Privacy Policy

How we protect, use, and manage your personal information

Last updated: 11/10/2025

1. Introduction

VenturePulse ("we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered business intelligence platform.

Effective Date: This policy is effective as of the date posted on our website and applies to all users of the VenturePulse service.

Scope: This Privacy Policy applies to all personal data processed by VenturePulse through our website, applications, and services.

Data Controller: K4 Minds LLP ("VenturePulse") is the data controller responsible for your personal information.

Policy Updates: We may update this Privacy Policy from time to time. Material changes will be communicated through email or prominent notice on our service.

2. Information We Collect

We collect several types of information from and about users of our Service, including:

2.1 Personal Information You Provide

Information you directly provide to us:

  • Account Information: Name, email address, password, profile picture
  • Profile Data: Professional background, company information, industry, role
  • Contact Information: Email, phone number (optional), professional links
  • Payment Information: Billing address, payment card details (processed securely through third-party payment processors)
  • LinkedIn Profile Data: When you connect LinkedIn, we collect your profile information with your explicit consent

2.2 Business Idea and Content Data

Information related to your business activities:

  • Business Ideas: Descriptions, concepts, and details you submit for analysis
  • Analysis Results: AI-generated analyses, insights, and recommendations
  • User-Generated Content: Comments, posts, messages, and forum contributions
  • Pitch Deck Content: Presentations and slides you create using our tools
  • Saved Ideas: Business concepts you save or bookmark for future reference

2.3 Usage and Activity Data

Information about how you interact with our service:

  • Feature Usage: Which features you use, how often, and for how long
  • Navigation Patterns: Pages visited, clicks, and navigation paths
  • Analysis History: Record of analyses performed and results viewed
  • Session Data: Login times, session duration, last activity timestamp
  • Interaction Data: Buttons clicked, forms submitted, files uploaded

2.4 Technical and Device Information

Information automatically collected when you access our service:

  • Device Information: Device type, operating system, browser type and version
  • IP Address: Your internet protocol address (anonymized for analytics)
  • Cookies and Tracking: Identifiers stored on your device (see Cookie Policy)
  • Location Data: General geographic location based on IP address (city/country level)
  • Performance Data: Page load times, errors, crashes, and technical diagnostics

2.5 Third-Party Data Sources

Information we receive from third-party services:

  • OAuth Providers: Data from Google, LinkedIn when you sign in using these services
  • Payment Processors: Transaction confirmations and payment status from our payment partners
  • Analytics Services: Aggregated usage statistics from analytics providers (with your consent)
  • Social Media: Publicly available profile information when you connect social accounts

3. How We Use Your Information

We use your information for specific business purposes, each with a legal basis under GDPR and other data protection laws:

3.1 Service Provision and Fulfillment

Legal Basis: Contract Performance & Legitimate Interest

  • Create and manage your account
  • Process and deliver AI-powered business analysis
  • Generate pitch decks and presentations
  • Provide social networking and matching features
  • Facilitate connections with other users, investors, and founders
  • Enable communication features (messaging, forums, events)

3.2 Payment Processing and Billing

Legal Basis: Contract Performance & Legal Obligation

  • Process subscription payments and manage billing
  • Prevent fraud and ensure transaction security
  • Generate invoices and receipts
  • Manage subscription renewals and cancellations
  • Handle refund requests according to our policies

3.3 Service Improvement and Development

Legal Basis: Legitimate Interest & Consent

  • Analyze usage patterns to improve features and user experience
  • Develop and train AI models for better analysis quality
  • Test new features and conduct A/B testing
  • Identify and fix bugs and technical issues
  • Optimize performance and reliability

3.4 Security and Fraud Prevention

Legal Basis: Legitimate Interest & Legal Obligation

  • Detect and prevent unauthorized access and security breaches
  • Monitor for fraudulent activity and abuse
  • Enforce our Terms of Service
  • Protect intellectual property and user data
  • Maintain system security and integrity

3.5 Communications and Marketing

Legal Basis: Consent & Legitimate Interest

  • Send service notifications and account updates (always enabled)
  • Provide customer support and respond to inquiries
  • Send marketing communications about new features (with consent)
  • Share platform updates and community news (with consent)
  • Conduct user surveys and request feedback (optional participation)

