Deepli is operated by Adrival Realty Consulting BV, F. Mosselmanstraat 18 b 1.1, 8300 Knokke, Belgium. KBO: BE0788.896.644. Contact: caroline@deepli-ai.com.

Adrival Realty Consulting BV acts as the data controller for personal data processed in connection with the Deepli platform.

Account data. Name, email address, login credentials, and organization details.

Mandate and preference data. Intent, criteria, preferences, dealbreakers, and any related context you submit through forms, voice memos, or conversational interfaces. Voice memos are transcribed and the transcripts are retained as part of your mandate.

Communications. Support requests, correspondence with our team, and any messages exchanged through the platform.

Usage and technical data. Pages visited, features used, timestamps, device identifiers, browser type, and IP address — collected automatically through functional session cookies and server logs. We do not use third-party analytics or advertising trackers.

We process personal data on the following bases under the GDPR:

Contract performance (Art. 6(1)(b)) — creating and managing your account, delivering the intelligence services you have requested, facilitating broker-principal introductions, providing customer support.

Legitimate interests (Art. 6(1)(f)) — securing the platform, preventing fraud and abuse, improving the Service, and analyzing aggregate usage. These interests are balanced against your rights and freedoms.

Consent (Art. 6(1)(a)) — any optional processing you have explicitly agreed to, including surfacing specific mandate fragments to brokers.

Legal obligation (Art. 6(1)(c)) — meeting accounting, tax, and other regulatory requirements.

Private client mandates are anonymized by default before any broker-facing disclosure. No identifying information is shared without explicit private client consent. All broker-facing intelligence payloads are scrubbed of personally identifiable data. Any cross-principal analysis is performed on anonymized data only.

We share personal data only with the following categories of recipients, and only to the extent necessary for the purposes described above:

Paddle.com Market Limited and its affiliates ("Paddle") — our reseller and Merchant of Record. Paddle processes personal data on its own behalf for the purposes of payment processing, subscription management, tax calculation, invoicing, fraud prevention, and customer service for billing inquiries. See Paddle's privacy notice for details.

Hosting and infrastructure providers — Lovable Cloud (which uses Supabase) provides database, authentication, and application hosting under a data processing agreement.

AI processing providers — large language model and AI inference providers, engaged under data processing agreements, for mandate compilation, dossier generation, and intelligence outputs.

Email delivery providers — transactional email services for account, billing, and mandate-related notifications.

Professional advisers — legal, accounting, and tax advisers on a need-to-know basis.

Authorities — courts, regulators, or other competent authorities where required by applicable law.

We do not sell personal data and we do not share personal data for third-party advertising.

Some of our recipients are located outside the European Economic Area, including in the United States. Where this is the case, we rely on the transfer mechanisms below:

Paddle. Paddle is headquartered in the United States with affiliates in the United Kingdom and Ireland. Transfers of personal data to Paddle entities outside the EEA are protected by the European Commission's Standard Contractual Clauses (Module 1, controller-to-controller) and the UK International Data Transfer Addendum where applicable, as set out in Paddle's Data Processing Agreement. Paddle's US entities are also self-certified under the EU-US Data Privacy Framework.

Other subprocessors. Transfers to AI processing providers, email delivery providers, and infrastructure subprocessors located outside the EEA are protected by the European Commission's Standard Contractual Clauses combined with appropriate supplementary technical and organizational measures.

You can request copies of the relevant transfer safeguards by contacting caroline@deepli-ai.com.

We retain personal data for the duration of your active engagement with Deepli and for up to 36 months thereafter, unless you request earlier deletion. Records that we are required by law to keep — for example, accounting records — are retained for the period required by applicable Belgian and EU law.

Under the GDPR, you have the right to access your personal data, correct inaccurate data, request erasure, restrict processing, request data portability, object to processing based on legitimate interests, and withdraw any consent you have given. To exercise any of these rights, contact caroline@deepli-ai.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit / Autorité de protection des données) or with the supervisory authority of your country of residence.

We implement appropriate technical and organizational measures to protect personal data, including row-level security, encrypted storage, encryption in transit, scoped access controls, audit logging, and regular review of subprocessor security posture.

Deepli uses only functional session cookies necessary to keep you signed in and to operate the platform. We do not use analytics cookies or advertising trackers. Because we use only strictly necessary cookies, no cookie consent banner is required under the ePrivacy Directive.

Deepli is not directed to children under 16 and we do not knowingly collect personal data from children. If you believe we have collected such data, please contact caroline@deepli-ai.com and we will delete it.

We may update this Privacy Policy from time to time. Material changes will be notified by email or in-product notice. The "Last updated" date at the top of this page reflects the most recent revision.

This Privacy Policy is governed by Belgian law. Any disputes are subject to the jurisdiction of the courts of Bruges, Belgium, without prejudice to any mandatory consumer protection or supervisory rights you may have in your country of residence.

For any privacy-related questions: caroline@deepli-ai.com