Privacy Policy

Last updated: February 28, 2026

Dealspace is a platform for managing confidential M&A transaction data. We understand the sensitivity of the information you entrust to us. This policy describes how we collect, use, and protect that data.

Data Controller

Muskepo B.V.
Herengracht 555
1017 BW Amsterdam
The Netherlands

Chamber of Commerce: 92847293
VAT: NL866012843B01

Information We Collect

Account Information

Name, business email address, organization name, and job title. This information is required to create an account and manage access to deals.

Transaction Data

Documents, requests, responses, and communications uploaded to or generated within the platform. This includes confidential M&A transaction materials, due diligence documents, and related correspondence.

Usage Data

IP addresses, access timestamps, browser type, and activity logs. This information is collected for security purposes, audit trail requirements, and service optimization.

Payment Information

Payment processing is handled by third-party providers (Stripe). We do not store credit card numbers or bank account details. We receive only transaction confirmations and billing addresses.

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Dealspace platform
  • Manage user accounts and access permissions
  • Generate audit trails as required by clients and regulators
  • Detect and prevent security threats
  • Comply with legal obligations
  • Send service-related communications

We do not:

  • Sell your data to third parties
  • Use transaction data for advertising
  • Train AI models on your confidential documents
  • Share data with third parties except as described in this policy

Legal Basis for Processing

We process your data based on:

  • Contractual necessity: Processing required to provide the services you have requested under our Terms of Service
  • Legitimate interests: Security, fraud prevention, service improvement, and business operations
  • Legal obligation: Compliance with applicable laws, regulations, and legal processes
  • Consent: Where specifically obtained for marketing communications

Data Sharing

We share data only in the following circumstances:

Within Deals

Transaction data is shared with authorized participants within each deal according to the access permissions configured by deal administrators.

Service Providers

We use carefully selected third-party providers for infrastructure, payment processing, and support operations. These providers are bound by data processing agreements and process data only on our instructions.

Legal Requirements

We may disclose data when required by law, court order, or governmental authority. We will notify you of such requests where legally permitted.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you and ensure the receiving party is bound by equivalent data protection obligations.

Data Security

We protect your data with:

  • FIPS 140-3 validated encryption for data at rest and in transit
  • Per-deal encryption keys limiting exposure in case of compromise
  • SOC 2 Type II certified infrastructure and processes
  • Multi-factor authentication required for all accounts
  • Continuous monitoring and intrusion detection
  • Regular security assessments and penetration testing

For detailed security information, see our Security page.

Data Retention

Active accounts: Data is retained for the duration of your subscription and any active deals.

Archived deals: Retained for 7 years after deal closure for regulatory and audit purposes, unless you request earlier deletion.

Account deletion: Upon account termination, personal data is deleted within 30 days. Transaction data associated with active deals of other parties is retained per those deals' retention policies.

Backups: Deleted data may persist in encrypted backups for up to 90 days before being overwritten.

International Data Transfers

Dealspace operates infrastructure in the European Union and the United States. Data may be transferred between these regions. For transfers outside the EEA, we rely on Standard Contractual Clauses approved by the European Commission. Enterprise customers may request data residency in specific regions.

Your Rights

Under GDPR and applicable privacy laws, you have the right to:

  • Access your personal data and obtain a copy
  • Rectify inaccurate or incomplete data
  • Erase your data (subject to legal retention requirements)
  • Restrict processing in certain circumstances
  • Port your data to another service in a structured format
  • Object to processing based on legitimate interests
  • Withdraw consent where processing is based on consent

To exercise these rights, contact privacy@dealspace.io. We will respond within 30 days.

Cookies

We use essential cookies to maintain your session and preferences. We do not use advertising cookies or third-party tracking. Analytics, where used, are privacy-preserving and do not track individuals.

Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email to account holders. Continued use of the service after changes constitutes acceptance.

Contact

Data Protection Officer:
privacy@dealspace.io

You have the right to lodge a complaint with a supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).