What is DSCR in SBA 7(a) deal modelling?

DSCR (Debt Service Coverage Ratio) is Cash Flow Available for Debt Service (CFADS) divided by annual debt service. The SBA requires a minimum 1.25× DSCR. CFADS is not EBITDA — you must subtract market-rate replacement salary, taxes, working capital, and CapEx. Deal14 calculates DSCR automatically from your deal inputs.

How much equity injection does SBA 7(a) require for an acquisition?

SBA SOP 50 10 8 requires a minimum 10% equity injection of Total Project Cost (TPC), not Enterprise Value. The seller note can count toward the 10% if it is on full standby for the entire SBA loan term. Deal14 tracks SBA equity injection compliance automatically.

What is a BRIDGE score?

BRIDGE is Deal14's proprietary deal quality score (0–10) that combines Business quality, Recurring revenue, Income consistency, Deal structure, Governance/operations, and Equity value. It gives searchers a single number to compare deals across different sectors and sizes.

What is the difference between IOI and LOI in an acquisition?

An IOI (Indication of Interest) is a non-binding preliminary expression of interest submitted before full due diligence. An LOI (Letter of Intent) is a more detailed non-binding offer submitted after initial diligence, typically including price, structure, exclusivity, and key terms. Deal14 generates both documents from your deal model.

What is a self-funded searcher?

A self-funded searcher is an individual who searches for and acquires a small business using their own capital and SBA 7(a) debt financing, without raising a traditional search fund from investors. They typically target businesses with $500K–$2M EBITDA in the lower middle market.

← Back to Deal14

Deal14

Privacy Policy

Effective date: May 5, 2026

Deal14 ("we", "us", "our"), a product of EnovixPro LLC, is an M&A deal modelling platform for SBA 7(a) acquisitions. This Privacy Policy explains what information we collect, how we use it, and your rights. By using Deal14, you agree to the practices described here.

1. Information We Collect

We collect information you provide directly when you create an account and use Deal14:

Account information: your name, email address, and password.
Deal data: business financials (revenue, EBITDA, P&L statements, balance sheets), deal structure inputs, valuation assumptions, and analyst notes you enter into the platform.
Personal financial data: if you use the Personal Finances panel, information such as net worth, assets, liabilities, and equity injection amounts. This data is stored in your deal record and visible to any deal partners you have granted access.
Usage data: pages visited, features used, session duration, and error logs, collected automatically to improve the service.
Session replay data: we use LogRocket to record anonymised session replays (page interactions, UI events, and console errors) for diagnosing bugs and improving product quality. LogRocket does not capture passwords, payment card data, or the contents of file uploads. Session replays are accessible only to Deal14 staff.
Analytics data: aggregate usage statistics (page views, referrers, device type) collected via Vercel Analytics. Vercel Analytics does not use cookies and does not track individual users across sites.
Payment information: billing details processed by Stripe (we never store your full card number — see Section 6).

2. How We Use Your Information

We use the information we collect to:

Provide, operate, and improve the Deal14 platform.
Authenticate your account and maintain session security.
Calculate deal models, DSCR projections, and valuation outputs.
Process payments and manage your subscription through Stripe.
Send transactional emails (account confirmation, password reset, trial start/end notices) via Resend.
Send product update and feature announcement emails to trial and subscribed users (you may unsubscribe at any time).
Diagnose technical issues and monitor platform reliability.
Comply with applicable legal obligations.
Improve community benchmarks (with your consent only — see Community Benchmarks below).

We do not use your deal data to train machine learning models or sell to third parties.

2a. Community Benchmarks (Optional, Opt-In)

Deal14 operates an optional community benchmark programme. If you choose to opt in (via the new deal creation screen or Settings → Account), we collect and aggregate anonymized deal metrics from your deals to improve sector benchmarks displayed to all users.

What is collected (anonymized only):

Sector (e.g. IT Services, Ecommerce)
Revenue range (bucketed — e.g. $1M–$2M, not exact figures)
EBITDA margin range (bucketed)
Transaction multiple range (bucketed)
Deal type (asset vs equity, SBA vs non-SBA)

What is never collected: deal name, company name, asking price, owner identity, contact information, or any other personally identifying information.

Participation is entirely voluntary. You can change your preference at any time via Settings → Account → Community benchmarks. Withdrawing consent stops future collection; previously contributed anonymized data may remain in aggregate benchmark calculations as it cannot be individually identified or removed.

Deal14 is a US-based product serving US residents only — SBA 7(a) loans require borrowers to be US citizens or lawful permanent residents. This data sharing operates under a default opt-in model consistent with US law. Under CCPA, this constitutes sharing of anonymized, non-personal aggregate data and does not constitute a "sale" of personal information. You can opt out at any time via Settings.

3. AI Features and Data Sharing with Third-Party LLMs

Important: When you use AI Analysis or AI Data Room Extraction features, the deal data you have entered — including financial figures, business descriptions, and analyst notes — is transmitted to a third-party large language model (LLM) API for processing.

Specifically:

All AI features run through Deal14's platform API. Your deal data is sent to Anthropic's Claude API for processing. Anthropic's data handling is governed by Anthropic's privacy policy at anthropic.com/privacy.
We do not permanently store the content of AI prompts or responses beyond what is needed to complete the request and log credit usage.

