Deal Pipeline
by GowerCrowd

Deal Pipeline Privacy Policy

Effective Date: April 24, 2026

Deal Pipeline is an invite-only commercial real estate deal-screening application operated by Castlewell Properties DBA GowerCrowd (“GowerCrowd,” “we,” “us,” and “our”). This Privacy Policy explains what information we collect, why we collect it, how we use it, and how you can contact us about your data.

Information We Collect

Account information. When you sign in with Google, we receive basic profile information such as your name, email address, and profile image so we can authenticate you, enforce invite-only access, and show your account inside the app.

Google Gmail data. If you connect a Gmail inbox, Deal Pipeline requests the Google gmail.modify scope. This lets the app read messages selected for deal screening, inspect message metadata, apply labels, archive messages, mark messages as read after processing, and use Gmail labels for your workflow. The scope can also move messages to Gmail Trash; the current dashboard actions archive and apply labels. Deal Pipeline never permanently deletes Gmail messages bypassing Trash.

Email and deal data. We process broker email content, attachments, links, OCR text, sender and subject metadata, extracted property fields, screening scores, confidence levels, audit logs, and user-configured acquisition criteria.

Technical data. We collect ordinary operational data such as IP address, browser information, timestamps, request paths, and error logs to keep the service secure and reliable.

How We Use Information

  • to authenticate users and enforce admin-managed invite and role controls;
  • to connect Gmail or IMAP inboxes that users explicitly authorize;
  • to extract commercial real estate listing information from broker emails;
  • to score extracted deals against user-configured screening criteria;
  • to display deal rows, detail views, scan history, and processing logs in the dashboard;
  • to apply Gmail labels, archive messages, and mark processed Gmail messages as read;
  • to detect errors, prevent abuse, protect accounts, and maintain audit trails; and
  • to respond to support, security, and deletion requests.

Google User Data Limited Use

Deal Pipeline’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use Google user data only to provide and improve user-facing deal-screening features that you authorize.

We do not sell Google user data. We do not use Gmail content for advertising. We do not use Gmail content to build advertising profiles. We do not transfer Google user data to third parties except as needed to provide the app, comply with law, protect users, or with your explicit direction.

Service Providers

We use infrastructure and processing providers to operate the app. These providers process data only to support Deal Pipeline:

  • Google OAuth and Gmail APIs for authentication and Gmail access;
  • Vercel for hosting and request logging;
  • Supabase Postgres for application data, audit logs, and encrypted credential storage;
  • LLM and OCR providers to extract structured deal information from authorized email content;
  • Firecrawl or similar fetch services to retrieve linked offering material when needed; and
  • email and security tooling used for account support and incident response.

Storage and Security

Gmail OAuth tokens and IMAP passwords are encrypted at rest with AES-256-GCM before storage. Service-role credentials and encryption keys are server-side only and are not exposed in the browser. Application data is stored in Supabase Postgres in the United States. Access is restricted by user role and organization.

No internet service can guarantee perfect security, but we use HTTPS, secure cookies, database access controls, audit logging, server-side credential handling, and request filtering to reduce risk.

Retention and Deletion

We retain account, email metadata, extracted deal fields, screening criteria, and audit logs while your organization uses Deal Pipeline or as needed for security, compliance, and support. You can disconnect an email account from Settings. To request account or organization data deletion, contact security@gowercrowd.com.

Your Choices

  • You can choose not to connect an inbox.
  • You can disconnect an email account from Settings.
  • You can ask an admin to revoke your app access.
  • You can request deletion of your account and associated records.

Children

Deal Pipeline is a business application and is not intended for children under 13. We do not knowingly collect information from children.

Changes to This Policy

We may update this Privacy Policy as the product, providers, or legal requirements change. The effective date above shows when this page was last materially updated.

Contact

Questions, security reports, and data requests can be sent to security@gowercrowd.com.

Copyright 2026— ADAM GOWER PH.D. — All Rights Reserved