Privacy Policy

Effective date: April 7, 2026

1. What We Collect

  • Account information — email address, full name, and hashed password when you register.
  • Deal data — business listing details you enter or capture via the Chrome extension (asking price, revenue, SDE, business type, location, and other financial fields).
  • AI-generated content — investment memos and copilot chat responses generated from your deal data.
  • Usage data — basic server access logs (request path, timestamp, response status) for reliability and security monitoring. We do not use third-party analytics trackers.
  • Waitlist submissions — email address and signup source if you join a product waitlist.

2. How We Use Your Data

  • To provide the SBA underwriting and deal analysis service.
  • To generate AI-powered investment memos and copilot responses.
  • To send transactional emails (password reset, account notifications).
  • To compute anonymized, aggregate market intelligence benchmarks (no individual deal data is exposed to other users).
  • To notify you about product launches if you joined a waitlist.

3. Chrome Extension

The runSDE Chrome extension reads listing page content from supported business-for-sale marketplaces (BizBuySell, BizQuest, Flippa, Acquire.com, and others) only when you explicitly activate it by clicking the extension icon or the “Capture” button.

  • The extension does not collect browsing history or track pages you visit.
  • The extension does not run in the background or passively read page content.
  • Captured listing data is sent to runSDE servers for analysis and stored in your account.

4. Data Sharing

We do not sell, rent, or share your personal data or deal information with third parties. Deal data may be sent to OpenAI or other LLM providers solely to generate analysis and memos on your behalf — subject to their data processing agreements.

5. Data Retention & Deletion

Your account and deal data are retained as long as your account is active. You can archive or delete individual deals at any time. To delete your entire account and all associated data, contact us at privacy@runsde.com.

6. Security

Passwords are hashed with bcrypt. Authentication uses signed JWTs with key rotation support. All traffic is encrypted via TLS. Server access is gated by environment-aware CORS policies and security headers.

7. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or an in-app notice. Continued use of the service after changes constitutes acceptance of the updated policy.

8. Contact

For privacy-related questions or data deletion requests, email privacy@runsde.com.