Privacy Policy

Last Updated: May 28, 2025

Effective Date: May 28, 2025

1. Introduction

SELFOUND LTD (Company Number: 16450921), operating as Cofounder.im ("we," "our," or "us"), respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, services, or platform, including our AI-powered agents and tools (collectively, the "Services").

Please read this Privacy Policy carefully. By using our Services, you acknowledge that you have read and agree to all terms of this policy. If you do not agree to these terms, please immediately cease using or accessing our Services.

To optimize your user experience, we need to process your personal information. If you do not wish to have your personal information processed as described in this policy, or if you are under 18 years of age, please stop using our Services.

We primarily collect and use your information to:

• Provide and improve our Services and user experience
• Generate AI-powered analyses, reports, and recommendations
• Ensure the security and integrity of the platform
• Fulfill our legal obligations

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

• Account Information: When you register for an account, we collect your name, email address, and password.
• Profile Information: Information you provide in your user profile, such as your photo, company, job title, and location.
• Payment Information: When you make a purchase, our payment processor (Stripe) collects your payment details. We do not store complete credit card information on our servers.
• Communication Data: Information you provide when contacting us, including email correspondence and chat logs.
• Authentication Data: If you choose to sign up or log in using third-party services (Google, Facebook, or Apple), we receive information from these services as permitted by your privacy settings.

2.2 Project and Content Information

We collect information related to your projects and use of our Services, including:

• Project Details: Business ideas, project descriptions, and any information you provide about your startup concept.
• Inspiration Links: URLs and websites you share as inspiration for your projects.
• Agent Selections: Information about which AI agents you select and use.
• User Content: Any personal information collected when you use our Services, including information provided in inputs, file uploads, feedback, or other submissions.
• Generated Content: Reports, analyses, and other content generated by our AI agents based on your inputs.
• Communication Content: Any communications we exchange, including chatbot interface communications, survey responses, or feedback.

2.3 Usage Information

We automatically collect certain information about your use of our Services:

• Device Information: IP address, browser type, operating system, and device identifiers.
• Log Data: Access times, pages viewed, and other system activities.
• Cookies and Similar Technologies: Information collected through cookies, web beacons, and similar tracking technologies.
• Usage Patterns: How you interact with our Services, including features you use and time spent on the platform.

3. How We Use Your Information

We use your information for the following purposes:

3.1 Providing and Improving Our Services

• To create and maintain your account (using your basic information)
• To process your payments and provide the services you've purchased
• To generate AI-powered analyses, reports, and recommendations
• To personalize your experience and deliver content most relevant to you
• To improve and optimize our Services through usage analysis
• To develop new features and functionality
• To train and improve our AI models (with anonymized data)

3.2 Communications

• To respond to your inquiries and support requests
• To send administrative information, such as updates to our Terms and Privacy Policy
• To send notifications about your account or projects
• To provide marketing communications (with your consent)

3.3 Research and Analytics

• To analyze usage patterns and trends
• To conduct research to improve our AI models and algorithms
• To generate aggregated, non-identifying insights about startup trends and market opportunities

3.4 Security and Legal Compliance

• To protect the security and integrity of our Services
• To detect and prevent fraud, abuse, and security incidents
• To comply with legal obligations
• To enforce our Terms of Use and other policies

4. How We Share Your Information

We may share your information with the following categories of recipients:

4.1 Service Providers

We share information with third-party service providers who help us operate, provide, and improve our Services, including:

• Cloud hosting and infrastructure providers
• Payment processors
• Analytics and performance monitoring services (such as Amplitude, which helps us understand how users interact with our services)
• Customer support and communication tools
• AI and machine learning services (including large language model providers)

4.2 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

4.4 Business Transfers

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.

5. Data Security

We have implemented a series of reasonable technical, administrative, and organizational measures aimed at comprehensively protecting the security of your personal information. These protective measures cover both online and offline environments, with the purpose of preventing the loss, misuse, unauthorized access, disclosure, alteration, or destruction of your personal information.

However, we must honestly point out that in today's digital world, no security system can provide absolute 100% protection. Therefore, when using our Services, you need to understand and accept this reality: despite our best efforts to protect your information, the risks associated with using our Services ultimately must be borne by you personally.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When determining how long to retain information, we consider:

• The amount, nature, and sensitivity of the information
• The potential risk of harm from unauthorized use or disclosure
• The purposes for which we process the information
• Applicable legal requirements

In accordance with GDPR principles, we maintain a data retention schedule that specifies retention periods for different categories of data. Specific retention periods include:

• Account Information: Retained for the duration of your account plus 30 days after account deletion
• Project Data: Retained for the duration of your account plus 90 days after account deletion (unless you specifically request earlier deletion)
• Payment Information: Retained for 7 years as required by tax and accounting regulations
• Communication Records: Retained for 2 years after the last communication
• Usage Data: Retained in identifiable form for 13 months, then anonymized

You can request deletion of your data at any time as described in the Data Subject Rights section.

7. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information. Even if local laws do not explicitly provide for these rights, we may at our discretion offer you these choices:

7.1 Access and Update

You can access and update your account information through your account settings.

