1. Introduction
SpeedRun Founder ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our platform. This policy complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Lei Geral de Proteção de Dados (LGPD), and other applicable data protection laws worldwide.
2. Data Controller
SpeedRun Founder operates as the data controller for personal information collected through our platform. For data protection inquiries, contact us at: arturnegru@gmail.com
3. Information We Collect
3.1 Information You Provide
- Account Information: Email address, name, password (encrypted)
- Profile Data: Interests, skills, experience level (selected during onboarding)
- Content: Startup ideas, prompts sent to AI, notes, and progress data
- Payment Information: Processed securely by Stripe (we do not store credit card details)
- Communications: Messages with other users, support requests
3.2 Automatically Collected Information
- Usage Data: Pages visited, features used, time spent on platform
- Device Information: IP address, browser type, operating system, device identifiers
- Cookies: Session cookies, preference cookies (see Cookie Policy)
- Location Data: Approximate location based on IP address (for timezone and regional compliance)
4. How We Use Your Information
We use your personal data for the following purposes:
- Service Provision: To provide access to our platform, process AI prompts, and deliver personalized recommendations
- Payment Processing: To process payments via Stripe for AI usage and wallet top-ups
- Personalization: To match you with compatible founders, mentors, and provide tailored guidance based on your profile
- Communication: To send service updates, respond to support requests, and provide platform notifications
- Analytics: To improve our platform, understand user behavior, and optimize features
- Legal Compliance: To comply with legal obligations, prevent fraud, and enforce our terms
5. Legal Basis for Processing (GDPR)
For users in the EU/EEA, we process your data based on:
- Consent: When you accept our Terms and Privacy Policy
- Contract Performance: To provide the services you requested
- Legitimate Interest: To improve our platform and prevent fraud
- Legal Obligation: To comply with applicable laws and regulations
6. Data Sharing and Disclosure
We share your data only in the following circumstances:
- Service Providers: Supabase (database), Stripe (payments), OpenAI (AI processing), hosting providers
- Other Users: Profile information visible to matched connections (with your consent)
- Legal Requirements: When required by law, court order, or government request
- Business Transfers: In case of merger, acquisition, or asset sale (users will be notified)
We never sell your personal data to third parties for marketing purposes.
7. International Data Transfers
Your data may be transferred to and processed in countries outside your residence, including the United States. We ensure appropriate safeguards through Standard Contractual Clauses (SCCs) and select service providers with GDPR-compliant data processing agreements.
8. Your Privacy Rights
Depending on your location, you have the following rights:
All Users:
- Access: Request a copy of your personal data
- Correction: Update or correct inaccurate information
- Deletion: Request deletion of your data ("Right to be Forgotten")
- Data Portability: Receive your data in a structured, machine-readable format
EU/EEA Users (GDPR):
- Object to Processing: Object to processing based on legitimate interests
- Restrict Processing: Limit how we use your data
- Withdraw Consent: Withdraw consent at any time (does not affect prior processing)
- Lodge a Complaint: File a complaint with your local data protection authority
California Users (CCPA/CPRA):
- Know: Request disclosure of collected personal information
- Delete: Request deletion of personal information
- Opt-Out: Opt-out of "sale" of personal information (we do not sell data)
- Non-Discrimination: Equal service regardless of privacy choices
To exercise your rights, contact us at arturnegru@gmail.com or use the privacy controls in your account settings.
9. Data Retention
We retain your personal data only as long as necessary to provide our services and comply with legal obligations. Account data is retained while your account is active. After account deletion, we may retain certain data for up to 90 days for legal and fraud prevention purposes, then permanently delete it. You can request immediate deletion by contacting us.
10. Data Security
We implement industry-standard security measures:
- Encryption in transit (TLS/SSL) and at rest
- Regular security audits and vulnerability assessments
- Access controls and authentication protocols
- Secure cloud infrastructure (Supabase, Vercel)
- PCI-DSS compliant payment processing (Stripe)
While we take reasonable precautions, no system is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.
11. Children's Privacy
Our platform is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us immediately.
12. Cookies and Tracking
We use cookies and similar technologies to enhance your experience. For detailed information, see our Cookie Policy.
13. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes via email or platform notification. Continued use of the platform after changes constitutes acceptance of the updated policy.
14. Contact Us
For questions, concerns, or to exercise your privacy rights, contact us at:
15. Supervisory Authority
EU/EEA users have the right to lodge a complaint with their local data protection supervisory authority if they believe their data protection rights have been violated.