Privacy Policy

We collect information directly from you, automatically from your browser or device, from payment and referral providers, and from the AI-generated outputs created through the service.

We do not intentionally ask for government identifiers, full payment card numbers, bank account credentials, health records, biometric data, or other highly sensitive information. If you place sensitive information in free-text prompts, support messages, or generated artifacts, we will process it as part of providing the service.

• Create, store, display, export, and share AI-generated startup artifacts.
• Operate accounts, authentication, magic links, dashboards, credits, subscriptions, and artifact visibility controls.
• Process payments, issue receipts, manage credits, reconcile webhooks, prevent fraud, and maintain billing records.
• Send transactional emails, product notifications, generation updates, reminders, and messages you request.
• Measure product usage, conversion, performance, reliability, and errors.
• Prevent abuse, enforce rate limits, detect suspicious activity, protect accounts, debug issues, and maintain service security.
• Improve Foundry, including through aggregated or de-identified usage patterns, quality signals, and support feedback.
• Comply with law, enforce terms, resolve disputes, and protect the rights, property, and safety of Foundry, users, and others.

Foundry is an AI product. When you ask the service to generate a niche, plan, brand kit, launch asset, or related output, we may send your inputs, relevant account or session context, generated drafts, and validation prompts to AI model providers and generation infrastructure.

AI outputs may contain assumptions, inferences, rankings, scores, market estimates, names, brand assets, copy, strategies, and other recommendations. We store those outputs so you can view, export, continue, share, or regenerate your work.

We do not use AI output to make decisions that produce legal or similarly significant effects about you, such as credit, employment, housing, insurance, or eligibility for public benefits. Foundry generates startup materials for your review.

Foundry creates artifacts such as niche pages, business plans, brand kits, share cards, PDFs, exports, and launch assets. Some artifacts may be public by default. Public means that anyone with the URL can view the artifact, and public pages may be crawled or indexed by search engines.

• Anonymous artifacts are treated as public because there is no verified account owner to manage private visibility.
• Logged-in users may have visibility controls for eligible artifacts, depending on product tier and feature availability.
• Changing an artifact to private restricts access through Foundry, but it cannot remove copies already saved, shared, cached, indexed, screenshotted, or exported by others.
• If you believe an artifact exposes information that should not be public, contact us at hello@foundrystart.com.

We use cookies, local storage, scripts, and similar technologies to operate Foundry and understand how people use it.

• Authentication cookies keep logged-in users signed in.
• Generation and anonymous-session cookies help recover or claim generated work across page loads and sessions.
• Referral cookies store referral codes for up to 90 days and support referral attribution.
• Local storage may remember UI state, product-progress state, and analytics deduplication markers.
• Google Analytics may collect event, page, browser, device, and usage data.
• Microsoft Clarity may collect product-observation data such as clicks, scrolls, page interactions, heatmaps, session replay data, and related technical information.
• Referral anti-abuse logic may create a hashed browser fingerprint from signals such as user agent, language, screen dimensions, timezone, hardware concurrency, and platform.

You can control many cookies and scripts through your browser, extension, or device settings. Blocking cookies may affect login, generation recovery, referrals, analytics, or other features.

We share information only as needed to operate, improve, secure, and support Foundry, process transactions, comply with law, or honor your sharing choices.

We do not sell personal information for money, and we do not provide user contact lists to data brokers. If a privacy law treats certain analytics, measurement, or product-observation disclosures as a "sale" or "sharing," you may contact us to exercise any available opt-out rights.

Paid features, subscriptions, credit packs, and crypto payments are processed by third-party payment providers such as Polar and NOWPayments. We store payment metadata needed to confirm purchases, credit your account, send receipts, prevent fraud, reconcile webhooks, provide support, and maintain tax, accounting, and legal records.

Foundry does not intentionally store full credit card numbers, bank account credentials, private wallet keys, or complete payment instrument details. Payment providers process payment information under their own terms and privacy notices.

