FoundrAI Privacy Policy

Welcome to FoundrAI! Please Read Before Proceeding

Effective Date: 18-Feb-2025

1. Introduction

Welcome to the Privacy Policy of FoundrAI, a service provided by Sketchli Pty Ltd (“Company,” “we,” “us,” or “our“). Sketchli Pty Ltd is located in Victoria, Australia. This Privacy Policy describes how we collect, use, process, and protect your personal data when you use the FoundrAI platform, including all associated services, features, content, and applications (collectively, the “Service“).

This Privacy Policy is designed to be compliant with the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA) and the Australian Privacy Principles (APPs) under the Australian Privacy Act 1988, as well as other applicable privacy laws globally, to the extent relevant to our operations. We also aim to align with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) principles where applicable to provide transparency and control over your personal information.

This Privacy Policy is an integral part of our Terms of Service (“ToS“), and by accessing or using FoundrAI, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. Please read this Privacy Policy carefully together with our Terms of Service. If you do not agree with our practices, please do not use the Service.

2. Data Controller and Data Protection Officer (DPO)

For the purposes of GDPR and other applicable data protection laws, Sketchli Pty Ltd, located in Victoria, Australia, is the Data Controller responsible for the processing of your personal data in connection with the Service.

To ensure compliance with data protection regulations and to address any privacy-related inquiries, we have appointed a Data Protection Officer (DPO). You can contact our DPO at:

Data Protection Officer Sketchli Pty Ltd [email protected]

3. User Data Collected

We collect various types of data from you when you use FoundrAI. This data can be broadly categorized as follows:

  • Personal Identification Data:

    • Email Address: Collected during account registration and used for account management, communication, service updates, password resets, and marketing communications (with opt-out options provided).

    • Full Name: Collected during account registration for personalization, identification within the platform, and to enhance user experience.

    • Username: Chosen by the user during registration and used for account login and platform identification.

  • Contact Information (Optional):

    • Phone Number: Optionally collected for account verification, enhanced security measures (like two-factor authentication), and for providing direct support if needed and consented to.

    • Company Name (if applicable): Collected if you are using FoundrAI in a professional or organizational context to understand user demographics and tailor services appropriately.

  • Payment and Transaction Data:

    • Billing Address: Required for processing payments, calculating applicable taxes, and complying with financial regulations.

    • Payment Information: Credit card details, debit card details, or other payment method information (e.g., PayPal account details) are collected and securely processed by our third-party payment processor, Stripe. We do not directly store or have access to your full credit card details.

    • Subscription History: Records of your subscription plans, payment dates, transaction amounts, and subscription status to manage your account and provide customer support related to billing.

  • Technical and Usage Data (Automatically Collected):

    • IP Address: Automatically logged each time you access the Service for security purposes (fraud detection, abuse prevention), diagnostics, and to analyze geographic usage patterns in anonymized and aggregated forms.

    • Browser Type and Version: Automatically collected to optimize the Service’s compatibility with different browsers and to ensure a consistent user experience across various platforms.

    • Operating System: Automatically collected to further optimize service compatibility across different operating systems (Windows, macOS, Android, iOS etc.) and devices.

    • Device Information: Details about the device you use to access FoundrAI, including device type (desktop, mobile, tablet), model, and hardware settings, to ensure proper rendering and functionality.

    • Usage Data: Detailed information about how you interact with FoundrAI, including features used, workflows accessed, pages visited, time spent on each page, click patterns, and task completion rates. This helps us understand user behavior and improve platform usability.

    • Log Data: Server logs automatically record information created when you use the Service. These logs may include timestamps, requests made, referring URLs, exit URLs, crash reports, system activity, and error reports for service monitoring, debugging, and performance analysis.

    • Cookies and Similar Technologies: We use cookies, pixel tags, web beacons, browser analysis tools, and server logs to collect information about your Browse activities. These technologies are used for:

      • Authentication: To keep you logged into your account.

      • Personalization: To remember your preferences and settings.

      • Analytics: To track website traffic and usage patterns (e.g., Google Analytics, Amplitude).

      • Advertising (if applicable in the future): To deliver targeted advertisements (currently not in use, but functionality may be added and will be disclosed in policy updates).

  • Location Data (If Applicable):

    • General Location: Inferred from your IP address to understand broad geographic usage trends and potentially personalize content based on region (e.g., suggesting region-specific resources). Precise geolocation data is not actively collected unless explicitly stated for specific features with user consent.

  • User-Generated Content:

    • Startup Ideas: All ideas, descriptions, notes, and related information you input into the idea generation tools, including text, images, links, and other media.

