Privacy Policy

This Privacy Policy explains how E&EL Global Inc. (“E&EL Global”, “we”, “us”, or “our”), the company that operates the DealScope platform at ghoststream.exact-it.net (the “Service”), collects, uses, shares, and protects personal data.

1. Our role: controller and processor

DealScope is a business-to-business service used by organizations (“Customers”) and their authorized users.

• As a processor. When a Customer uploads, imports, or generates content in the Service — including details about its own company, products, prospects, contacts, competitors, intel documents, and meetings (“Customer Content”) — the Customer is the data controller and E&EL Global processes that data on the Customer’s behalf and instructions. The Customer is responsible for having a lawful basis to provide any personal data (for example, the names, emails, and roles of prospect contacts) and for responding to the rights requests of those individuals.
• As a controller. For account registration data, billing data, website-visitor data, and our own security and product-improvement logs, E&EL Global is the data controller.

Where E&EL Global acts as a processor, our processing is also governed by the agreement (and any Data Processing Addendum) between us and the Customer; that agreement prevails over this Policy to the extent of any conflict.

2. Data we collect

Account & profile data

• Company name, company website/domain, industry, and your work email address;
• An encrypted (hashed) password — we never store passwords in plain text;
• Subscription, trial, and plan status.

Customer Content you create or import

• Your company foundation: positioning, objectives, products, and buyer personas;
• Prospect organizations and their contacts (name, business email, role/title, notes);
• Competitor records and uploaded or web-sourced intelligence documents;
• Research, opportunity signals, and battlecards generated from the above;
• Data you choose to import from a connected CRM (e.g., HubSpot companies and contacts);
• Meeting and call data: scheduled meetings, and — where you enable it — recordings, transcripts, and AI analysis of calls our assistant joins.

Usage & technical data

• Log data such as IP address, browser type, pages/actions, and timestamps, used for security, debugging, and service operation;
• A first-party authentication cookie (see Cookies).

We do not knowingly collect special-category data, and we ask Customers not to upload sensitive personal data (e.g., health, payment-card, or government-ID data) into free-text fields or documents.

3. How we use data

• To provide, operate, secure, and improve the Service;
• To authenticate users and verify work-email ownership at sign-up;
• To generate the Service’s outputs — research dossiers, prospect discovery, competitor analysis, battlecards, briefs, and call analysis — at the Customer’s direction;
• To send transactional emails (verification, notifications, support);
• To prevent fraud and abuse and to comply with legal obligations.

Our legal bases (where GDPR/UK GDPR applies) are: performance of a contract, our legitimate interests in operating and securing the Service, your consent where required, and compliance with legal obligations.

4. AI processing

The Service uses third-party large-language-model and search APIs (including AI services provided by Google LLC) to analyze content and generate outputs. Content sent to these APIs is processed to return a result to you. Under the applicable enterprise/API terms of these providers, your prompts and content are not used to train the providers’ publicly-available foundation models. AI-generated outputs (e.g., discovered prospects, signals, and competitive analysis) are produced from web and provided data and may be incomplete or inaccurate; they are decision-support, not verified fact or professional advice.

5. Sub-processors

We use a limited set of vetted service providers to run the Service. Current categories include:

A current list of sub-processors is maintained on our Sub-processors page. We require sub-processors to protect personal data under terms no less protective than this Policy. Business customers can also review our Data Processing Addendum.

6. How we share data

We do not sell personal data. We share it only: (a) with the sub-processors above to operate the Service; (b) with the Customer’s own authorized users within the same workspace; (c) with providers you explicitly connect (e.g., your CRM or calendar); (d) where required by law or to protect rights and safety; and (e) in connection with a merger, acquisition, or asset sale, subject to this Policy.

7. Cookies

We use a single first-party, strictly-necessary cookie (gs_admin) to keep you signed in. We do not use third-party advertising or cross-site tracking cookies. Because our cookie is essential to the Service, it is set when you log in; you can clear it any time via your browser.

8. International data transfers

We and our sub-processors may process data in countries other than your own, including the United States. Where required, such transfers are made under appropriate safeguards (such as the European Commission’s Standard Contractual Clauses). E&EL Global Inc. is incorporated in the State of Delaware, USA; our processing locations are described above and available on request.

9. Data retention

We retain personal data for as long as a Customer’s account is active and as needed to provide the Service, then delete or anonymize it within a commercially reasonable period after account closure, unless a longer period is required by law. Customers can delete most Customer Content (companies, contacts, competitors, documents) directly in the app at any time; deletion cascades to related records.

10. Security

We protect data with measures including: encryption of traffic in transit (HTTPS/TLS) and of data at rest; password hashing; per-tenant data isolation so one Customer cannot access another’s data; email-verified onboarding; access controls; and network/media protections. No method of transmission or storage is 100% secure, but we work to protect your data and to notify affected parties of incidents as required by law. To report a vulnerability, contact security@ghoststream.exact-it.net.

11. Your rights

Depending on your location (e.g., EEA/UK GDPR, or U.S. state laws such as the CCPA/CPRA), you may have the right to access, correct, delete, port, or restrict processing of your personal data, to object to certain processing, and to withdraw consent. You will not be discriminated against for exercising these rights.

• If your data is in a Customer’s workspace (e.g., you are a prospect contact a Customer added), please direct your request to that Customer (the controller); we will assist them as their processor.
• For data we control (your account, our logs), contact us at contact@eel-global.com and we will respond within the timeframe required by applicable law.

12. Children

The Service is for business use and is not directed to anyone under 18. We do not knowingly collect personal data from children.

13. Changes to this Policy

We may update this Policy from time to time. We will post the revised version here with a new “Last updated” date and, for material changes, provide additional notice as required.

14. Contact us

E&EL Global Inc., a company incorporated in the State of Delaware, USA (Registration No. 10241883; Tax ID 39-2947497).
Registered office: 16192 Coastal Highway, Lewes, Delaware 19958, County of Sussex, USA.
Privacy enquiries: contact@eel-global.com
General: hello@ghoststream.exact-it.net
Security: security@ghoststream.exact-it.net

Terms of Service →