeguard your personal data.

This Privacy Policy applies to all Deadpoint web properties, including our marketing website at deadpoint.ai and our investor data room at invest.deadpoint.ai (collectively, the "Services"). It describes what data we collect, why we collect it, how we use it, and your rights regarding that data.

Deadpoint is headquartered in Lisbon, Portugal. We build a Strategy Operating System for hedge funds. Our Services are directed at institutional and professional users, not consumers. Please read this policy carefully. If you do not agree with our practices, please do not use our Services.

2. Data Controller

Deadpoint is the data controller responsible for your personal data. For privacy-related inquiries or to exercise your data rights, contact us at privacy@deadpoint.ai. For general questions, reach us at info@deadpoint.ai.

3. What Personal Data We Collect

We collect different categories of data depending on how you interact with our Services.

3.1 Marketing Website (deadpoint.ai)

3.2 Investor Data Room (invest.deadpoint.ai)

3.3 Analytics and Behavioral Data (All Services)

4. How We Use Your Data

We use your personal data for the following purposes:

Legal Basis for Processing (GDPR Article 6)

5. Cookies, Tracking, and Consent

5.1 Essential Cookies

These cookies are necessary for our Services to function and cannot be disabled. They do not require consent under GDPR.

5.2 Analytics and Tracking (Consent Required)

The following tracking technologies are enabled only with your consent, which you can manage through the cookie consent banner displayed on our Services. You can withdraw consent at any time.

Your consent preference is stored locally in your browser. We do not track you across other websites.

5.3 First-Party Engagement Tracking

On the investor data room, we collect engagement data (document views, section reading time, scroll depth, downloads) as part of our core service functionality and for legitimate business purposes. This tracking does not use cookies — it is server-side, tied to your authenticated session, and is integral to how the data room operates.

5.4 Third-Party Resources

Google Fonts: We load typography from Google Fonts (fonts.googleapis.com and fonts.gstatic.com). Your browser sends your IP address and basic request headers to Google's servers. See Google's Privacy Policy.

6. Third-Party Services

We use the following third-party services that may process your data. All third-party processors operate under data processing agreements with Deadpoint.

No data sales: We do not sell, trade, or share your personal data with third parties for marketing, advertising, or commercial purposes. We do not use your data to train AI models. We only share data with service providers who process it on our behalf under contractual obligations.

7. Data Retention

Upon request or termination of a business relationship, account data is soft-deleted (marked as deleted) and permanently purged after the applicable retention period. Audit logs and NDA records are retained for their full retention period regardless of account status, as required for legal and regulatory purposes.

8. Your GDPR Rights

If you are located in the European Union or other jurisdiction with similar data protection laws, you have the following rights:

To exercise any of these rights, please contact us at privacy@deadpoint.ai. We will respond within 30 days (or as required by law). We may need to verify your identity before processing your request.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) provides you with additional rights regarding your personal information:

To exercise your California privacy rights, contact us at privacy@deadpoint.ai.

10. International Data Transfers

Your data may be processed and stored outside your country of residence. Several of our third-party processors are based in the United States (Formspree, Resend, Anthropic, Groq). Cloudflare operates globally.

For transfers of personal data from the EU/EEA or UK to countries without an adequacy decision, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, supplementary measures where appropriate, and processor commitments to data protection standards equivalent to GDPR. For EU-US transfers, we also rely on the EU-US Data Privacy Framework where applicable.

11. Security

We implement technical and organizational measures to protect your data:

No method of transmission over the internet is 100% secure. While we implement strong safeguards, we cannot guarantee absolute security.

12. Children's Privacy

Our Services are directed at institutional and professional users and are not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we learn that we have collected data from a child under 16, we will promptly delete it. Contact us at privacy@deadpoint.ai if you believe this has occurred.

13. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or the Services we offer. We will update the "Last updated" date at the top of this page. For material changes, we will provide notice through our Services or via email to registered data room users. Your continued use of our Services after changes are posted constitutes your acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy, our data practices, or your privacy rights:

We will respond to your inquiry within 30 days.