Privacy Policy

Last updated: March 2026

1. Information We Collect

DealHarbor, operated by Faisal Khan LLC, collects information to provide and improve our marketplace services. We collect the following categories of information:

Account Data

When you register for an account, we collect your name, email address, password (stored as a bcrypt hash), company name, phone number, and user role. Provider accounts may include additional business information such as areas of expertise, licensing details, and company website.

Lead Data

When you post a lead, we collect the service category, description, budget range, geographic requirements, urgency level, and any uploaded attachments (documents, spreadsheets, images). Attachment files are stored with anonymized filenames.

Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, search queries, lead views, timestamps of activity, IP address, browser type, device information, and referring URLs.

Cookies

We use essential cookies to maintain your session and authentication state. These cookies are HTTP-only, Secure, and set with SameSite=Strict attributes. See Section 7 (Cookie Policy) below for more details.

2. How We Use Information

We use the information we collect for the following purposes:

  • To provide, operate, and maintain the DealHarbor marketplace.
  • To process payments for lead listings, provider subscriptions, and add-ons.
  • To facilitate connections between lead posters and solution providers through proposals.
  • To verify provider accounts and maintain marketplace quality.
  • To send transactional emails including welcome messages, proposal notifications, payment confirmations, and subscription reminders.
  • To send newsletter communications (with your consent and an unsubscribe option in every email).
  • To detect and prevent fraud, abuse, and violations of our Terms of Service.
  • To improve, personalize, and optimize the Service through analytics.

3. Information Sharing

We do not sell your personal information. We share information only with the following third-party service providers as necessary to operate the platform:

  • Stripe — Payment processing for lead listing fees, provider subscriptions, and add-on purchases. Stripe receives your payment information directly and is governed by their own privacy policy.
  • Resend — Transactional email delivery and newsletter distribution. Resend receives your email address and name for sending communications on our behalf.
  • Cloudflare — CDN, WAF security, and R2 object storage for file attachments. Cloudflare processes request data for security and performance purposes.
  • Neon — PostgreSQL database hosting where your account and marketplace data is stored.

We may also disclose information when required by law, court order, or governmental regulation, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4. Data Security

We take the security of your data seriously and implement industry-standard measures to protect it:

  • Passwords are hashed using bcrypt with a cost factor of 12 and are never stored in plaintext.
  • All data in transit is encrypted via TLS/HTTPS. Database connections use encrypted channels.
  • Sessions are managed with JWT tokens stored in HTTP-only, Secure, SameSite=Strict cookies.
  • Account lockout is enforced after 5 failed login attempts with a 15-minute cooldown period.
  • API endpoints are protected by rate limiting to prevent abuse.
  • File uploads are validated for type (PDF, DOCX, XLSX, PNG, JPG, CSV only) and size (10MB per file, 50MB per lead).
  • Stripe webhook signatures are verified to prevent forged events.

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

Right of Access

You may request a copy of the personal data we hold about you. Contact us at the address below to submit an access request.

Right to Deletion

You may request deletion of your account and associated personal data. Note that some information may be retained as required by law or for legitimate business purposes (e.g., financial records, fraud prevention). Deleted accounts cannot be recovered.

Right to Opt-Out

You may opt out of newsletter and marketing communications at any time by clicking the unsubscribe link included in every email or by updating your notification preferences in your account settings. Transactional emails (payment confirmations, proposal notifications) cannot be opted out of while your account is active.

6. Cookie Policy

DealHarbor uses cookies that are essential for the operation of the platform:

  • Session cookie — Maintains your authenticated session. Expires after 24 hours (4 hours for admin accounts). HTTP-only, Secure, SameSite=Strict.
  • CSRF token — Protects against cross-site request forgery attacks.

We do not use advertising or tracking cookies. We do not use third-party analytics cookies. All cookies used are strictly necessary for the functioning of the Service.

7. Children's Privacy

DealHarbor is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information promptly.

8. International Users

DealHarbor is operated from the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers and databases are located. By using the Service, you consent to the transfer of your information to the United States.

If you are a resident of the European Economic Area (EEA) or United Kingdom, you may have additional rights under the GDPR. Please contact us to exercise those rights.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the platform or via email to registered users. The "Last updated" date at the top of this page indicates when the policy was most recently revised.

Your continued use of the Service after changes are posted constitutes acceptance of the revised Privacy Policy.

10. Contact

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Faisal Khan LLC

Email: [email protected]

Website: dealharbor.app