We send transactional and operational emails such as magic links, payment confirmations, generation queued/completed/failed messages, credit notifications, account notices, and security-related messages. These messages are necessary for the service and may not include an unsubscribe option.

We may also send product updates, reminders, weekly digests, renewal reminders, feature announcements, or other non-essential emails where permitted. Those emails include unsubscribe or preference controls, or you can contact hello@foundrystart.com.

We keep information for as long as reasonably necessary for the purposes described in this policy, unless a longer period is required or permitted by law.

• Account information is generally kept while your account exists.
• Generated artifacts are kept while they remain associated with an account, session, public URL, export, or operational record.
• Authentication sessions are designed to expire after a limited period, and magic links expire after a short period.
• Referral cookies may last up to 90 days. Generation recovery and anonymous-session cookies may last up to 30 days unless cleared sooner.
• Payment, credit, tax, fraud-prevention, security, and legal records may be kept for longer periods when needed for legitimate business or legal reasons.
• Backups and logs may persist for a limited period before being overwritten or deleted according to operational schedules.

If you request deletion, we will delete or de-identify information where reasonably possible, subject to legal, security, billing, backup, dispute, and abuse-prevention limits.

Depending on where you live, you may have rights to access, correct, delete, export, restrict, object to, or opt out of certain processing of your personal information. You may also have the right to withdraw consent where processing is based on consent.

• To make a request, email hello@foundrystart.com from the email address connected to your account or provide enough information for us to verify control.
• We may ask you to verify your identity through login, magic link, email confirmation, account details, or other reasonable verification steps.
• You may unsubscribe from non-essential emails through the link in the email or through available email preference controls.
• You may change eligible artifact visibility using the product controls when available.
• You may block or delete cookies through your browser, but some service features may stop working.

We will not discriminate against you for exercising privacy rights, but some requests may limit our ability to provide the service.

This section is intended to provide additional notice for California residents. It describes categories of personal information we may collect, examples, and categories of recipients to whom information may be disclosed for business purposes.

We collect these categories from you, your browser or device, payment providers, referral interactions, AI generation workflows, and service providers. We use them for the purposes described above, including service delivery, billing, security, analytics, communications, support, compliance, and product improvement.

We do not knowingly sell or share personal information of consumers under 16. We do not use sensitive personal information to infer characteristics about you. If you submit sensitive information in free-text content, we process it only as needed to provide, secure, support, or comply with obligations related to the service.

California residents may request to know, access, correct, delete, and receive information about disclosure of personal information, and may opt out of sale or sharing where applicable. To exercise these rights, contact hello@foundrystart.com.

If the GDPR, UK GDPR, or similar law applies, Foundry acts as the controller for personal information we process to operate the service, manage accounts, process payments, communicate with users, secure the product, and improve Foundry.

Our legal bases may include performance of a contract, legitimate interests, consent where required, compliance with legal obligations, and protection of vital or legal interests. Our legitimate interests include operating and improving Foundry, preventing abuse, securing the service, measuring usage, providing support, and communicating about the product.

We may process and transfer information in the United States and other countries where we or our providers operate. Where required, we rely on appropriate safeguards for international transfers. You may have rights to access, rectification, erasure, restriction, objection, portability, withdrawal of consent, and complaint to a supervisory authority.

We use reasonable technical, organizational, and administrative safeguards designed to protect personal information, including encrypted transport where supported, access controls, provider security measures, webhook verification, rate limiting, and abuse detection.

No internet service is perfectly secure. You are responsible for keeping your email account secure because Foundry authentication uses email-based magic links.

Foundry is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child provided personal information to Foundry, contact us and we will take appropriate steps.

We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last updated" date and may provide additional notice where required by law or appropriate for the change.

For privacy questions, rights requests, deletion requests, artifact visibility concerns, or legal operator information, contact us at hello@foundrystart.com.

Please include enough context for us to locate your account, session, artifact, or request. Do not send highly sensitive information by email unless necessary.