    • Validation Data: Research findings, market analysis, survey results, customer feedback, and other data you input or upload during the idea validation process.

    • Business Model Information: Data you input into the business model canvas, value proposition canvas, and related business planning tools, including text, financial projections, and strategic plans.

    • Feedback and Support Requests: Content of any feedback forms, support tickets, emails, or other communications you send to us, including questions, suggestions, and issue reports.

    • Collaboration Content (if applicable): Content shared or created in collaboration with other users on the platform if collaborative features are enabled, including shared workspaces, comments, and project documents.

    • Profile Information (Optional): Any information you choose to add to your user profile, such as your bio, professional experience, skills, and profile picture.

4. Data Usage: Purposes and Legal Basis

We use the collected data for the following purposes, and each processing activity is justified by a legal basis as required under GDPR and other applicable laws:

  • Providing and Maintaining the Service:

    • Purpose: To operate FoundrAI, deliver the features you use, ensure functionality, and personalize your experience.

    • Legal Basis (GDPR): Performance of a contract (to provide the Service to you).

    • Legal Basis (APP): Purpose is reasonably necessary for our functions and activities as a SaaS provider.

    • Examples: Account management, technical support, service improvement, personalized dashboards, feature delivery.

  • Payment Processing:

    • Purpose: To process subscription payments, manage billing, and handle financial transactions securely.

    • Legal Basis (GDPR): Performance of a contract (to process payments for your subscription), Compliance with legal obligations (financial regulations).

    • Legal Basis (APP): Purpose is reasonably necessary for our functions and activities and related to a payment transaction you initiated.

    • Examples: Subscription management, transaction records, payment gateway integration.

  • Personalization and User Experience Enhancement:

    • Purpose: To customize your experience, provide relevant content, optimize the user interface, and improve platform usability.

    • Legal Basis (GDPR): Legitimate interests (to improve our Service and user experience), Consent (for non-essential personalization features, if applicable).

    • Legal Basis (APP): Purpose is reasonably necessary for our functions and activities to improve user experience.

    • Examples: Personalized content recommendations, UI optimization based on usage data.

  • Communication and Marketing (with Opt-Out):

    • Purpose: To send service notifications, updates, and marketing communications about FoundrAI features, offers, and related content.

    • Legal Basis (GDPR): Legitimate interests (to inform you about service updates and relevant offers), Consent (for marketing communications, with clear opt-out mechanisms).

    • Legal Basis (APP): Legitimate interests in communicating service related information and marketing (with opt-out).

    • Examples: Service notifications, newsletters, promotional emails (with unsubscribe options).

  • Product Development and Analytics:

    • Purpose: To analyze user behavior, identify trends, improve features, and develop new functionalities for FoundrAI.

    • Legal Basis (GDPR): Legitimate interests (to improve and develop our Service), Consent (for non-essential analytics, if applicable, especially if data is not anonymized/aggregated).

    • Legal Basis (APP): Purpose is reasonably necessary for our functions and activities to improve and develop the service.

    • Examples: Data analysis, research and development, usage pattern analysis.

  • Legal and Compliance Purposes:

    • Purpose: To comply with laws, regulations, legal processes, prevent fraud, ensure security, and enforce our ToS.

    • Legal Basis (GDPR): Compliance with legal obligations, Legitimate interests (fraud prevention, security, enforcement of terms).

    • Legal Basis (APP): Required or authorized by law, reasonably necessary for law enforcement or preventative action.

    • Examples: Legal compliance, fraud prevention, security measures, ToS enforcement.

  • Internal Analytics and Business Intelligence:

    • Purpose: To generate internal reports, understand business performance, user engagement, and inform strategic decisions.

    • Legal Basis (GDPR): Legitimate interests (to understand and improve our business operations and strategy).

    • Legal Basis (APP): Purpose is reasonably necessary for our business operations and strategic planning.

    • Examples: Business intelligence reports, strategic decision making based on usage metrics

5. Third-Party Services and Data Sharing

We engage the following third-party services that process user data on our behalf for specific purposes. We ensure that these providers are GDPR and privacy compliant and have appropriate data processing agreements in place.

  • Amplitude Analytics: For website and Service analytics, user behavior tracking, and generating insights into feature usage. Data Shared: Anonymized usage data, events, device information, IP address (anonymized). Purpose: To understand user engagement, improve platform usability, and optimize features. Amplitude Privacy Policy

  • Stripe: For processing subscription payments securely. Data Shared: Payment information (credit card details, billing address), transaction history, subscription details. Purpose: To process payments, manage subscriptions, and handle billing inquiries. Stripe Privacy Policy

  • Google and OpenAI (LLMs): To provide AI-powered features within FoundrAI, specifically for idea generation and related functionalities. Data Shared: User input prompts, generated ideas, and related data necessary for AI processing. Purpose: To deliver the core AI-driven features of FoundrAI. Google Privacy Policy, OpenAI Privacy PolicyNote: Data shared with LLM providers is minimized and anonymized where possible to protect user privacy. Specific terms regarding data usage with LLM providers are reviewed to ensure alignment with privacy principles.

  • Mailgun: For transactional email delivery, including account verification emails, password reset emails, and service notifications. Data Shared: Email address, email content, delivery status. Purpose: To ensure reliable delivery of essential service-related emails. Mailgun Privacy Policy

  • Amazon Web Services (AWS): For cloud infrastructure, data storage, and hosting the FoundrAI platform. Data Shared: All categories of user data are stored on AWS infrastructure. Purpose: To provide a secure, reliable, and scalable platform for FoundrAI. AWS Privacy Policy

We only share data with these third-party services to the extent necessary for them to perform their specific functions and in accordance with our instructions. We do not sell or rent your personal data to third parties for their marketing purposes. We may disclose aggregated and anonymized data to third parties for analytics, research, or business intelligence purposes.

6. Data Security Measures

We implement robust security measures to protect your personal data from unauthorized access, use, disclosure, alteration, or destruction. These measures include:

  • Encryption in Transit and at Rest: We use industry-standard encryption technologies (HTTPS/TLS) to protect data transmitted between your browser and our servers. Sensitive data at rest, including payment information and user credentials, is encrypted using strong encryption algorithms.

  • Access Controls: Access to personal data is strictly limited to authorized personnel who need access to perform their job functions. We implement role-based access control and enforce the principle of least privilege.

  • Regular Security Audits and Vulnerability Assessments: We conduct regular security audits, penetration testing, and vulnerability assessments to identify and address potential security weaknesses in our systems and applications.

  • Data Breach Response Plan: We have a comprehensive data breach response plan in place to address and mitigate any data security incidents promptly and effectively, including notification procedures as required by applicable laws.

  • Physical Security: Our servers and data centers are physically secured with restricted access, surveillance, and environmental controls to prevent unauthorized physical access.

  • Employee Training: We provide regular training to our employees on data protection best practices, security protocols, and privacy policies to ensure a culture of data security and privacy awareness.

  • Data Minimization and Pseudonymization: We strive to minimize the amount of personal data we collect and, where appropriate, use pseudonymization techniques to reduce the identifiability of personal data.

  • Firewalls and Intrusion Detection Systems: We employ firewalls and intrusion detection systems to protect our network and systems from unauthorized access and malicious attacks.

While we strive to use commercially acceptable means to protect your personal data, please remember that no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee absolute security. In the event of a data breach, we will comply with all applicable data breach notification laws.

7. Data Retention Period

We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, including for the purposes of satisfying any legal, accounting, or reporting requirements. Specific data retention periods are as follows:

  • Account Data (Personal Identification, Contact Information): Retained for as long as your account is active. Upon account closure, we retain account data for 1 year for legal and accounting purposes, fraud prevention, and to handle any residual service-related issues. After this period, your account data will be securely deleted or anonymized.

  • Payment and Transaction Data: Retained for 7 years following the transaction date to comply with Australian tax laws and accounting regulations.

  • Usage Data and Log Data: Anonymized and aggregated usage data is retained indefinitely for ongoing service improvement, trend analysis, and product development. Raw, identifiable usage data and log data is retained for 13 months for security monitoring, system diagnostics, and troubleshooting purposes. After this period, it is either anonymized or securely deleted.

  • User-Generated Content: We retain User-Generated Content for as long as your account is active to provide you with the Service. Upon account closure, we may retain User-Generated Content for up to 90 days to allow for account reinstatement or data retrieval requests, unless you specifically request deletion earlier (subject to technical feasibility and legal obligations). After this grace period, User-Generated Content may be securely deleted from active systems but may persist in backups for disaster recovery purposes for a further period, after which it will be fully purged.

  • Marketing Communication Data: Data related to marketing preferences and opt-out requests are retained indefinitely to ensure we respect your choices regarding marketing communications in the future.

In some cases, we may be required to retain data for longer periods to comply with legal obligations, resolve disputes, or enforce our agreements. In these circumstances, we will ensure that your personal data is processed only for these specified purposes and is protected in accordance with this Privacy Policy.  

8. Children’s Privacy

FoundrAI is not intended for use by children under the age of 13 (or under 16 in the EEA and UK). We do not knowingly collect personal data from children under these ages. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at our Customer Service Portal. If we become aware that we have collected personal data from a child without verification of parental consent, we will take steps to remove that information from our systems.

Consistent with Google Gemini’s approach in Australia, we implement measures to prevent data collection from children. Our platform’s registration process includes age verification steps, and we rely on users to truthfully represent their age. If we become aware a user is under the specified age limit, we will terminate their account and delete associated data. We encourage parents and guardians to monitor their children’s online activity and to help us enforce our policy by instructing their children never to provide personal data through our Service without their permission.

9. User Rights (Data Subject Rights)

You have specific rights regarding your personal data under GDPR, the Australian Privacy Principles, and other applicable privacy laws. These rights include:

  • Right to Access: You have the right to request access to the personal data we hold about you and to receive a copy of this data in a structured, commonly used, and machine-readable format.

    • How to Exercise: You can request access to your data by contacting us at Customer Service Portal. We will require verification of your identity before fulfilling your request.  

  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.  

    • How to Exercise: You can rectify most of your account information directly through your account settings within the Service. For data that cannot be corrected through account settings, please contact us at Customer Service Portal with specific details of the correction needed.  

  • Right to Erasure (“Right to be Forgotten”): You have the right to request the deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, or if you withdraw your consent (where applicable).

    • How to Exercise: You can request erasure of your personal data by contacting us at Customer Service Portal. We will assess your request and comply to the extent required by law, considering any legal obligations or legitimate grounds for retention.

  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain situations, such as when you contest the accuracy of the data, or when processing is unlawful, but you oppose erasure.

    • How to Exercise: You can request restriction of processing by contacting us at Customer Service Portal, specifying the reasons for your request and the scope of restriction desired.

  • Right to Data Portability: You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller without hindrance from us, where technically feasible and when processing is based on consent or contract.

    • How to Exercise: You can request data portability by contacting us at Customer Service Portal. We will provide your data in a suitable electronic format.

  • Right to Object: You have the right to object to the processing of your personal data for certain purposes, including direct marketing and processing based on legitimate interests or for statistical purposes.

    • How to Exercise: You can object to processing by contacting us at Customer Service Portal, stating the grounds for your objection. For direct marketing, you can also use the unsubscribe links provided in our marketing emails or adjust your communication preferences in your account settings.

  • Rights Related to Automated Decision-Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except in certain circumstances (e.g., if necessary for a contract, authorized by law, or based on your explicit consent). FoundrAI currently does not engage in automated decision-making that produces legal effects or similarly significantly affects users in this context. If we implement such processes in the future, we will provide clear information and ensure you have the right to object and to human intervention.  

To exercise any of these rights, please contact our Data Protection Officer at [email protected]. We will respond to your request within 30 business days of receipt, unless a longer period is permitted by applicable law, and will verify your identity before fulfilling your request. There are exceptions and limitations to these rights, which may apply under certain circumstances.

10. International Data Transfers

As Sketchli Pty Ltd is based in Australia, and some of our third-party service providers may be located outside of your country of residence, including in countries that may not offer the same level of data protection as your country, international data transfers may occur. In particular, data may be transferred to and processed in the United States, where some of our key service providers like AWS, Google, OpenAI, Stripe, and Amplitude are based.

When we transfer personal data from the EEA or UK to countries outside these regions that have not been deemed to provide an adequate level of data protection under GDPR, we ensure appropriate safeguards are in place to protect your personal data. These safeguards primarily include the use of Standard Contractual Clauses (SCCs) approved by the European Commission. We rely on SCCs to provide a legal basis for transferring personal data to countries deemed not adequate by the EU, ensuring that your data is protected in accordance with European standards even when processed outside the EEA or UK.  

By using FoundrAI and providing us with your personal data, you consent to these international transfers of your personal data as described in this Privacy Policy and acknowledge that these transfers are necessary for the provision of the Service.  

11. Cookie Policy

We use cookies and similar tracking technologies to collect information about your Browse activity on FoundrAI. This section provides detailed information about the types of cookies we use, their purposes, and how you can manage your cookie preferences.

What are Cookies?

Cookies are small text files that are placed on your browser or device by websites you visit. They are widely used to make websites work, or work more efficiently, as well as to provide website owners with information. 

Types of Cookies We Use:

  • Strictly Necessary Cookies: These cookies are essential for the operation of FoundrAI and enable you to use its features, such as accessing secure areas and account authentication. Disabling these cookies will prevent you from using core functionalities of the Service.

    • Examples: Session cookies, authentication cookies, security cookies.

  • Performance/Analytics Cookies: These cookies collect information about how you use FoundrAI, such as which pages you visit most often, which features you use, and if you encounter any errors. This data is used to improve the performance and design of the Service. We use services like Amplitude and Google Analytics for this purpose.

    • Examples: Google Analytics cookies (_ga, _gid), Amplitude cookies.

  • Functionality Cookies: These cookies allow FoundrAI to remember choices you make (such as your username, language, or region) and provide enhanced, more personalized features.

    • Examples: Preference cookies, language settings cookies.

  • Targeting/Advertising Cookies (Currently Not in Use, Potential Future Use): We currently do not use targeting or advertising cookies. However, if we implement advertising or remarketing features in the future, we may use these cookies to deliver advertisements that are more relevant to you and your interests, and to measure the effectiveness of advertising campaigns. If implemented, this policy will be updated accordingly and users will be provided with appropriate notice and choice mechanisms.  

Purpose of Cookies:

We use cookies for the following purposes:

  • To improve user experience: Cookies enable us to personalize your experience on FoundrAI by remembering your preferences and settings.

  • To analyze website traffic and usage: Analytics cookies help us understand how users interact with our Service, allowing us to improve its functionality and content.

  • To ensure security: Strictly necessary cookies are crucial for security features and protecting your account.

  • To support our services: Cookies help us provide and maintain the core functionalities of FoundrAI.

Managing Cookies:

You have several options to manage cookies:

  • Browser Settings: Most web browsers allow you to control cookies through their settings. You can typically configure your browser to:

    • Block all cookies

    • Block third-party cookies

    • Allow all cookies

    • Clear cookies when you close your browser

    • Receive notifications when a cookie is set

    Refer to your browser’s help documentation for instructions on how to manage cookies. Please note that blocking strictly necessary cookies may impact your ability to use FoundrAI.

  • Cookie Consent Tools: We may implement a cookie consent banner or tool on our website that allows you to manage your preferences for non-essential cookies (e.g., analytics, advertising, if applicable).

  • Third-Party Opt-Outs: For analytics cookies used by third-party providers like Google Analytics and Amplitude, you can typically opt-out directly through their respective privacy policies or using browser add-ons they provide.

Cookie Policy Updates:

We may update this Cookie Policy from time to time to reflect changes in our cookie practices or legal requirements. We will notify you of any material changes as described in the “Updates to Privacy Policy” section below.

12. Do Not Track (DNT) Signals

Do Not Track (DNT) is a browser setting that allows you to indicate your preference not to have your online Browse activity tracked. FoundrAI currently does not respond to Do Not Track (DNT) signals from browsers. While we are committed to user privacy, there is no universally agreed-upon standard for how to interpret and respond to DNT signals.

As industry standards evolve and consensus emerges around DNT, we will re-evaluate our approach to DNT signals and may update our policy in the future. In the meantime, we provide transparency about our data collection practices in this Privacy Policy and offer you various mechanisms to manage your privacy, including cookie controls and user rights as outlined in this policy.  

13. Updates to Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal requirements, or Service features. We will notify you of any material changes through one or more of the following methods:

  • Email Notification: We will send an email to your registered email address notifying you of the updated Privacy Policy and the effective date of the changes.

  • Prominent Notice on Website/Service: We will post a prominent notice on the FoundrAI website and/or within the Service dashboard alerting you to the updated Privacy Policy.

  • In-App Notification: We may display an in-app notification within FoundrAI to inform you of the changes when you next access the Service.

The “Effective Date” at the top of this Privacy Policy will indicate when the latest revisions were made. We encourage you to review this Privacy Policy periodically for any updates. Your continued use of the Service after the effective date of the updated Privacy Policy constitutes your acceptance of the revised policy. If you do not agree to the updated Privacy Policy, you must stop using the Service after the effective date of the changes.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us at our Customer Service Portal.

For GDPR-related inquiries or to exercise your data subject rights, please contact our Data Protection Officer (DPO) at the Customer Service Portal.

15. Governing Law

This Privacy Policy and all matters arising out of or relating to it are governed by and construed in accordance with the laws of Victoria, Australia, without regard to its conflict of laws principles.

16. Link to Terms of Service

This Privacy Policy is part of and should be read in conjunction with our Terms of Service.

Conclusion

Thank you for taking the time to review our Privacy Policy. We are committed to protecting your privacy and handling your personal data responsibly. We encourage you to contact us if you have any questions or concerns.

To top