Privacy Policy
Last updated: March 2026 — Version 1.0
StartupAces, Inc. (“StartupAces”, “we”, “our”, “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the StartupAces platform and services (the “Service”).
1. Data We Collect
We collect information in the following categories:
Account & Profile Information
- Name, email address, and password (stored hashed)
- Company name, LinkedIn profile URL, and website
- Profile photo and biography
- Area(s) of expertise (Advisors) or industry and stage (Startups)
- Engagement preferences (rates, availability, engagement type)
Interview & Matching Data
- Interview responses and transcripts generated during the onboarding flow
- Vector embeddings of your interview responses, generated using OpenAI's API and stored in Pinecone, used for AI-powered matching
- Match scores and recommendations generated by our matching algorithm
- Feedback provided after matches and engagements
Engagement & Transaction Data
- Engagement agreements and milestones (facilitated via DocuSign)
- Messages and communications between Startups and Advisors on the platform
- Payment information processed by Stripe (we do not store full card numbers; Stripe handles payment data under its own privacy policy)
- Transaction history and payout records
Usage & Technical Data
- IP address, browser type, operating system, and device identifiers
- Pages visited, features used, and time spent on the Service
- Referral source and search terms used to find the Service
- Error logs and performance data used to improve the Service
2. Third-Party Processors
We share data with the following third-party service providers (“Processors”) to operate the Service. Each Processor is bound by a data processing agreement and handles your data only as instructed by StartupAces:
| Processor | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Email, billing info |
| SendGrid | Transactional email | Email, name |
| OpenAI | Interview processing & embeddings | Interview transcripts |
| Pinecone | Vector storage for matching | Anonymized embeddings |
| DocuSign | Agreement e-signatures | Name, email, document content |
| AWS | Cloud hosting & storage | All platform data (encrypted) |
We do not sell your personal information to third parties for their own marketing purposes.
3. Data Retention
We retain your data for as long as necessary to provide the Service and comply with legal obligations:
- Active account data:Retained for the lifetime of your account plus 90 days after termination.
- Transaction records:Retained for 7 years to comply with financial regulations.
- Interview transcripts:Retained for 2 years after account termination, then permanently deleted.
- Vector embeddings:Deleted within 30 days of account termination.
- Usage logs:Retained for 90 days for security and debugging purposes.
- Backup data:Retained for up to 30 days after deletion from the primary database.
4. Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal information. California residents have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).
- Right to Know: You may request a copy of the personal information we hold about you and information about how we collect, use, and share it.
- Right to Correct: You may request that we correct inaccurate personal information about you.
- Right to Delete: You may request that we delete your personal information, subject to certain exceptions (e.g., legal compliance, active engagements).
- Right to Data Portability: You may request a machine-readable copy of your personal information.
- Right to Opt Out of Sale: We do not sell your personal information. If this practice changes, we will provide a prominent opt-out mechanism.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
- Right to Limit Sensitive Data Use: You may limit our use of sensitive personal information to what is necessary to provide the Service.
To exercise any of these rights, contact us at privacy@startupaces.com. We will respond within 45 days. We may need to verify your identity before processing your request.
5. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to operate and improve the Service. You can control cookie use through your browser settings or through the cookie consent banner shown when you first visit the Service.
Essential Cookies
Required for the Service to function. These include session cookies for authentication and security. These cannot be disabled.
Analytics Cookies
Help us understand how users interact with the Service. We use anonymized analytics to improve features and user experience. You may opt out through the cookie banner.
Preference Cookies
Remember your settings and preferences (such as cookie consent choice) to personalize your experience.
We do not use advertising or tracking cookies. We do not participate in cross-site tracking for advertising purposes.
6. Security
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
- Bcrypt hashing for passwords with a work factor of 12+
- Short-lived access tokens stored in memory (not localStorage)
- HTTP-only, Secure, SameSite cookies for session management
- Regular security audits and penetration testing
- Access controls limiting employee access to personal data
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and relevant authorities in accordance with applicable law.
7. Contact Us
For privacy questions, requests to exercise your rights, or to report a concern, contact our Privacy team:
StartupAces Privacy Team
Email: privacy@startupaces.com
We respond to all privacy requests within 45 days.