Privacy Policy

1. Introduction and Scope

This Privacy Policy ("Policy") governs the collection, use, processing, storage, and disclosure of personal information by K4 Minds LLP ("Company," "VenturePulse," "we," "our," or "us"), a Delaware corporation, in connection with our AI-powered business intelligence platform available at https://venturepulse.app and all associated services, features, and applications (collectively, the "Service").

Effective Date and Consent: This Policy is effective as of the date last updated above. By accessing or using our Service, you acknowledge that you have read, understood, and consent to the data practices described in this Policy. If you do not agree with this Policy, please do not use our Service.

Scope and Application: This Policy applies to all users of the Service, regardless of geographic location, and supplements our Terms of Service. It covers personal information collected through our website, mobile applications, and any other digital touchpoints.

Controller Information: K4 Minds LLP acts as the data controller for personal information collected through the Service. For users in the European Union, United Kingdom, or other jurisdictions with specific data protection laws, additional rights and protections may apply as described in this Policy.

Updates and Changes: We may update this Policy from time to time to reflect changes in our practices, legal requirements, or Service features. Material changes will be communicated through the Service or via email, and continued use constitutes acceptance of the updated Policy.

2. Information We Collect

We collect information that you provide directly to us, information we obtain automatically when you use our Service, and information from third-party sources. The categories of information we collect include:

2.1 Personal Information

Information that identifies you as an individual or relates to an identifiable individual:

• Full name and email address (via Firebase Authentication and Google OAuth)
• Profile information (company name, job title, industry, professional role)
• LinkedIn profile data (if you choose to connect, including name, headline, location, experience)
• Payment information (processed securely by third-party providers, we store only masked card details)
• Communication preferences and notification settings
• Profile photos and avatar images
• Phone number (if provided for account verification)
• Professional certifications and credentials (if shared)

2.2 Business and Proprietary Information

Information related to your business activities and ideas:

• Business ideas, concepts, and descriptions you submit for AI analysis
• Market research queries, preferences, and search history
• Financial projections, business model information, and revenue data
• Pitch deck content, presentations, and slide materials
• Social networking profile information and connection data
• Forum posts, comments, and community interactions
• Event attendance and RSVP information
• Direct messages and private communications
• Business partnerships and collaboration data

2.3 Usage and Behavioral Data

Information about how you interact with our Service:

• Pages visited, features used, and navigation patterns
• Time spent on different sections and session duration
• Analysis requests, results viewed, and export activities
• Search queries, filters applied, and sorting preferences
• Click-through rates and user interface interactions
• Feature usage statistics and engagement metrics
• A/B testing participation and variant assignments
• Error logs and performance metrics

2.4 Technical and Device Information

Technical information collected automatically:

• IP address and approximate geographic location
• Device identifiers, browser type, and version
• Operating system and device specifications
• Screen resolution and display capabilities
• Cookies, local storage, and similar tracking technologies
• HTTP headers and request/response data
• Network connection information and ISP details
• Timestamp data and timezone information

2.5 Third-Party Information

Information we receive from third-party sources:

• LinkedIn profile data (with your explicit consent)
• Payment processing information from payment providers
• Email deliverability and engagement data
• Security and fraud prevention information
• Analytics and performance data from service providers
• Public business information and market data

3. How We Use Your Information

We use your personal information for the following purposes, based on the legal grounds indicated:

3.1 Service Provision and Performance

Legal Basis: Contract performance and legitimate interests

• Provide and deliver our AI-powered business analysis services
• Generate personalized market research and recommendations
• Process and analyze business ideas and concepts
• Create and manage pitch decks and presentations
• Facilitate social networking features and professional connections
• Enable forum participation and community interactions
• Provide customer support and technical assistance
• Manage user accounts and authentication

3.2 Payment Processing and Subscription Management

Legal Basis: Contract performance and legal obligation

• Process payments and manage subscription billing
• Handle refunds and payment disputes
• Maintain payment history and transaction records
• Comply with financial regulations and tax requirements
• Prevent payment fraud and unauthorized transactions

3.3 Service Improvement and Analytics

Legal Basis: Legitimate interests

• Analyze usage patterns and user behavior to improve services
• Conduct A/B testing and feature experimentation
• Develop new features and enhance existing functionality
• Optimize AI algorithms and machine learning models
• Monitor service performance and reliability
• Generate aggregate analytics and business intelligence

3.4 Security and Fraud Prevention

Legal Basis: Legitimate interests and legal obligation

• Ensure platform security and prevent unauthorized access
• Detect and prevent fraud, abuse, and security threats
• Monitor for suspicious activities and policy violations
• Maintain audit logs and security incident records
• Implement and maintain cybersecurity measures

