← Back to app

Privacy Policy

Last updated: May 12, 2025

1. Overview

This Privacy Policy describes how Valsoft Corporation ("Valsoft", "we", "us", or "our") collects, uses, and protects information in connection with the Valsoft M&A CRM (the "Application"). The Application is an internal tool used exclusively by authorised Valsoft employees to manage acquisition pipeline data.

2. Who can access this Application

Access is restricted to individuals with a verified @valsoftcorp.com email address who have been explicitly invited by a Valsoft administrator. The Application is not available to the general public.

3. Information we collect

We collect the following categories of information:

  • Account information: your name and @valsoftcorp.com email address, used to authenticate you and attribute deal activity.
  • Deal and pipeline data: information about acquisition targets entered by Valsoft employees, including company names, financial metrics, and deal stage notes.
  • Gmail OAuth tokens: if you choose to connect your Gmail account via the Gmail outreach feature, we store OAuth access and refresh tokens associated with your Google account solely for the purpose of sending emails on your behalf. We do not read, store, or analyse the contents of your Gmail inbox.
  • Sent email records: subject lines, recipient addresses, and body text of outreach emails sent through the Application, stored for deal activity logging purposes.
  • Usage data: activity logs within the Application (e.g. stage changes, notes added) for audit and collaboration purposes.

4. How we use your information

Information collected is used solely to:

  • Authenticate and authorise access to the Application
  • Enable collaboration on M&A pipeline data among Valsoft team members
  • Send outreach emails from your connected Gmail account when you initiate them
  • Maintain an audit trail of deal activity

We do not sell, share, or disclose your information to third parties except as required by law or as necessary to operate the Application (e.g. Supabase for database hosting).

5. Gmail API usage

The Application uses the Gmail API with the gmail.send scope to send outreach emails on your behalf. We comply with the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Gmail access to send emails that you explicitly compose and initiate.
  • We do not read, scan, or process the contents of your Gmail inbox.
  • We do not use Gmail data for advertising or any purpose other than sending deal outreach emails.
  • You can disconnect your Gmail account at any time via Settings → Gmail outreach → Disconnect.

6. Data storage and security

All data is stored in a Supabase (PostgreSQL) database with row-level security policies ensuring each user can only access data appropriate to their role. The database is hosted on infrastructure provided by Supabase, Inc. and is encrypted at rest and in transit.

Document attachments are stored in Supabase Storage in a private bucket accessible only to authenticated Valsoft employees.

7. Data retention

Data is retained for as long as necessary to support Valsoft's acquisition pipeline activities. Employees may request deletion of their personal account data by contacting the system administrator.

8. Your rights

As a Valsoft employee using this internal tool, you may request access to, correction of, or deletion of your personal data by contacting the Application administrator at m.assi@valsoftcorp.com.

9. Changes to this policy

We may update this Privacy Policy from time to time. The date at the top of this page reflects the most recent revision. Continued use of the Application after changes constitutes acceptance of the updated policy.

10. Contact

For questions about this Privacy Policy, contact m.assi@valsoftcorp.com.

© 2026 Valsoft Corporation. Internal use only.