By using AI features, you acknowledge that deal data will leave Deal14's infrastructure and be processed by a third-party LLM provider. If your deals are subject to NDAs or strict confidentiality obligations, please review Anthropic's data handling policy before using AI features, or use Privacy Mode to redact sensitive identifiers before running analysis.

4. Data Storage and Infrastructure

Your account data and deal data are stored in a PostgreSQL database hosted by Supabase, Inc. (US-based). Supabase is SOC 2 Type II certified.
Document uploads (Data Room) are stored in Supabase Storage (S3-compatible object storage).
Deal14 is deployed on Vercel's edge infrastructure. Vercel collects aggregate analytics (see Section 1).
All data is transmitted over encrypted connections (TLS 1.2+).
Deal14 does not currently offer data residency selection — all data is stored in the United States.

5. Cookies and Local Storage

Deal14 uses:

Authentication cookies set by Supabase to maintain your login session. These are strictly necessary and cannot be disabled without logging out.
Browser localStorage to store UI preferences such as privacy mode state and onboarding completion flags. This data never leaves your device.
No third-party advertising or tracking cookies.
Vercel Analytics uses a privacy-first approach with no cookies and no cross-site tracking.

Because we use only strictly necessary cookies and a cookieless analytics solution, a cookie consent banner is not required. If this changes, we will update this policy and add appropriate consent mechanisms.

6. Payment Processing

Payments are processed by Stripe, Inc. Deal14 does not store your credit card number, CVV, or full billing details. Stripe operates as an independent data controller for payment information. Stripe's privacy policy is available at stripe.com/privacy.

We store your Stripe Customer ID to manage subscriptions and credit purchases, and we receive webhook notifications from Stripe confirming payment outcomes.

7. Data Sharing

We do not sell, rent, or share your personal data or deal data with third parties for their own marketing purposes. We share data only as follows:

Service providers: Supabase (database and storage), Vercel (hosting and analytics), Stripe (payments), Resend (transactional email), Anthropic (AI features — see Section 3), LogRocket (session replay — see Section 1).
Legal compliance: if required by law, court order, or regulatory authority.
Business transfer: in the event of a merger or acquisition, your data may transfer to the successor entity subject to the same privacy commitments.

8. Data Retention and Deletion

Your account and deal data are retained for as long as your account is active.
You may delete individual deals at any time from within the platform.
To request full account deletion, use Settings → Account → Delete Account. Deletion is immediate and permanent — all deals, documents, and personal data are erased. You will receive a confirmation email.
Stripe transaction records are retained per Stripe's standard retention policy (typically 7 years for financial compliance). This is outside our control.
Supabase Auth logs may be retained for up to 90 days for security purposes.

9. Security

We implement reasonable technical and organisational measures to protect your data, including encrypted connections (TLS 1.2+), row-level security (RLS) on all database tables, API key segregation, and HTTP security headers (X-Frame-Options, X-Content-Type-Options, Strict-Transport-Security, Content-Security-Policy). However, no system is completely secure. You are responsible for maintaining the confidentiality of your account password and any API keys you store in the platform.

Session replay data collected by LogRocket is processed under LogRocket's Data Processing Agreement and stored on LogRocket's infrastructure. LogRocket is GDPR-compliant. LogRocket's privacy policy is available at logrocket.com/privacy.

10. Your Rights (GDPR — EEA/UK Users)

If you are located in the European Economic Area or United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR) or UK GDPR:

Right of access (Article 15): request a copy of the personal data we hold about you.
Right to rectification (Article 16): request correction of inaccurate personal data.
Right to erasure (Article 17): request deletion of your personal data ("right to be forgotten"). You can exercise this directly via Settings → Account → Delete Account, or by emailing privacy@deal14.com.
Right to restriction of processing (Article 18): request that we limit how we use your data in certain circumstances.
Right to data portability (Article 20): request your data in a machine-readable format. Email privacy@deal14.com to request a data export.
Right to object (Article 21): object to processing of your personal data for direct marketing purposes. You may unsubscribe from marketing emails at any time using the unsubscribe link in any email.
Right to lodge a complaint: you have the right to lodge a complaint with your local supervisory authority.

To exercise any of these rights, email privacy@deal14.com. We will respond within 30 days. We may ask you to verify your identity before processing your request.

Our legal basis for processing: (a) contractual necessity — to provide the platform you signed up for; (b) legitimate interests — platform security, fraud prevention, and service improvement; (c) legal obligation — compliance with applicable laws.

11. Your Rights (CCPA — California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:

Right to know: you may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, our business purpose for collecting it, and the categories of third parties we share it with.
Right to delete: you may request deletion of personal information we have collected. See Section 8 for how to delete your account and data.
Right to opt out of sale: Deal14 does not sell personal information to third parties. You do not need to opt out.
Right to non-discrimination: we will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, email privacy@deal14.com with the subject line "CCPA Request". We will respond within 45 days.

12. Children's Privacy

Deal14 is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact privacy@deal14.com and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice within the platform at least 14 days before changes take effect. Continued use of Deal14 after changes take effect constitutes acceptance of the revised policy.

14. Contact

For privacy-related questions, data deletion requests, or to exercise your rights:

Email: privacy@deal14.com
Subject line for data requests: "Privacy Request — [your email]"
Entity: EnovixPro LLC, New Jersey, United States
Product: deal14.com