DealStudio Limited (“DealStudio”, “we”, “our”, or “us”) is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our M&A platform and related services.
We are registered in England and Wales and act as the data controller for the personal data we process. We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We collect personal information that you voluntarily provide when using our services, including:
When you access our platform, we automatically collect:
We may receive information from third-party services you connect to your account, such as Google Calendar for meeting scheduling, or from public business registries like Companies House for business verification purposes.
We use the collected information for the following purposes and legal bases:
DealStudio uses artificial intelligence to provide features such as:
We may use anonymised, aggregated data to improve our AI models. This data is stripped of any personally identifiable information and confidential deal specifics. You may opt out of AI training data usage by contacting privacy@dealstudio.co.uk.
Some AI features may utilise third-party services (such as OpenAI). When using these features, relevant data may be processed by these providers in accordance with their privacy policies. We ensure appropriate data processing agreements are in place with all AI service providers.
We may share your information in the following circumstances:
We work with trusted third-party service providers who assist in operating our platform:
Information you enter into the platform may be visible to other members of your organisation based on their role and permissions.
When you share deals or documents with external parties (buyers, sellers, advisors), relevant information is shared according to the access level you grant.
We may disclose your information when required by law, court order, or to protect our legal rights, safety, or property.
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and any choices you may have regarding your data.
We implement comprehensive technical and organisational measures to protect your personal information:
While we implement industry-leading security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but will notify you of any breaches affecting your data as required by law.
We retain your personal information according to the following schedule:
| Data Type | Retention Period | Basis |
|---|---|---|
| Account data | Duration of account + 30 days | Contract performance |
| Deal & transaction data | 7 years after deal closure | Legal/regulatory requirements |
| Documents & files | Duration of account + 30 days | Contract performance |
| Email communications | 3 years | Legitimate interest |
| Payment records | 7 years | Tax/accounting requirements |
| Usage analytics | 2 years (then anonymised) | Legitimate interest |
| Audit logs | 3 years | Security & compliance |
| Deleted account data | 30 days (then permanently deleted) | Recovery period |
When data is no longer needed, we securely delete or anonymise it. You may request earlier deletion of your data, subject to our legal and regulatory obligations.
Under UK GDPR, you have the following rights regarding your personal information:
To exercise these rights, contact us at privacy@dealstudio.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
When you first visit our website, analytics runs in memory-only mode — no cookies are set and no data is persisted on your device. A cookie consent banner will appear at the bottom of the page, giving you two choices:
You can change your preference at any time by clicking the “Cookie Settings” link in the footer of any page. This will re-display the consent banner so you can update your choice. You can also manage cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the platform.
PostHog: Processes and stores all data within the European Union (Frankfurt, Germany) under PostHog Cloud EU. No PostHog analytics data is transferred outside the EU/UK. PostHog acts as a data processor under our Data Processing Agreement (DPA), in accordance with GDPR Article 28.
Google Analytics 4: Data is processed by Google LLC under their Data Processing Terms. Google Analytics uses the gtag.js consent mode — no cookies are set until you explicitly grant consent via our cookie banner. You can learn more about Google's data practices at policies.google.com/privacy.
Your information is primarily stored and processed within the UK and European Economic Area (EEA). Where transfers to countries outside the UK/EEA are necessary (e.g., for certain service providers), we ensure appropriate safeguards are in place:
DealStudio is a business-to-business platform not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete such information promptly.
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new Privacy Policy on this page, updating the “Last updated” date, and where appropriate, notifying you via email. Your continued use of our services after any changes constitutes acceptance of the updated policy.
If you have any questions about this Privacy Policy, our data practices, or wish to exercise your rights, please contact us:
DealStudio Limited
Data Protection Officer
Email: privacy@dealstudio.co.uk
General enquiries: info@dealstudio.co.uk
Registered in England & Wales