Privacy Policy
v1.1.0 — Effective June 24, 2026
This Privacy Policy describes how CoFounder.AI, Inc., a Delaware corporation ("CoFounder.AI," "we," "us," or "our"), collects, uses, and shares information when you use our AI-powered business planning and co-founder platform and related services (the "Service").
1. Information We Collect
Information You Provide:
- Account information: name, email address, phone number, organization name
- Founder profile information: business stage, business category, problem statement, target audience, and other onboarding inputs
- Payment information: processed securely by Stripe (we do not store card numbers)
- Projects, business plans, conversations, and AI-generated artifacts you create
- Documents, websites, and data you upload to or connect with the Service
- Voice and messaging content: when you use our voice or text-messaging features, the audio of your calls with the AI, recordings and transcripts of those calls, and the content of the text messages (including SMS and iMessage) you exchange with the Service
- Communications with us (support requests, feedback)
Information Collected Automatically:
- Device information: IP address, browser type, operating system
- Usage data: features used, projects created, pages visited, AI interactions
- Log data: access times, errors, performance metrics
- Cookies and similar technologies (see Section 7)
Information from Third Parties:
- Authentication data from identity providers (Google, LinkedIn) when you use SSO
- Public profile data retrieved on your behalf from LinkedIn (via our enrichment provider) and from public websites you ask us to analyze, when you opt in to those features
- Connected account data: when you connect a third-party account or service (such as email, calendar, social media, storage, or analytics) through our integration provider, the information we access from that account at your direction to perform the tasks you request
2. How We Use Your Information
We use your information to:
- Provide, maintain, and improve the Service
- Generate AI-powered business plans, recommendations, and other outputs you request
- Process and transcribe voice calls and messages to operate and improve our voice and messaging features
- Access and act within accounts you connect, at your direction, to perform the tasks you request
- Process transactions and send related information
- Send technical notices, updates, and security alerts
- Respond to your inquiries and provide customer support
- Monitor and analyze usage patterns to improve functionality
- Detect, prevent, and address fraud, abuse, or security issues
- Comply with legal obligations
- Send marketing communications (with your consent)
AI and Model Training:
We may use aggregated, de-identified data from your use of the Service to evaluate and improve our prompts, retrieval pipelines, and machine-learning components. This helps us improve recommendation quality, AI accuracy, and develop new features.
You may opt out of having your data used for these improvement purposes by contacting [email protected] or through your account settings. Opting out will not affect your access to the Service.
We do not use your private project content, founder profiles, uploaded documents, or other identifiable personal information to train third-party foundation models. When we send your inputs to third-party AI providers (e.g., OpenAI, Anthropic, Google) to generate responses, we do so under contractual terms that prohibit those providers from using your data to train their models.
Voice Calls and Recording Consent:
When you use our voice features, we and our voice and telephony providers record and transcribe your calls with the AI to provide, secure, and improve the Service. Some jurisdictions, including California, require all parties to a call to consent to its recording. By using the voice features and continuing a call after any recording notice, you consent to the recording and transcription of your calls with the Service, and you agree to obtain consent from any other participants you choose to include on a call.
Connected Accounts and Integrations:
When you connect a third-party account, the Service accesses and acts within that account only as needed to perform the tasks you direct or approve (for example, drafting or sending an email, or publishing a social post you authorize). You can review your connected accounts and disconnect them or revoke access at any time in your account settings or with the relevant provider. We do not use the contents of your connected accounts for advertising.
Legal Basis for Processing (GDPR):
- Performance of contract: to provide the Service you requested
- Legitimate interests: to improve and secure the Service
- Consent: for marketing communications and optional enrichment features
- Legal obligation: to comply with applicable laws
3. How We Share Your Information
We do not sell, rent, or trade your personal information. We may share your information with:
- Service Providers: Third-party companies that help us operate the Service (see Section 8).
- Legal Requirements: When required by law, subpoena, or legal process, or to protect our rights, privacy, safety, or property.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred.
- With Your Consent: When you direct us to share information with third parties.