3.5 Communications and Marketing

Legal Basis: Consent and legitimate interests

• Send important service updates and notifications
• Provide customer support communications
• Send marketing communications (with your consent)
• Notify about new features and service improvements
• Deliver personalized content and recommendations

3.6 Legal Compliance and Business Operations

Legal Basis: Legal obligation and legitimate interests

• Comply with applicable laws and regulations
• Respond to legal requests and government inquiries
• Enforce our Terms of Service and other policies
• Maintain business records and corporate governance
• Facilitate business transfers or restructuring
• Protect our rights and interests in legal proceedings

4. AI Processing and Data Usage

VenturePulse utilizes advanced artificial intelligence and machine learning technologies to provide our services. This section explains how we use AI and how your data is processed:

4.1 AI Technologies Used

• OpenAI GPT Models: Business ideas and content are processed by OpenAI's language models for analysis, recommendations, and content generation
• Perplexity AI: Pro users benefit from enhanced market research through Perplexity's web search capabilities
• Proprietary AI Systems: We develop and maintain our own AI models for specialized business analysis
• Machine Learning Algorithms: We use ML for user matching, content recommendations, and service optimization

4.2 Data Processing for AI

When you use our AI-powered features:

• Your business information is temporarily processed by AI systems to generate analyses
• AI processing occurs in secure, encrypted environments with appropriate access controls
• We implement data minimization principles, processing only necessary information
• AI systems are regularly updated and monitored for accuracy and bias
• Processing logs are maintained for quality assurance and troubleshooting

4.3 Third-Party AI Providers

Our use of third-party AI services:

• Data Protection: We have data processing agreements with all AI providers
• Training Restrictions: Your specific data is not used to train third-party AI models
• Regional Processing: We ensure data is processed in appropriate jurisdictions
• Retention Limits: Third-party providers have strict data retention limitations
• Security Standards: All providers meet enterprise-grade security requirements

4.4 AI-Generated Content

• AI-generated content is based on your input combined with publicly available information
• You retain ownership of your input data and the right to use AI-generated outputs
• Similar outputs may be generated for other users with similar inputs
• AI-generated content is provided for informational purposes and may contain errors
• We continuously improve AI accuracy through feedback and model updates

4.5 Data Safeguards and Controls

• End-to-end encryption for data transmission to AI systems
• Access controls and authentication for AI processing systems
• Regular security audits of AI infrastructure and processes
• Data anonymization and pseudonymization where technically feasible
• Incident response procedures for AI-related data breaches
• Compliance monitoring for AI processing activities

5. Information Sharing and Disclosure

We do not sell, rent, or lease your personal information to third parties. We may share your information only in the following limited circumstances:

5.1 Service Providers and Processors

We engage trusted third-party service providers who process data on our behalf under strict contractual obligations:

• Firebase (Google) for authentication and database services
• OpenAI for AI analysis processing (data not used for training)
• Perplexity AI for enhanced market research (Pro users only)
• Payment processors for subscription management
• Cloud hosting providers for secure infrastructure

All service providers are contractually bound to protect your data and may not use it for their own purposes.

5.2 Legal and Regulatory Requirements

We may disclose your information when required by law or in good faith belief that such disclosure is necessary to:

• Comply with legal process, court orders, or government requests
• Protect our rights, property, and safety or that of our users
• Prevent fraud, abuse, or security threats
• Enforce our Terms of Service
• Investigate potential violations of law

5.3 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of the transaction. You will be notified of any such change and your rights regarding your personal information.

5.4 Aggregated and De-identified Data

We may share aggregated, de-identified, or anonymized data that cannot reasonably be used to identify you for research, analytics, or business purposes.

6. Data Security and Protection

We implement robust technical, administrative, and physical security measures to protect your information, including:

• AES-256 encryption for data in transit and at rest
• Multi-factor authentication and secure identity management
• Regular security audits and penetration testing
• Role-based access controls and least privilege principles
• SOC 2 Type II compliant cloud infrastructure
• Automated security monitoring and incident response
• Regular security training for all personnel
• Data loss prevention and backup systems

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security and you use the Service at your own risk.

7. Data Retention and Deletion

We retain your information only as long as necessary for legitimate business purposes or as required by law:

• Account information: Until account deletion or 3 years after last login
• Business analysis data: 7 years after last access for legal compliance
• Usage logs: 2 years for security and analytics purposes
• Payment records: 7 years as required by financial regulations
• Marketing communications: Until you unsubscribe or 2 years of inactivity
• Legal hold data: Until resolution of legal matters

Automated Deletion: We use automated systems to delete data when retention periods expire. Some data may be retained in backups for up to 90 days after deletion.

