Privacy Policy

1. Information We Collect

We collect information in the following categories:

a) Account Information

When you register or sign in, we collect your email address and a unique user identifier. We use Google Firebase Authentication, which may also collect your profile name and profile photo if you sign in via a third-party provider (e.g., Google OAuth).

b) Startup & Audit Information

When you submit an audit, we collect the information you voluntarily provide: your startup name, description, target customer (ICP), pricing model, competitor URLs, landing page URL, and current stage. This information is used solely to generate your audit result and store it in your audit history.

c) Usage Data

We automatically collect data about how you interact with the Service, including the number of audits you have run, your subscription plan, and timestamps of activity. This is used to enforce usage limits and improve the product.

d) Payment Information

Payments are processed by Dodo Payments, our third-party payment processor. We do not collect or store your card number, CVV, bank account details, or any other sensitive payment information. We only receive a confirmation of successful payment and your subscription plan status from Dodo Payments. Please review Dodo Payments' privacy policy for information on how they handle your payment data.

e) Technical & Log Data

Like most web services, our servers and infrastructure may automatically log your IP address, browser type, operating system, referring URL, and pages visited. This data is used for security monitoring, debugging, and analytics. It is not linked to your personal identity for marketing purposes.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To create and maintain your account
• To generate AI-powered startup audit results based on the information you provide
• To store and display your audit history in your personal dashboard
• To enforce usage limits (free tier vs. Pro) and process subscription upgrades
• To apply rate limiting to protect service stability and prevent abuse
• To send you transactional emails related to your account (e.g., payment confirmation) — we do not send unsolicited marketing emails
• To improve, debug, and develop the Service
• To comply with legal obligations

3. What We Do NOT Do

• We do not sell your data to any third party, ever.
• We do not use your startup information to train AI models. Your audit inputs are sent to our AI provider (Anthropic or OpenAI) solely to generate your result and are not retained by us for model training.
• We do not share your personal data with advertisers or data brokers.
• We do not send marketing emails or newsletters without your explicit consent.

4. How We Share Your Information

We share your data only with trusted third-party service providers necessary to operate the Service:

• Google Firebase / Firestore — We use Firebase Authentication and Firestore (Google Cloud) to store user accounts and audit data. Your data is secured with server-side security rules and authentication checks. Google's privacy practices apply.
• Anthropic / OpenAI — Your startup information is sent to our AI provider's API to generate audit results. We use Anthropic's Claude or OpenAI's models. Please refer to their respective privacy policies regarding API data handling. We do not send personally identifying information (name, email) to the AI provider.
• Dodo Payments — Our payment processor. They handle your card data securely under their own PCI-DSS compliance. We only receive a payment status and your plan tier.
• Vercel — Our hosting provider. They may process request logs. Vercel's privacy policy applies.

We may also disclose your information if required by law, regulation, legal process, or governmental request.

5. Data Retention

We retain your account and audit data for as long as your account is active. If you request deletion of your account, we will delete your personal data and audit history within 30 days, except where we are required to retain it for legal or compliance reasons (e.g., payment records for tax purposes).

Rate-limit records (which contain only your user ID and a request count) are automatically expired after the rate-limit window (1 hour) and are not used for any other purpose.

6. Data Security

We implement appropriate technical and organizational security measures to protect your data:

• All data in transit is encrypted via HTTPS/TLS.
• Firestore security rules enforce that users can only access their own data — no user can read another user's audits.
• All API routes require valid Firebase authentication tokens before processing requests.
• We never store payment card details — all payment processing is delegated to Dodo Payments.

Despite these measures, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request that we correct inaccurate or incomplete data.
• Deletion: Request deletion of your account and associated data ("right to be forgotten").
• Portability: Request a machine-readable export of your audit data.
• Objection: Object to certain types of processing.

To exercise any of these rights, please contact us at rajkateshiya.rk12@gmail.com. We will respond within 30 days.

8. Cookies & Tracking

We use minimal cookies and local storage necessary to operate the Service:

• Authentication session cookies — set by Firebase Authentication to keep you signed in.
• Preference data — stored in browser local storage for UI state (no personal data).

We do not use advertising cookies, cross-site tracking, or third-party analytics services that track you across the web.

9. Public Share Pages

If you choose to use the "Share" feature on an audit result, a public URL is generated that anyone can access without authentication. This shared page contains your audit scores, the startup description you submitted, and the AI-generated feedback. You share this link voluntarily. You can stop sharing at any time by deleting the audit from your dashboard.

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. If changes are material, we will notify you via email or a prominent notice on the Service. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us: