Privacy Policy

Last updated: 1/4/2026

1. Information We Collect

We collect information that you provide directly to us, including:

  • Account Information: Name, email address and authentication credentials when you create an account or log in
  • Idea Submissions: Idea descriptions, target market information, business model details and any other information you provide when submitting an idea for validation
  • Payment Information: Payment details processed securely through Stripe (we do not store full credit card numbers on our servers)
  • Validator Applications: Professional background, expertise areas, portfolio information and verification documents when you apply to become a validator
  • Tax Information: For validators, we collect tax identification numbers (SIN/SSN), address and other information required for tax form generation (T4A for Canada, 1099-NEC for US)
  • Review Data: Reviews you write as a validator, ratings you provide as a seeker and feedback you give on reviews
  • Communication Data: Email communications, support requests and any messages sent through our platform
  • Usage Data: Information about how you interact with our platform, including pages visited, features used and timestamps

We also automatically collect certain technical information, including IP addresses, browser type, device information and usage patterns through cookies and similar technologies.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: Process and match your idea submissions with appropriate validators based on expertise and niche
  • Payment Processing: Process payments, manage transactions, calculate validator earnings and handle refunds when applicable
  • Tax Compliance: Generate and file tax forms (T4A for Canadian validators, 1099-NEC for US validators) as required by law
  • Communication: Send email notifications about submissions, reviews, validator assignments, payment confirmations and important platform updates
  • Account Management: Create and manage user accounts, authenticate users and provide access to dashboards based on user roles
  • Validator Management: Review validator applications, verify credentials, manage validator status and track performance
  • Review System: Facilitate the review process, collect and display reviews, calculate validator ratings and manage the rating system
  • Platform Improvement: Analyze usage patterns, identify technical issues, improve user experience and develop new features
  • Legal Compliance: Comply with legal obligations, including tax reporting, data retention requirements and responding to legal requests
  • Security: Detect and prevent fraud, abuse, security threats and unauthorized access to our platform

We process your personal data based on the following legal bases: (1) performance of a contract (providing our services), (2) legitimate interests (platform improvement, security), (3) legal obligations (tax compliance) and (4) consent (where applicable).

3. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • With Validators: When a validator is assigned to review your idea, they will see your idea details, description and target market information. Your email address is not shared with validators unless you explicitly choose to share it.
  • With Seekers: When you write a review as a validator, the seeker will see your review, feedback and validator name. Your email address is not shared with seekers.
  • Service Providers: We share data with trusted third-party service providers who help us operate our platform:
    • Stripe: Payment processing and transaction management
    • Supabase: Database hosting, authentication and backend infrastructure
    • Resend: Email delivery and communication
    • Vercel: Hosting and deployment infrastructure
    • Tax Filing Services: Third-party services for filing tax forms with government agencies (CRA, IRS)
  • Government Agencies: We may share tax information with government tax authorities (CRA, IRS) as required by law for tax form filing
  • Legal Requirements: We may disclose information if required by law, court order, or government regulation, or to protect our rights, property, or safety
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity
  • With Your Consent: We may share information with your explicit consent for specific purposes

All service providers are contractually obligated to protect your information and use it only for the purposes we specify. We do not share your information with third parties for their own marketing purposes.

4. Data Security

We implement comprehensive security measures to protect your personal information:

  • Encryption: All data in transit is encrypted using TLS/SSL protocols. Sensitive data at rest is encrypted
  • Authentication: Secure authentication using Supabase Auth with industry-standard security practices
  • Access Controls: Role-based access control (RBAC) ensures users can only access data appropriate to their role
  • Database Security: Row-Level Security (RLS) policies in Supabase ensure data isolation between users
  • Payment Security: Payment information is processed through Stripe, which is PCI DSS Level 1 compliant. We never store full credit card numbers
  • Regular Updates: We keep our systems and dependencies up to date with security patches
  • Security Headers: We implement security headers (HSTS, CSP, X-Frame-Options) to protect against common web vulnerabilities
  • Monitoring: We monitor our systems for security threats and unauthorized access attempts

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to maintain your session and provide essential functionality:

  • Essential Cookies: Authentication cookies (e.g., sb-*-auth-token) are required for you to log in and use our platform. These cookies are necessary for the website to function and cannot be disabled.
  • Third-Party Cookies: We use Stripe for payment processing and Supabase for authentication. These services may set their own cookies as necessary for their functionality.
  • Cookie Duration: Authentication cookies are typically session-based or persist for up to 7 days to maintain your login state.

You can control cookies through your browser settings, but disabling essential cookies may prevent you from using certain features of our platform.

6. Your Rights (GDPR, CCPA, PIPEDA)

Depending on your location, you have the following rights:

  • Right to Access: Request a copy of all personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data (subject to legal obligations)
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing of your personal data for certain purposes
  • Right to Withdraw Consent: Withdraw consent for data processing where consent is the legal basis
  • Right to Non-Discrimination (CCPA): We will not discriminate against you for exercising your privacy rights

To exercise these rights, please contact us using the information below or use our Data Rights Portal.

7. Data Retention and Deletion

We retain your personal information for different periods depending on the type of data and legal requirements:

  • Account Data: Retained while your account is active and for a reasonable period after account deletion to handle support requests
  • Idea Submissions: Retained while your account is active. After account deletion, submissions are anonymized but may be retained for historical records
  • Reviews: Retained indefinitely as they are part of the platform's content and may be referenced by other users
  • Tax Information: Retained for 7 years as required by law (Canada and US tax regulations). This includes T4A and 1099-NEC forms, earnings records and related documentation
  • Payment Records: Retained for 7 years for accounting and tax purposes
  • Email Communications: Retained for up to 2 years for customer support and record-keeping purposes
  • Logs and Analytics: Retained for up to 1 year for security and platform improvement purposes

You may request deletion of your account and associated data at any time through our Data Rights Portal. However, we may retain certain information as required by law (e.g., tax records) or for legitimate business purposes (e.g., preventing fraud). When data is deleted, it is permanently removed from our active systems, though it may remain in backups for a limited period.

8. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with applicable data protection laws.

9. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us through the contact information provided on our website or use our Data Rights Portal.

← Back to Home