3.6 Legal Compliance and Protection

Legal Basis: Legal Obligation & Legitimate Interest

  • Comply with legal obligations and regulatory requirements
  • Respond to legal requests, court orders, and law enforcement
  • Protect our legal rights and defend against legal claims
  • Enforce our Terms of Service and other agreements
  • Maintain records for compliance and audit purposes

4. AI Processing and Data Usage

VenturePulse uses artificial intelligence to provide comprehensive business analysis. Here's how your data is processed:

4.1 AI Technologies Used

  • Azure OpenAI (GPT Models): Primary AI engine for business analysis, market research, and content generation
  • Perplexity AI: Enhanced web search and real-time market data (Pro users only)
  • Proprietary AI Systems: Custom algorithms for scoring, matching, and specialized analysis

4.2 Data Processing by AI Systems

When you submit a business idea for analysis:

  • Your idea description is sent to AI providers (OpenAI, Perplexity) for processing
  • AI systems analyze your content to generate insights, recommendations, and reports
  • All data transmission is encrypted end-to-end (HTTPS/TLS)
  • AI providers are contractually bound to protect your data
  • Your specific business data is NOT used to train public AI models

4.3 Third-Party AI Provider Safeguards

Our AI partners have contractual agreements to:

  • Data Protection: Protect your data with enterprise-grade security measures
  • No Training: Not use your specific inputs for general model training
  • Confidentiality: Maintain strict confidentiality of your business information
  • Limited Retention: Retain processing data only for necessary operational periods
  • Compliance: Comply with GDPR, CCPA, and other applicable data protection laws

4.4 AI-Generated Content

  • AI outputs (analyses, recommendations) are provided to you for your use
  • You retain rights to AI-generated content based on your inputs
  • AI outputs may be similar for users with similar business ideas
  • We may use aggregated, anonymized insights to improve our AI systems
  • AI-generated content should be independently verified before business use

4.5 AI Data Safeguards

  • Regular security audits of AI processing pipelines
  • Data minimization: Only necessary data is sent to AI providers
  • Automatic data deletion policies with AI partners
  • Continuous monitoring for unauthorized access or data breaches
  • Compliance with AI-specific regulations and best practices

5. Data Sharing and Disclosure

We Do Not Sell Your Personal Data. We share your information only in specific circumstances:

5.1 Service Providers and Business Partners

We share data with trusted third-party service providers who assist us in operating our platform:

  • Cloud Infrastructure: Azure, AWS, or other cloud providers for hosting and storage
  • AI Services: OpenAI (Azure), Perplexity AI for enhanced analysis
  • Payment Processing: Polar.sh, Razorpay, or other payment processors for subscription billing
  • Authentication: Firebase for user authentication and identity management
  • Analytics: Google Analytics (with consent) for usage analytics and service improvement
  • Communication: Email service providers for transactional and marketing emails
  • Customer Support: Support ticket systems and CRM platforms

All service providers are contractually bound to protect your data and use it only for specified purposes.

5.2 Legal Requirements and Protection

We may disclose your information when required by law or to protect rights:

  • Compliance with legal obligations, court orders, or government requests
  • Enforcement of our Terms of Service and other agreements
  • Protection of our rights, property, and safety or that of our users
  • Investigation of fraud, security issues, or technical problems
  • Response to lawful requests from public authorities (law enforcement, regulatory agencies)

5.3 Business Transfers

If VenturePulse is involved in a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy. You will be notified via email and prominent notice on our service at least 30 days in advance.

5.4 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you. This includes statistical data about platform usage, industry trends, and general business insights. This data is used for research, marketing, and service improvement.

6. Data Security Measures

We implement comprehensive security measures to protect your information:

  • Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Access Controls: Role-based access control and principle of least privilege
  • Authentication: Multi-factor authentication available for user accounts
  • Monitoring: 24/7 security monitoring and intrusion detection systems
  • Regular Audits: Periodic security audits and vulnerability assessments
  • Secure Development: Secure coding practices and regular security training
  • Data Backup: Regular automated backups with secure storage
  • Incident Response: Comprehensive incident response plan and breach notification procedures

No Guarantee: While we implement industry-standard security measures, no system is completely secure. We cannot guarantee absolute security of your data.