4. Data Security
We implement industry-standard security measures to protect your information:
- TLS encryption for data in transit
- Encryption at rest for stored data
- Tenant isolation in our database
- JWT-based authentication
- Regular security audits and monitoring
- Access controls and authentication requirements
However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
5. Data Retention
We retain your information for as long as your account is active or as needed to provide the Service. Specifically:
- Account data: retained until account deletion
- Project content and conversation history: retained until you delete it or close your account
- Voice recordings, transcripts, and message content: retained until you delete them or close your account
- Application logs: retained for 90 days
- Payment records: retained for 7 years (legal requirement)
- Support communications: retained for 3 years
Upon account deletion, we will delete or anonymize your data within 30 days, except where retention is required by law.
6. Your Rights and Choices
All Users:
- Access, update, or correct your personal information via account settings
- Delete your account and associated data
- Opt out of marketing communications
- Opt out of having your data used for Service improvement
- Export your data in a portable format
California Residents (CCPA/CPRA):
- Right to know what personal information we collect and how it's used
- Right to delete your personal information
- Right to correct inaccurate personal information
- Right to opt-out of the sale or sharing of personal information (we do not sell your data)
- Right to limit the use of sensitive personal information
- Right to non-discrimination for exercising your rights
European Residents (GDPR/UK GDPR):
- Right of access to your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent at any time
- Right to lodge a complaint with a supervisory authority
To exercise these rights, contact us at [email protected].
7. Cookies and Tracking Technologies
We use cookies and similar technologies to:
- Keep you signed in
- Remember your preferences
- Analyze usage patterns
- Improve the Service
Types of Cookies:
- Essential cookies: required for the Service to function (including authentication)
- Analytics cookies: help us understand how the Service is used
- Preference cookies: remember your settings
You can control cookies through your browser settings. Disabling essential cookies may affect Service functionality.
Google Analytics 4:
We use Google Analytics 4 ("GA4"), a web analytics service provided by Google LLC, to understand how visitors use our website and Service. GA4 collects information such as your IP address (which Google truncates / anonymizes), device and browser type, referring URL, pages viewed, time spent on pages, and other usage events. This information is transmitted to and stored by Google on servers in the United States and other countries.
We use this information solely to analyze and improve the Service. We do not combine GA4 data with your account information to identify individual users for marketing purposes.
You can opt out of GA4 by installing the Google Analytics Opt-out Browser Add-on, or by managing cookies in your browser settings. For more information about how Google uses data, see Google's Privacy Policy.
8. Service Providers
We use trusted third-party service providers to help us operate the Service, including providers for:
- Authentication and identity management (Google, LinkedIn)
- Cloud hosting, database, and storage services (Google Cloud Platform, MongoDB Atlas)
- Payment processing (Stripe)
- Transactional email delivery (Resend)
- AI and machine-learning capabilities (OpenAI, Anthropic, Google)
- Voice AI, telephony, and messaging (ElevenLabs, Twilio, Sendblue)
- Third-party account integrations you connect (Composio)
- Profile and website enrichment (EnrichLayer, Firecrawl)
- Web analytics (Google Analytics 4) and monitoring
These providers only access your information as necessary to perform services on our behalf and are contractually obligated to protect your data.
For enterprise customers, a complete list of sub-processors is available in our Data Processing Agreement (DPA). To request a DPA, contact [email protected].
9. International Data Transfers
Your information may be transferred to and processed in the United States, where our servers are located. If you are located outside the United States, your information will be transferred to the U.S. in accordance with applicable data protection laws.
For transfers from the European Economic Area, the United Kingdom, or Switzerland, we rely on Standard Contractual Clauses approved by the European Commission (and the UK Addendum, where applicable).
10. Third-Party Links
The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.
11. Children's Privacy
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at [email protected].
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least 30 days before they take effect. The "Effective" date at the top indicates when the policy was last revised.
13. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
CoFounder.AI, Inc.
4065 Glencoe Avenue
Marina Del Rey, CA 90292
Email: [email protected]