Privacy Policy
Last updated: 20 March 2026 (updated AI processing disclosure — Section 5.5)
1. Who We Are
DealSim is operated by [Your Name / Company],
[Street Address], [City, Postal Code], Germany.
Contact: privacy@dealsim.org
(Data controller within the meaning of Art. 4(7) GDPR. Update this section with your legal name and registered address before going live.)
2. What Data We Collect
| Data | Purpose | Legal Basis |
|---|---|---|
| Negotiation session content (messages, scores, scenario choice) | Provide the simulation service; generate your scorecard | Art. 6(1)(b) GDPR — performance of the service you requested |
| Email address (only if you voluntarily enter it in the feedback form) | Respond to your feedback | Art. 6(1)(a) GDPR — your consent |
| Analytics events (page views, feature usage, session completion) | Understand which features are used; improve the product | Art. 6(1)(f) GDPR — legitimate interest in product improvement |
| IP address (in server access logs) | Rate limiting; abuse prevention | Art. 6(1)(f) GDPR — legitimate interest in security |
We do not collect names, payment information, precise location, or device fingerprints.
3. How Data Is Stored
- Session data and analytics are written to server-side JSONL log files.
- Log files are rotated and auto-deleted on a regular schedule.
- There is no user-account system — sessions are identified by random, non-trackable IDs.
4. Cookies & Local Storage
DealSim does not set any cookies.
We use your browser's localStorage
solely to save your score history on your own device. This data never leaves your browser
and you can clear it at any time via the app's "Clear History" button or your browser settings.
5. Third-Party Sharing
We do not sell or transfer your data to any third party for advertising or commercial purposes. There are no third-party analytics services, advertising networks, or tracking pixels on this site.
Negotiation message content is transmitted to an external AI language model provider solely to generate opponent responses. This is described in full in Section 5.5 below.
5.5 AI Processing Disclosure
DealSim offers an AI-powered negotiation mode (MiroFish engine) in addition to a rule-based engine. When the AI mode is active, your negotiation messages are processed by an external large language model (LLM) to generate realistic opponent responses.
- AI-generated responses are simulated and do not constitute professional advice.
- If only the rule-based engine is used (Basic Mode), no data is sent to any external AI provider.
Third-Party AI Processing
| Provider | AI language model provider (currently DeepSeek; subject to change — this section will be updated if the provider changes) |
| Data sent | Negotiation messages and scenario context only |
| Data NOT sent | Personal information, email address, IP address, session history, or any other identifying data |
| Retention | Messages are processed in real-time and not stored by the LLM provider. DealSim does not use negotiation content to train AI models. |
| Legal basis | Art. 6(1)(f) GDPR — legitimate interest. Processing is limited to what is strictly necessary to deliver the AI opponent functionality you have actively selected. |
The LLM provider acts as a data processor under Art. 28 GDPR. Appropriate data processing agreements are in place.
6. No Cross-Border Font Loading
This site does not load fonts from external services (such as Google Fonts). All fonts are served locally or use your operating system's default fonts. No IP address is transmitted to third-party font providers.
7. Server Location
All data is processed and stored on servers located in Frankfurt, Germany, operated by UpCloud Ltd. Data does not leave the European Union.
Sub-processor: UpCloud Ltd, Aleksanterinkatu 15 B, 00100 Helsinki, Finland. UpCloud acts as a data processor under Art. 28 GDPR. Data processing location: Frankfurt, Germany (EU).
8. Your Rights
Under the GDPR you have the right to:
- Access — request a copy of any data we hold about you
- Rectification — correct inaccurate data
- Erasure — request deletion of your data ("right to be forgotten")
- Restriction — limit how we process your data
- Data portability — receive your data in a machine-readable format
- Object — object to processing based on legitimate interest
- Withdraw consent — at any time, where processing is based on consent
To exercise any of these rights, email privacy@dealsim.org. We will respond within 30 days.
How to request deletion:
- For session data: email privacy@dealsim.org with your session ID (shown at the end of each negotiation).
- For localStorage data: use the "Clear History" button in the app or clear your browser data.
- Deletion requests are processed within 30 days.
You also have the right to lodge a complaint with a supervisory authority. In Germany, the relevant authority depends on your state (Bundesland). For Munster/NRW: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW), Kavalleriestr. 2–4, 40213 Düsseldorf, https://www.ldi.nrw.de.
9. Data Retention
- Chat session data: 90 days after the session ends, then automatically deleted.
- Server access logs (IP addresses): 7 days.
- Feedback emails: retained until addressed, then deleted within 30 days.
- Analytics event data: 12 months, then aggregated and anonymized.
- localStorage data: persists on your device until you clear it.
10. Changes to This Policy
If we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this page periodically.
© 2026 DealSim. All rights reserved.