Privacy Policy

What we read

When you connect Gmail, Dealveo requests read-only access to your inbox. We read email metadata (sender, subject, date) and message content to identify incoming brand partnership enquiries. We only process emails that appear to be sponsorship-related. We do not read, store, or process personal correspondence.

What we don't do

• We never sell your data or email content to third parties.
• We never use your emails to train shared or public AI models.
• We never send emails on your behalf without your explicit tap in the UI.
• We never share your Gmail token with any service other than Google's API.

Data retention

Emails that are not matched to a brand deal are retained for 90 days and then permanently deleted. Emails associated with an active deal are retained for the duration of that deal plus 2 years for accounting purposes. You can request deletion of your data at any time by contacting us.

Security

Your Gmail OAuth tokens are encrypted at rest using AES-256-CBC via Laravel's encryption layer before being stored in our database. The encryption key is never stored alongside the data.

How to revoke access

Once signed in, you can disconnect Gmail at any time from your account settings. This immediately clears your stored token and stops all email sync. You can also revoke access directly from your Google Account permissions page.