Privacy Policy

Foundaro ("we," "our," or "us") operates the Foundaro service, a SaaS platform for capturing, developing, and validating business ideas. This Privacy Policy describes how we collect, use, and share information about you when you use our website, applications, and services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. We process your data to provide the Service and to improve your experience — never to sell it.

We use the information we collect to:

• › Provide, operate, and maintain the Service
• › Authenticate your identity and manage your account
• › Process subscription payments via Stripe
• › Deliver AI-generated content when you invoke AI features
• › Send transactional emails (e.g. email verification, password reset)
• › Monitor performance, diagnose bugs, and improve reliability
• › Enforce our Terms of Service and prevent abuse
• › Comply with legal obligations

We do not use your content for advertising, sell it to third parties, or use it for any purpose other than providing the Service.

We do not sell, rent, or trade your personal information. We share data only with the following categories of third parties, and only as necessary to operate the Service:

We may also disclose information if required by law, court order, or to protect the rights, property, or safety of Foundaro, our users, or others.

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal information and project content within 30 days, except where retention is required by law or for legitimate business purposes (e.g., resolving disputes, fraud prevention).

Aggregated, anonymized usage statistics that cannot be linked back to you may be retained indefinitely to improve the Service.

Stripe retains payment records as required by financial regulations, independent of your Foundaro account status.

We take security seriously. The Service uses the following measures to protect your data:

• › All data is transmitted over TLS/HTTPS
• › Authentication is handled by Firebase Auth with Google-grade security
• › Firestore Security Rules enforce per-user data isolation at the database level
• › Firebase App Check with reCAPTCHA v3 protects against automated abuse
• › File uploads are scoped to authenticated users and enforced by Firebase Storage rules
• › Stripe handles payment data in a PCI DSS-compliant environment

No method of transmission over the internet is 100% secure. While we use commercially reasonable measures to protect your data, we cannot guarantee absolute security. Please notify us immediately at privacy@foundaro.io if you suspect a security incident.

Foundaro uses a minimal set of cookies and local storage:

• Firebase Auth session Essential

  Keeps you signed in across page reloads

• Language preference Functional

  Remembers your chosen locale (en / es / zh-TW)

• Theme preference Functional

  Remembers light or dark mode selection

• reCAPTCHA Security

  Google App Check token for abuse prevention

We do not use advertising cookies or third-party tracking pixels. We do not share cookie data with ad networks.

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Update or correct inaccurate information via your account settings.
• Deletion: Request deletion of your account and associated data.
• Portability: Export all your project data as a JSON file from Settings → Data Export.
• Restriction: Request that we limit processing of your data in certain circumstances.
• Objection: Object to processing based on our legitimate interests.

To exercise these rights, use the self-service tools in your account settings or contact us at privacy@foundaro.io. We will respond within 30 days.

If you are located in the European Economic Area, you have rights under the GDPR and may lodge a complaint with your local data protection authority.

The Service is not directed to children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at privacy@foundaro.io and we will promptly delete it.

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or in-app notification.

Continued use of the Service after changes become effective constitutes your acceptance of the updated policy. We encourage you to review this page periodically.