7.2 Data Subject Rights Under GDPR

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, the GDPR and similar data protection laws provide you with the following rights:

• Right to Access (Article 15): You have the right to obtain confirmation of whether we process your personal data and, if so, access to that data and information about how we process it.
• Right to Rectification (Article 16): You can request correction of inaccurate personal data or completion of incomplete data.
• Right to Erasure/Right to be Forgotten (Article 17): You can request deletion of your personal data under certain circumstances, such as when the data is no longer necessary, when you withdraw consent, or when you object to processing and there are no overriding legitimate grounds.
• Right to Restriction of Processing (Article 18): You can request that we restrict the processing of your personal data in specific circumstances, such as when you contest the accuracy of the data or when processing is unlawful.
• Right to Data Portability (Article 20): You can request to receive your personal data in a structured, commonly used, machine-readable format and have it transmitted to another controller where technically feasible.
• Right to Object (Article 21): You can object to the processing of your personal data based on our legitimate interests, for direct marketing purposes, or for scientific/historical research and statistics.
• Right to Not Be Subject to Automated Decision-Making (Article 22): You have the right not to be subject to decisions based solely on automated processing (including profiling) that produce legal or similarly significant effects, with certain exceptions.
• Right to Withdraw Consent: Where processing is based on your consent, you can withdraw that consent at any time.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

To exercise these rights, please contact our Data Protection Officer at privacy@cofounder.im. We will respond to your request within one month (which may be extended by up to two additional months in complex cases). To protect your privacy and security, we may need to verify your identity before processing your request.

7.3 Marketing Communications

You can opt out of marketing communications by clicking the "unsubscribe" link in any marketing email we send or by contacting us directly.

7.4 Cookies

Most web browsers allow you to control cookies through their settings. However, if you reject cookies, certain features of our Services may not function properly.

8. Children's Privacy

Our Services are designed for adults and not intended for children. We do not knowingly solicit or collect personal information from children. According to our Terms of Service, all users must be at least 18 years old to use our Services. If you discover that we have collected personal information from minors without guardian consent, please contact us immediately, and we will promptly delete the relevant data.

9. International Data Transfers

Your information may be transferred to and processed in countries outside the European Economic Area (EEA) that may have different data protection standards. When we transfer personal data outside the EEA, we implement appropriate safeguards in line with GDPR requirements, such as:

• European Commission's Standard Contractual Clauses
• Ensuring third-party service providers are certified under approved frameworks (such as EU-US Data Privacy Framework)
• Implementing technical and organizational measures to protect your data during transfer and processing

You have the right to obtain information about these safeguards by contacting us at privacy@cofounder.im.

10. Changes to This Privacy Policy

To continuously optimize our service quality, we may periodically update this Privacy Policy. All policy changes will be posted on this page, and significant changes will be communicated to you with reasonable notice as required by law. You can always check the date at the top of the page to see when the policy was last updated. We encourage you to review this policy regularly to stay informed about how we protect your personal information.

11. AI-Specific Privacy Considerations

As an AI-powered platform, we want to provide additional transparency about how we handle your data in relation to our AI features:

• AI Training: We may use anonymized and de-identified data to train and improve our AI models. This helps us enhance the quality and accuracy of our Services.
• Third-Party AI Services: We utilize third-party AI services and large language models to power some of our features. When you interact with these features, your inputs may be processed by these services in accordance with their privacy policies.
• Project Information and LLMs: When you use our AI agents, your project information (including business ideas, descriptions, and other inputs) is sent to third-party Large Language Model (LLM) providers such as OpenAI or Anthropic to generate analyses and recommendations. This information is transmitted securely and is subject to the privacy policies of these providers. We have agreements in place with these providers that include data protection provisions. We only share the minimum information necessary for the AI to perform its function.
• AI-Generated Content: Content generated by our AI agents is based on the information you provide. We do not claim ownership of factual information in AI-generated outputs, but we do retain rights to the specific expression and format of those outputs.
• Data Retention for AI: To improve our AI services, we may retain your interactions with our AI features longer than other types of data. You can request deletion of this data as described in the Data Subject Rights section.

12. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:

• Contractual Necessity: Processing necessary for the performance of our contract with you (e.g., to provide the Services you've requested, manage your account)
• Legitimate Interests: Processing necessary for our legitimate interests or those of a third party, provided these interests are not overridden by your interests or fundamental rights and freedoms (e.g., improving our Services, preventing fraud, ensuring network security)
• Legal Obligation: Processing necessary for compliance with a legal obligation to which we are subject
• Consent: Processing based on your specific, informed, and unambiguous consent (e.g., for certain types of marketing communications)

For each type of processing activity, we identify and document the appropriate legal basis. You have the right to object to processing based on legitimate interests as described in the Data Subject Rights section.

13. Data Protection Officer and EU Representative

We have appointed a Data Protection Officer (DPO) responsible for overseeing questions regarding this Privacy Policy and our GDPR compliance. Additionally, as required by Article 27 of the GDPR, we have appointed a representative in the European Union.

To contact our DPO or EU representative, please email privacy@cofounder.im with the subject line "Attn: DPO" or "Attn: EU Representative" as appropriate.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@cofounder.im

SELFOUND LTD (Company Number: 16450921)