1. Controller.
The controller is Dealokr, a service operated by an individual entrepreneur. Privacy contact: dealokr.support@gmail.com.
Identification details: SIREN 105 451 603, SIRET 105 451 603 00010, APE/NAF 62.01Z. Depending on the situation, Dealokr may act as controller for service management, accounts, billing, support, and security, or as processor when a professional client uses Dealokr to process data for its own project.
2. Data processed.
Dealokr may process account data, workspace data, deal data, contract data, provider payment statuses, delivery data, dispute data, audit data, support data, and technical security data. This includes project details, client and freelancer information, prices, daily rates, work logs, statuses, clauses, PDFs, app-level signatures, files, storage paths, checksums, messages, email events, IP addresses, user agents, logs, and errors.
Dealokr does not intentionally request sensitive data. Users should avoid uploading it unless strictly necessary for the project.
3. Purposes.
Data is processed to create and manage accounts, manage workspaces and permissions, create and document deals, generate operational documents, manage client invitations, track provider-confirmed payments, support fixed-price and daily-rate missions, store deliveries, record validations and disputes, send transactional emails, manage billing, prevent abuse, comply with legal obligations, and defend rights.
4. Legal bases.
Depending on the processing, Dealokr relies on contract performance or pre-contractual measures, legitimate interest, legal obligation, or consent. Legitimate interest may include security, proof, support, abuse prevention, and reasonable service improvement.
5. Recipients.
Data may be accessible to authorized Dealokr personnel or representatives, workspace members according to roles, clients invited through a secure portal, technical providers, payment and billing providers, counsel, insurers, accountants, banks, authorities, or courts where necessary.
Expected V1 providers include Supabase for authentication, database, storage, and Edge Functions; Stripe for payment, billing, Connect, Checkout, refunds, and chargebacks; Resend for transactional emails; and Vercel for frontend hosting, Web Analytics, and Speed Insights.
6. Transfers outside the EU.
Some providers may process data outside the European Economic Area. When required, Dealokr relies on contractual, organizational, and technical safeguards made available by these providers.
7. Retention.
Retention is described in the Retention and Deletion Policy. In general, data is retained only as long as necessary for the service, security, proof, billing, legal obligations, disputes, or defense of rights.
8. Rights.
Where applicable, individuals may request access, rectification, erasure, restriction, objection, portability, and withdrawal of consent. Requests may be sent to dealokr.support@gmail.com. Dealokr may ask for identity verification before responding. Some requests may be refused, limited, or delayed where data must be retained for proof, security, billing, legal obligations, disputes, or defense of rights.
Individuals may also lodge a complaint with the CNIL or another competent authority.
9. Security.
Dealokr uses reasonable measures such as authentication, workspace roles, private storage, signed URLs, database security policies, server-side secrets, event logging, and separation between production and test data where possible. No system is risk-free. Users must protect their own accounts, devices, files, passwords, and invitation links.
10. Cookies.
Cookies and similar storage are described in the Cookie Policy.
11. Changes.
This policy may be updated to reflect service, provider, or legal changes.
Dealokr