Privacy Policy

Last updated on Aug 19th, 2025

This Privacy Policy explains how Dealight AS (“Dealight”, “we”, “us” or “our”) collects, uses, shares, and protects your personal data when you visit our website, use our SaaS products and services, or otherwise interact with us. Dealight AS is established in Norway and processes personal data in accordance with the EU/EEA General Data Protection Regulation (GDPR) and applicable Norwegian data protection law.

This policy is provided for general information and does not constitute legal advice.

Controller and contact

• Controller: Dealight AS, Norway
• Email: hey@dealight.app

Depending on your configuration, we may also act as a processor when we process personal data on behalf of our business customers within the SaaS platform. In those cases, the customer is the controller and we process data under a data processing agreement (DPA).

What data we collect

We collect and process the following categories of personal data:

• Account and profile data: name, email address, role, organization and workspace details.
• Usage and log data: device and browser information, IP address, timestamps, pages viewed, features used, crash reports, diagnostics, and performance metrics.
• Billing data: payment method, transaction details, VAT/tax information, and billing address (processed via our payment provider).
• Communications: support requests, feedback, survey responses, and marketing preferences.
• Content you provide: files, messages, or other data you upload or enter into the Service (as determined by your use of the SaaS product).

We collect data directly from you, automatically via the Service, and in some cases from third parties (for example, single sign-on providers, payment processors, or integration partners) as permitted by law and your settings.

Purposes and legal bases

We process personal data for the following purposes and legal bases under GDPR:

• Provide and operate the Service: to create and manage accounts, authenticate users, deliver features, provide support, and ensure availability and security. Legal basis: Article 6(1)(b) contract performance; Article 6(1)(f) legitimate interests (service security and improvement).
• Billing and transactions: to process payments, prevent fraud, and manage subscriptions. Legal basis: Article 6(1)(b) contract performance; Article 6(1)(c) legal obligation (tax/financial recordkeeping).
• Product improvement and analytics: to understand feature usage, fix issues, and enhance performance. Legal basis: Article 6(1)(f) legitimate interests. Where required for non-essential cookies/trackers, Article 6(1)(a) consent.
• Communications and marketing: to send product updates, service notices, and marketing communications. Legal basis: Article 6(1)(f) legitimate interests for service communications; Article 6(1)(a) consent for marketing where required. You can opt out at any time.
• Compliance and security: to comply with law, enforce terms, and protect rights, property, and safety. Legal basis: Article 6(1)(c) legal obligation; Article 6(1)(f) legitimate interests.

Cookies and similar technologies

We use cookies and similar technologies to operate the website, enable core functionality, and measure performance. Non-essential cookies (for analytics/marketing) are used only with your consent, which you can manage via our cookie banner or your browser settings. For more details, see our Cookie settings or related documentation within the Service.

Analytics, payment, and integrations

We may use trusted service providers for analytics, error monitoring, cloud hosting, and payments. These providers act as our processors and only process personal data under our instructions and appropriate safeguards. Payment details are handled by our payment processor and are not stored by Dealight AS beyond necessary identifiers.

International transfers

If personal data is transferred outside the EU/EEA, we ensure appropriate safeguards such as the European Commission’s Standard Contractual Clauses and, where necessary, additional measures to protect the data.

Data retention

We retain personal data only for as long as necessary to fulfill the purposes outlined above, including to meet legal, accounting, or reporting requirements. Criteria include the nature of the data, the product lifecycle, and statutory limitation periods. We will delete or anonymize data when it is no longer needed.

Security

We implement technical and organizational measures designed to protect personal data against unauthorized access, loss, destruction, or alteration. No method of transmission or storage is completely secure, but we strive to use commercially reasonable safeguards appropriate to the risk.

Your rights

Subject to applicable law, you have the following rights with respect to your personal data:

• Access, rectification, and erasure
• Restriction of processing
• Data portability
• Objection to processing based on legitimate interests
• Withdrawal of consent where processing is based on consent (without affecting the lawfulness of processing before withdrawal)

You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) or your local supervisory authority in the EU/EEA.

To exercise your rights, contact us at hey@dealight.app. We may need to verify your identity before responding.

Children’s privacy

Our Service is not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided personal data, please contact us so we can take appropriate action.

Third-party links

Our website may contain links to third-party websites or services. Their privacy practices are governed by their own policies.

Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service. The “Last updated” date at the top indicates when this policy was last revised.

Contact us

If you have questions about this Privacy Policy or our data practices, please contact: hey@dealight.app.