7. Data Retention and Deletion

We retain your personal data only as long as necessary for legitimate business purposes:

  • Account Data: Retained while your account is active and for 90 days after account closure
  • Business Analysis Data: Retained for the duration of your subscription plus 90 days for recovery purposes
  • Payment Records: Retained for 7 years as required by tax and accounting regulations
  • Support Communications: Retained for 3 years for customer service quality and legal purposes
  • Analytics Data: Anonymized usage data retained for up to 26 months (Google Analytics)
  • Legal Hold: Data may be retained longer if required by law, legal proceedings, or regulatory investigations

Automated Deletion: We have automated systems to delete or anonymize data after retention periods expire. You may also request immediate data deletion (see Your Rights section).

8. Your Privacy Rights

Depending on your location, you have specific rights regarding your personal data:

  • Access: Request a copy of your personal data we hold
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data ("right to be forgotten")
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Request restriction of processing your data in certain circumstances
  • Object: Object to processing based on legitimate interests or for direct marketing
  • Withdraw Consent: Withdraw consent for processing where consent was the legal basis
  • Opt-Out: Opt-out of analytics tracking and marketing communications
  • Complaint: Lodge a complaint with your local data protection authority

Exercising Your Rights: To exercise any of these rights, please . We will respond to your request within 30 days (or as required by applicable law).

Limitations: Some rights may be limited by law or legitimate business interests. We may require identity verification before processing requests to protect your data.

9. Analytics and Data Collection

9.1 Analytics Consent

VenturePulse uses minimal analytics to improve our service. You have full control over your data sharing:

  • Essential only: No tracking, cookieless analytics for basic functionality
  • Accept analytics: Anonymous usage data to help us improve VenturePulse

9.2 What We Track (With Your Consent)

If you accept analytics, we collect:

  • Page views and navigation patterns (anonymized)
  • Feature usage and interaction data
  • Performance metrics and error reporting
  • A/B testing data for service improvements
  • Device type and browser information (no personal details)

What we NEVER do:

  • Sell your data to advertisers or third parties
  • Share personal information with marketing companies
  • Track you across other websites
  • Use invasive tracking technologies
  • Store personally identifiable information in analytics

9.3 Your Rights

  • Change anytime: Modify your consent preferences in settings
  • Data deletion: Request removal of all analytics data
  • Transparency: Full details of what data we collect and why
  • Opt-out: Use VenturePulse with essential-only tracking

9.4 Technical Implementation

We use Google Analytics 4 with privacy-focused configuration:

  • IP anonymization enabled
  • Data retention set to minimum required period
  • No cross-site tracking
  • No advertising features or remarketing
  • Anonymized user identifiers only

10. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

  • Essential cookies: Required for basic functionality (always active)
  • Preference cookies: Remember your settings and preferences
  • Analytics cookies: Only if you consent to analytics tracking
  • Performance cookies: Help us understand usage patterns (with consent)

You can manage cookie preferences through our consent banner or browser settings. Essential cookies cannot be disabled as they're required for the service to function.

11. International Data Transfers

VenturePulse operates globally and may transfer your data across borders for processing and storage:

  • Data may be transferred to and processed in the United States and other countries where our service providers operate
  • For EU/EEA users: We implement Standard Contractual Clauses (SCCs) approved by the European Commission
  • We ensure adequate data protection safeguards are in place for all international transfers
  • By using our service, you acknowledge and consent to international data transfers as described
  • You have the right to obtain information about transfer mechanisms and safeguards by contacting us

12. Children's Privacy

VenturePulse is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you are under 18, do not use this service or provide any information. If we learn we have collected information from a child under 18, we will delete it immediately. If you believe we have collected information from a child under 18, please contact us immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

  • Material changes will be communicated via email to registered users
  • Prominent notice will be posted on our service for at least 30 days before changes take effect
  • The "Last Updated" date at the top of this policy will be revised
  • Continued use of the service after changes constitutes acceptance of the updated policy
  • If you do not agree with changes, you may close your account before the changes take effect

21. Contact Information and Data Protection Officer

If you have any questions about this Privacy Policy or our data practices, please contact us:

