Privacy Policy

Your Privacy Matters

At Founders360 ("we", "us", "our"), we are committed to protecting your personal data and being transparent about how we process it. This policy applies to all users of the Founders360 platform.

Last updated: February 10, 2026

1. Information We Collect

Account Information — name, email address, password (hashed), company name, and role when you register.

Business & Operational Data — company profile details, financial projections, cap table data, documents, market research inputs, and any other content you enter into our AI agents.

Usage Data — pages visited, features used, timestamps, browser type, device identifiers, and IP address collected automatically for analytics and security.

Payment Data — billing name and payment method details are processed and stored by our payment processor, Stripe. We do not store full card numbers on our servers.

AI Interaction Data — prompts, queries, and AI-generated responses created during your use of our AI agents. These may be sent to third-party language model providers for processing (see Section 4).

2. Purpose & Legal Basis for Processing

Under the GDPR (Articles 6 and 9), we process your personal data on the following lawful bases:

  • Contract performance — to provide the Founders360 platform, create your account, and deliver AI-powered features.
  • Legitimate interest — to improve our services, prevent fraud, and ensure platform security.
  • Consent — for optional analytics cookies and marketing communications. You may withdraw consent at any time.
  • Legal obligation — to comply with applicable tax, accounting, and regulatory requirements.

3. Data Sharing & Sub-Processors

We never sell your personal data. We share data only with the following categories of trusted service providers, each bound by Data Processing Agreements (DPAs):

ProviderPurposeData Shared
Google (Gemini API)AI inferencePrompts & business context
StripePayment processingBilling info, email
RailwayBackend hostingAll server-side data
VercelFrontend hostingStatic assets, analytics
Neon / PostgreSQLDatabaseAll stored user data

4. AI-Specific Disclosure

Founders360 uses third-party large language models (currently Google Gemini) to power its AI agents. When you use an AI feature:

  • Your prompts and relevant business context are sent to the model provider for processing.
  • We do not use your data to train third-party AI models. Our API agreements prohibit this.
  • AI-generated outputs are not professional advice. They are clearly labelled as such.
  • You retain ownership of all content you create using AI features.
Important: AI outputs from our Legal and Financial agents are not substitutes for professional legal, financial, or tax advice. Always consult a qualified professional.

5. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), the UK, or similar jurisdictions, you have the following rights:

  • Right of Access — request a copy of the personal data we hold about you.
  • Right to Rectification — request correction of inaccurate data.
  • Right to Erasure — request deletion of your account and associated data ("right to be forgotten"). You can do this from your Profile → Account settings.
  • Right to Data Portability — request your data in a machine-readable format.
  • Right to Restrict Processing — request that we limit how we use your data.
  • Right to Object — object to processing based on legitimate interest or for direct marketing.
  • Right to Withdraw Consent — withdraw consent for optional processing at any time, without affecting prior processing.

To exercise any of these rights, email us at privacy@founders360.io. We will respond within 30 days.

6. Data Retention & Portability

  • Active accounts: Data is retained for the lifetime of your account.
  • Deleted accounts: After you request deletion, your data is soft-deleted and fully purged within 30 days.
  • Payment records: Retained for 7 years to comply with tax and accounting obligations.
  • Server logs: Automatically deleted after 90 days.
  • Data portability: You can download all of your data at any time from Profile → Account → Download My Data (GDPR Article 20).

7. Cookies

We use the following types of cookies:

  • Essential cookies — required for authentication and security (e.g., session tokens). These do not require consent.
  • Analytics cookies — help us understand usage patterns. Enabled only with your consent via our cookie banner.

You can manage cookie preferences at any time through your browser settings or our cookie consent banner.

8. International Data Transfers

Your data may be transferred to and processed in countries outside the EEA, including the United States (where our hosting providers operate). We ensure adequate safeguards through Standard Contractual Clauses (SCCs) approved by the European Commission and by selecting providers that participate in recognised data protection frameworks.

9. Security Measures

We implement industry-standard security measures including:

  • TLS/SSL encryption for all data in transit
  • AES-256 encryption for data at rest
  • Bcrypt password hashing with salting
  • Role-based access controls for internal systems
  • Regular security audits and vulnerability scanning

10. Account Deletion

You can delete your account at any time from Profile → Account → Delete Account. Upon deletion, we will soft-delete your account and all associated data. After a 30-day grace period (during which you can contact us to restore your account), all personal data is permanently purged from our systems. Payment records may be retained as required by law.

AI Processing Consent: During signup you consent to your data being processed by AI models (e.g. OpenAI, Google) to generate insights. You may withdraw this consent at any time by contacting privacy@founders360.io; however, withdrawing consent may limit your ability to use AI-powered features.

11. Children's Privacy

Founders360 is not intended for use by individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will take steps to delete such information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice on our platform. Your continued use of the service after such changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us:

Founders360

Email: privacy@founders360.io

If you are in the EEA and are not satisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority.