1. Who We Are

StartupAI LLC ("we," "us," or "our") is a Florida limited liability company that operates the website at startupai.site and the product application at app.startupai.site. This policy describes how we collect, use, and protect your personal data. As a US-based company, we do not currently have an EU representative appointed under GDPR Article 27. If you are an EU resident with data protection questions, please contact us directly using the details below.

For questions about this policy or to exercise your data rights, contact us.

2. Data We Collect

Account data

When you sign up, we collect your name, email address, and authentication credentials. If you sign up with a third-party provider (e.g., Google), we receive your name and email from that provider.

Project data

When you use StartupAI, you provide information about your startup idea, market hypotheses, customer profiles, and validation evidence. This data is stored in our database and processed by our automated validation systems to generate structured analysis.

Usage data

We collect analytics data including page views, feature usage, and session information through PostHog. This helps us understand how the product is used and improve it.

Contact and waitlist data

If you submit the contact form or join our waitlist, we collect your name, email, and any message you provide. Contact form submissions are processed through Formspree.

3. How We Use Your Data and Legal Basis

Under GDPR Article 6, each processing activity requires a lawful basis. We process your data as follows:

• Provide and operate the platform— legal basis: contract performance (necessary to deliver the service you signed up for)
• Process startup data through our automated validation systems — legal basis: contract performance
• Send account-related communications— legal basis: contract performance and legitimate interests (keeping you informed about your account)
• Respond to support requests — legal basis: contract performance
• Product analytics via PostHog — legal basis: legitimate interests (understanding product usage to improve the service). You may opt out via cookie preferences.
• Prevent fraud and abuse — legal basis: legitimate interests

We do not sell your personal data. We do not use your project data to train AI models. Your startup ideas and validation data remain yours.

4. Data Sharing

We share data only with the following service providers, each operating under a data processing agreement:

• Supabase— database hosting
• Netlify— website hosting and serverless functions
• Modal— AI processing infrastructure
• Anthropic— AI model provider. Project data may be sent to Anthropic for analysis. Anthropic states that retained customer API data is not used for model training unless the customer gives express permission. See Anthropic's API data retention documentation for details.
• PostHog— product analytics
• Formspree— contact form processing
• Stripe— payment processing (we do not store credit card numbers)

We may also disclose data if required by law or to protect our legal rights.

5. Data Retention

We retain your account and project data for as long as your account is active. If you delete your account, we will delete your personal data and project data within 30 days, except where we are required to retain it for legal or compliance purposes.

Analytics data is retained in aggregated, anonymized form indefinitely.

6. Your Rights

Depending on your location, you may have the following rights under applicable data protection laws (including GDPR and CCPA):

• Access— request a copy of the data we hold about you
• Correction— request correction of inaccurate data
• Deletion— request deletion of your data
• Portability— request your data in a machine-readable format
• Objection— object to processing based on legitimate interests
• Restriction— request restriction of processing

To exercise any of these rights, contact us. We will respond within 30 days.

7. Cookies

We use essential cookies for authentication and session management, which are necessary for the service to function. PostHog uses first-party cookies for analytics; these are non-essential and load only after you click Accept in the cookie banner. If you click Decline, PostHog stays off on later visits unless stored site data is cleared. We do not use third-party advertising cookies.

8. Security

We use industry-standard security measures including encrypted data transmission (TLS), encrypted data at rest, and role-based access controls. However, no system is perfectly secure, and we cannot guarantee absolute security.

9. Children

StartupAI is not directed at children under 16. We do not knowingly collect data from children under 16 (the digital consent age under GDPR) or under 13 (the age threshold under the US Children's Online Privacy Protection Act, COPPA). If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes

We may update this policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "last updated" date. For changes that materially affect how we process your personal data, we will seek your active consent where required by GDPR, rather than relying on continued use of the service.

11. Contact

For questions about this privacy policy or your data, contact us.