8. Your Rights and Choices

Subject to applicable law, you have the following rights regarding your personal information:

• Access: Request a copy of your personal information we hold
• Correction: Update or correct inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Limit how we process your personal information
• Objection: Object to processing based on legitimate interests
• Opt-out: Unsubscribe from marketing communications
• Withdraw consent: Revoke consent for data processing where consent is the legal basis

Exercising Your Rights: To exercise these rights, contact us using our Privacy & Data Protection inquiry form. We will respond within 30 days (or as required by applicable law). We may need to verify your identity before processing requests.

Limitations: Some rights may be limited by applicable law or our legitimate business interests. We will explain any limitations when responding to your request.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

• Essential cookies: Required for basic functionality
• Performance cookies: Help us understand usage patterns
• Preference cookies: Remember your settings and preferences
• Analytics cookies: Provide insights into user behavior

You can manage cookie preferences through your browser settings.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including:

• Compliance with applicable data protection laws
• Contractual protections with service providers
• Industry-standard security measures

11. Children's Privacy

VenturePulse is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our website
• Updating the "Last updated" date
• Sending email notifications for significant changes

21. Contact Information and Data Protection Officer

If you have any questions about this Privacy Policy or our data practices, please contact us:

General Privacy Inquiries:
Contact Form (Privacy & Data Protection)
Support: Contact Form (Technical Support)
General Contact: https://venturepulse.app/contact

Data Protection Officer (EU/UK users):
Contact Form (Privacy & Data Protection)
Response Time: 30 days

16. Data Breach Response and Incident Management

Incident Response: We maintain a comprehensive incident response plan to address potential data breaches or security incidents:

• 24/7 monitoring systems to detect potential security incidents
• Rapid response team activation within 1 hour of incident detection
• Immediate containment and mitigation procedures
• Forensic investigation and root cause analysis
• Notification to relevant authorities within 72 hours (where required)
• User notification for high-risk incidents affecting personal data

Breach Notification: In the event of a data breach that poses a risk to your rights and freedoms, we will notify you without undue delay, including information about the nature of the breach, potential consequences, and measures taken to address it.

17. Data Subject Rights and Requests

Exercise of Rights: You may exercise your data protection rights by contacting us through our dedicated privacy contact form. We will respond to your request within 30 days (or as required by applicable law).

Identity Verification: We may need to verify your identity before processing certain requests to protect your personal information from unauthorized access.

Request Processing: We will process your requests free of charge, unless they are manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request.

Technical Limitations: Some rights may be subject to technical limitations or may conflict with other legal obligations. We will explain any limitations when responding to your request.

18. Third-Party Integrations and Services

Third-Party Services: Our Service integrates with various third-party platforms and services. This section outlines how we handle data in these integrations:

• LinkedIn Integration: Profile data is imported with your explicit consent and stored securely
• Payment Processors: Payment data is processed by certified PCI-DSS compliant providers
• Analytics Services: We use analytics tools to understand service usage and performance
• Cloud Infrastructure: Data is stored on secure cloud platforms with appropriate safeguards
• Support Tools: Customer support communications may be processed by third-party platforms

Data Processing Agreements: We maintain data processing agreements with all third-party service providers that process personal data on our behalf, ensuring they meet our privacy and security standards.

19. California Consumer Privacy Act (CCPA) Rights

California Residents: If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about personal information we collect, use, and share
• Right to Delete: Request deletion of your personal information (subject to certain exceptions)
• Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
• Right to Correct: Request correction of inaccurate personal information
• Right to Data Portability: Receive your personal information in a portable format

Personal Information Categories: We collect and process the categories of personal information described in Section 2 of this Policy for the business purposes outlined in Section 3.

20. Regulatory Compliance

This Privacy Policy is designed to comply with applicable privacy laws, including:

• GDPR: General Data Protection Regulation (EU)
• CCPA: California Consumer Privacy Act
• CPRA: California Privacy Rights Act
• PIPEDA: Personal Information Protection and Electronic Documents Act (Canada)
• Other applicable privacy laws and regulations

Supervisory Authority: EU/UK users may lodge complaints with their local data protection authority. US users may contact the FTC or relevant state attorney general.

Effective Date: This Privacy Policy is effective as of the "Last updated" date above and applies to all information collected on or after that date.

17. Legal Basis for Processing (EU/UK Users)

We process your personal information based on the following legal bases:

• Contract: Processing necessary for service delivery
• Legitimate Interests: Service improvement, security, and business operations
• Consent: Marketing communications and optional features
• Legal Obligation: Compliance with applicable laws