Privacy Policy

Last updated: 2026-05-16 · Interim summary; full version published shortly.

1. Data we collect

• Account: email address, display name (derived from email), account creation timestamp, last sign-in timestamp.
• Authentication: magic-link tokens (hashed; plaintext never stored), session cookies (HttpOnly, Secure, SameSite=Lax), IP address at sign-in (used for rate-limit + abuse detection).
• Deal inputs: property data, addresses, rent rolls, financial statements, and other content you upload to generate reports.
• Run audit: property name, type, and address for every report you generate; token counts + cost estimate per run (internal billing only).
• Rate-limit telemetry: IP address + timestamp of sign-in attempts (kept up to 24 hours, then purged).

2. How we use it

• To send you sign-in links and operate your account.
• To generate reports from data you upload.
• To bill, prevent abuse, and enforce fair-use limits.
• To send service notifications (e.g., security alerts, billing changes). We do not send marketing email without a separate opt-in.

3. Who we share it with

DealBrief uses the following sub-processors:

• Cloudflare — application hosting (Workers), database (D1), CAPTCHA (Turnstile), TLS, DNS.
• Anthropic — large language model for report generation. Data submitted to Anthropic's API is not used to train their models (per Anthropic's API terms).
• Resend — transactional email delivery (sign-in links).
• PDFShift — server-side PDF rendering (when you generate a branded PDF).

We do not sell your data. We do not share your raw deal data, rent rolls, or report contents with any third party other than the sub-processors above (each only receives the minimum data needed to perform its function).

4. Aggregated / de-identified data

We may compute aggregated, de-identified market signals (e.g., submarket cap rate distributions, deal-size histograms) from across all users to improve the product. Aggregated data contains no personally identifying information and no individual property addresses.

5. Cookies

DealBrief uses one cookie: dbr_session (HttpOnly + Secure + SameSite=Lax, 30-day TTL). It identifies your signed-in session. Cloudflare and Turnstile may set additional cookies for security and bot detection per their privacy policies. We do not use third-party analytics or advertising cookies.

6. Your rights

• Access: email franco@logictalk.ai to request a copy of the data we hold about you.
• Delete: use the "Delete account" option in your account menu (top-right chip). Deletion is immediate and permanent: account row, sign-in history, session records, run audit log, and invite tokens are all hard-deleted. An immutable audit record of when you deleted is retained for abuse prevention; this record does not contain your data, only the email + timestamp + reason (if you provided one).
• California residents (CCPA): you may request access, deletion, and opt-out of any sale of personal information. DealBrief does not sell personal information.

7. Data retention

Account data is retained for as long as your account is active. After account deletion, all personal data is purged immediately (audit record of deletion-event only retained). Rate-limit telemetry purges automatically after 24 hours.

8. Security

All connections use TLS. Magic-link and session tokens are stored as SHA-256 hashes only. API keys for sub-processors are stored as encrypted secrets in Cloudflare Workers. Account owner uses hardware-backed two-factor authentication.

9. Children

DealBrief is intended for commercial real estate professionals. It is not directed to and does not knowingly collect data from anyone under 18.

10. Contact

Logic Talk AI LLC
1000 Brickell Ave #715 PMB 392, Miami, FL 33131
franco@logictalk.ai