StartOpX

Legal

Privacy Policy

Effective date: April 22, 2026

StartOpX Inc. (“StartOpX”, “we”, “our”, or “us”) respects your privacy. This Privacy Policy describes how we collect, use, share, and protect your personal information when you use the StartOpX platform, websites, mobile applications, APIs, and related services (collectively, the “Service”).

By using the Service you acknowledge the practices described below. If you do not agree, please do not use the Service. Capitalized terms not defined here have the meanings given in our Terms of Service.

1. Who This Policy Applies To

This policy applies to individuals who visit our marketing site, create an account, use the Service, contact our support team, or otherwise interact with us. If you use StartOpX on behalf of an organization, the organization is a joint controller of certain account data for its users.

2. Information We Collect

We collect the following categories of information:

  • Account information. Name, email address, password (stored hashed), profile photo, role, company, country, and communication preferences.
  • Founder / business profile. Information you provide about your startup, ideas, market, team, and financials as part of idea validation, pitch-deck generation, mvp creation, and investor matching.
  • Content you submit or generate. Documents, images, prompts, AI-generated outputs, outreach messages, and any files you upload.
  • Payment information. Billing address, plan, and subscription status. Payment card details are collected and stored by our payment processor, Stripe, and are never stored on our servers.
  • Technical information. IP address, device and browser identifiers, operating system, referring URLs, feature-usage events, timestamps, diagnostic logs, and crash reports.
  • Cookies and similar technologies. Cookies, local storage, and similar technologies used for authentication, preferences, analytics, and abuse prevention.
  • Communications. Messages you send to us via email, in-app chat, or support channels.

3. How We Use Your Information

We use personal information to:

  • provide, maintain, and secure the Service, including authenticating you, personalizing your experience, and delivering the features you request;
  • run AI-powered idea validation, market analysis, pitch-deck generation, investor matching, and growth analytics;
  • process subscriptions, handle payments, send invoices, and manage failed-payment recovery (see Terms of Service for the 24-hour grace period);
  • send service-related notifications, product updates, security alerts, and transactional emails;
  • with your permission, send marketing messages you can unsubscribe from at any time;
  • detect, prevent, and respond to abuse, fraud, policy violations, and security incidents;
  • measure and improve the Service through aggregated analytics and product research;
  • comply with applicable laws and enforce our agreements.

4. Legal Bases for Processing (EEA / UK)

If you are located in the European Economic Area, the United Kingdom, or another jurisdiction that requires a legal basis, we rely on the following bases:

  • Performance of a contract — to provide the Service you have signed up for;
  • Legitimate interests — to secure, improve, and market the Service, where those interests are not overridden by your rights;
  • Consent — for non-essential cookies, marketing emails, and certain optional features (you may withdraw consent at any time);
  • Legal obligation — to comply with tax, accounting, and other legal requirements.

5. How We Share Your Information

We do not sell your personal information. We share information only in the limited circumstances below.

  • Service providers. We rely on trusted vendors that process data on our behalf under contractual protections, including:
    • Stripe — payment processing and subscription management;
    • Google Cloud Platform and Firebase — hosting, storage, and application infrastructure;
    • Google AI (Gemini) and similar providers — AI model inference for content and analysis;
    • Email-delivery providers — transactional and marketing email;
    • Analytics and error-monitoring providers — product and reliability insights.
  • Investors and third parties you initiate contact with. When you use outreach or application features, we transmit the information you choose (for example, your pitch deck or application) to the investor or organization you selected.
  • Legal and safety. We may disclose information if we reasonably believe it is necessary to comply with law, legal process, or lawful government requests; to enforce our Terms; to protect the rights, property, or safety of StartOpX, our users, or the public; or to detect or prevent fraud or security issues.
  • Business transfers. If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction, subject to appropriate safeguards.

6. AI Processing

When you use AI features, the relevant portion of Your Content (such as a prompt, idea description, or supporting document) is sent to our AI model providers for inference. We select providers that offer enterprise-grade data-handling commitments.

  • We do not use Your Content to train public or third-party foundation models without your explicit consent.
  • AI Outputs are probabilistic and may contain errors. You are responsible for reviewing them before relying on them for any business, legal, financial, or investment decision.
  • We may use aggregated and de-identified data (with no personal identifiers) to evaluate, debug, and improve the Service.

7. Cookies and Similar Technologies

We use three categories of cookies:

  • Essential — required for authentication, security, and core functionality. These cannot be disabled.
  • Preferences — remember your settings (for example, theme and locale).
  • Analytics — help us understand how the Service is used so we can improve it. You may opt out via your browser controls or any cookie-preference tool we provide.

8. Data Retention

We keep personal information only as long as we need it.

  • Account data — while your account is active, plus up to 90 days after closure to allow recovery, dispute resolution, and security review.
  • Your Content — until you delete it or your account is closed. After closure we delete or anonymize it within 90 days unless a longer period is required by law.
  • Billing and tax records — retained for up to 7 years to comply with tax, accounting, and audit obligations.
  • Security and fraud logs — retained for a limited period needed for investigations and legal defense.

9. How We Protect Your Information

We use administrative, technical, and organizational safeguards designed to protect your information, including encryption in transit (TLS) and at rest, principle-of-least- privilege access controls, multi-factor authentication for administrative access, continuous monitoring, and regular security reviews. No method of transmission or storage is 100% secure; if we become aware of a breach affecting your information we will notify you as required by law.

10. International Data Transfers

StartOpX operates globally and uses infrastructure and vendors that may be located outside your country. Where we transfer personal information from the EEA, UK, or Switzerland to a country not recognized as providing an adequate level of protection, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses and supplementary measures where required.

11. Your Rights

Subject to applicable law, you have the following rights regarding your personal information:

  • Access — request a copy of the personal information we hold about you;
  • Rectification — request correction of inaccurate or incomplete data;
  • Deletion — request that we delete your personal information, subject to legal retention requirements;
  • Portability — request a machine-readable copy of data you provided;
  • Restriction or objection — restrict or object to certain processing;
  • Withdraw consent — where processing is based on consent;
  • Complain — lodge a complaint with your local supervisory authority.

To exercise any of these rights, email privacy@startopx.com from the address associated with your account. We may need to verify your identity before fulfilling your request and will respond within the period required by applicable law (typically 30 days).

12. California Residents (CCPA / CPRA)

If you are a California resident, you have the right to know what personal information we collect, use, and disclose; to request correction or deletion; to opt out of the “sale” or “sharing” of personal information (StartOpX does not sell or share your personal information as those terms are defined under the CCPA/CPRA); and not to be discriminated against for exercising your rights. To submit a request, email privacy@startopx.com.

13. Children’s Privacy

The Service is not directed to children. We do not knowingly collect personal information from anyone under 13 years of age, and account creation requires you to be at least 18. If you believe a child has provided us with personal information, please contact privacy@startopx.com and we will take appropriate steps to delete it.

14. Third-Party Links

The Service may contain links to third-party websites, including investor profiles and external tools. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any information.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other reasons. When we make material changes, we will update the “Effective date” above and, where appropriate, notify you by email or in-app. Your continued use of the Service after the update becomes effective constitutes your acceptance of the updated policy.

16. Contact Us

If you have any questions about this Privacy Policy or our data practices:

For our registered mailing address or to reach our Data Protection point of contact, email privacy@startopx.com.