General Privacy Inquiries:

Support:
General Contact:

Data Protection Officer (EU/UK users):

Response Time: 30 days

14. Data Breach Response and Notification

Incident Response: We have comprehensive incident response procedures in place:

  • Immediate containment and investigation of any suspected security breach
  • Assessment of breach scope, affected data, and potential risk to users
  • Notification to data protection authorities within 72 hours (where required by law)
  • Direct notification to affected users without undue delay
  • Coordination with law enforcement and regulatory authorities as appropriate
  • Post-incident analysis and implementation of additional security measures

Breach Notification: If a data breach affects your personal information, we will notify you by email and through in-app notification within 72 hours of discovering the breach, including information about the nature of the breach, potential consequences, and steps you should take to protect yourself.

15. Data Subject Rights (Detailed)

Exercising Your Rights: To exercise any data subject rights, submit a request through our contact form (Privacy & Data Protection category) or email our Data Protection Officer. We will verify your identity and process your request within 30 days (or as required by law).

Identity Verification: To protect your privacy, we may require additional information to verify your identity before processing data subject requests. This may include confirming account details, email verification, or other authentication methods.

Request Processing Timeline: We aim to respond to all requests within 30 days. For complex requests, we may extend this period by an additional 60 days with notice. You will receive confirmation of your request within 5 business days.

Technical Assistance: If you need assistance exercising your rights or have questions about the process, our support team is available through our contact form. We provide clear instructions and assistance throughout the process.

16. Third-Party Integrations and Services

Third-Party Services: VenturePulse integrates with various third-party services to enhance functionality. When you use these integrations, the third party's privacy policy also applies:

Data Processing Agreements: We maintain Data Processing Agreements (DPAs) with all third-party service providers that process personal data on our behalf. These agreements ensure GDPR, CCPA, and other regulatory compliance.

17. California Privacy Rights (CCPA/CPRA)

California Residents: If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request disclosure of personal information collected, used, disclosed, or sold in the past 12 months
  • Right to Delete: Request deletion of personal information (subject to certain exceptions)
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out: Opt-out of the "sale" or "sharing" of personal information (Note: We do not sell personal information)
  • Right to Limit: Limit use and disclosure of sensitive personal information
  • Non-Discrimination: Exercise privacy rights without discriminatory treatment

Categories of Personal Information: We collect identifiers, commercial information, internet activity, professional information, and inferences. See Section 2 (Information We Collect) for detailed categories. We do not sell personal information to third parties.

18. Regulatory Compliance and Certifications

VenturePulse is committed to compliance with international data protection regulations:

  • GDPR (General Data Protection Regulation): Full compliance for EU/EEA users with appropriate legal bases, data subject rights, and DPO appointment
  • CCPA/CPRA (California Consumer Privacy Act): Compliance with California privacy law requirements
  • UK GDPR: Compliance with United Kingdom data protection requirements
  • PIPEDA (Canada): Compliance with Canadian privacy law for Canadian users
  • SOC 2 Type II: (In progress) Independent audit of security, availability, and confidentiality controls

Data Protection Authority: Our lead supervisory authority under GDPR is [To be designated based on primary EU establishment]. EU users may lodge complaints with their local data protection authority.

Compliance Effective Date: This Privacy Policy reflects our ongoing commitment to privacy compliance. We continuously update our practices to meet evolving regulatory requirements.

19. Legal Basis for Processing (EU/EEA Users)

For users in the European Union and European Economic Area, we process your personal data based on the following legal grounds under GDPR:

  • Contract Performance (Article 6(1)(b)): Processing necessary to provide the service you requested (account creation, analysis delivery, subscription management)
  • Legitimate Interest (Article 6(1)(f)): Processing for fraud prevention, security, service improvement, and business analytics (we balance our interests against your rights)
  • Consent (Article 6(1)(a)): Marketing communications, non-essential analytics, and optional features (you can withdraw consent anytime)
  • Legal Obligation (Article 6(1)(c)): Processing required by law (tax records, regulatory compliance, legal requests)
  • Vital Interests (Article 6(1)(d)): Processing necessary to protect life or physical safety (emergency situations only)
    We use minimal analytics. Accept all or stay on essential-only (cookieless) tracking.