Privacy Policy

Information you provide directly

• Account information: name, email address, and password when you create an account.
• Business ideas and inputs: text you enter into Foundra, including business descriptions, ideas, and responses to AI-generated questions.
• Communications: messages you send to us through support channels.

Information collected automatically

• Usage data: pages visited, features used, session duration, and interaction patterns within the Service.
• Device information: browser type, operating system, device type, and screen resolution.
• Log data: IP address, access times, and referring URLs.
• Cookies: small data files stored on your device. See the Cookies section below for details.

Foundra uses artificial intelligence to analyze the business ideas and information you provide. Your inputs are processed by third-party AI providers (such as OpenAI or Anthropic) to generate strategic outputs. We send only the minimum necessary data to these providers to deliver the Service.

We do not use your business ideas or personal inputs to train AI models. Your data is used solely to provide you with the Service.

We do not sell your personal information. We may share your data only in the following circumstances:

• Service providers: trusted third parties that help us operate the Service (hosting, analytics, AI processing, payment processing). These providers are contractually obligated to protect your data.
• Legal requirements: when required by law, regulation, or legal process.
• Protection of rights: to protect the rights, property, or safety of Foundra, our users, or the public.
• Business transfers: in connection with a merger, acquisition, or sale of assets, in which case your data would remain subject to this Privacy Policy.

We use cookies and similar technologies for the following purposes:

• Essential cookies: required for the Service to function (e.g., authentication, session management). These cannot be disabled.
• Analytics cookies: help us understand how users interact with the Service so we can improve it. You can opt out of these.

You can manage your cookie preferences at any time through the cookie settings banner or your browser settings. Disabling non-essential cookies will not affect the core functionality of the Service.

We implement industry-standard security measures to protect your data, including:

• HTTPS/TLS encryption for all data in transit.
• Encrypted database storage through our hosting provider (Supabase).
• Secure authentication with hashed passwords.
• Regular security reviews and updates.

No method of transmission over the internet is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

We retain your personal data for as long as your account is active or as needed to provide you with the Service. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

Depending on your location, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Rectification: request correction of inaccurate or incomplete data.
• Erasure: request deletion of your personal data (the “right to be forgotten”).
• Restriction: request that we limit how we process your data.
• Portability: request your data in a structured, commonly used, machine-readable format.
• Objection: object to our processing of your personal data.
• Withdraw consent: withdraw your consent at any time where we rely on consent as the legal basis for processing.

To exercise any of these rights, contact us at spencer@foundra.ai. We will respond within 30 days.

If you are in the European Economic Area (EEA) or the United Kingdom, you also have the right to lodge a complaint with your local data protection authority.

If you are located in the EEA or UK, we process your personal data on the following legal bases:

• Contract: processing necessary to perform our contract with you (providing the Service).
• Legitimate interests: processing necessary for our legitimate interests (improving the Service, security, fraud prevention), provided these do not override your rights.
• Consent: where you have given consent (e.g., analytics cookies, marketing communications).
• Legal obligation: processing necessary to comply with a legal obligation.

Your data may be transferred to and processed in countries other than your own. We use service providers located in the United States and other jurisdictions. Where required, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses) to protect your data in accordance with applicable law.

Foundra is not intended for anyone under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at spencer@foundra.ai.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a notice on the Service before the changes take effect. The “Last updated” date at the top of this page indicates when the policy was last revised.

If you have questions about this Privacy Policy or want to exercise your data rights, contact us: