Privacy Policy

Account Information

• Email address and password (encrypted)
• Profile information (name, role, company)
• Account preferences and settings
• Authentication tokens and session data

Startup Information

• Company name, description, and industry sector
• Funding stage and business model details
• Pitch deck content and presentations
• Financial projections and business metrics
• Team information and founder profiles

Simulation Data

Example: When you practice answering "What's your burn rate?", we store your response to provide feedback and track improvement over time.

• AI investor conversation transcripts
• Voice recordings during practice sessions (processed in real-time, not permanently stored)
• Response timing and interaction patterns
• Pitch performance scores and feedback
• Question and answer exchanges
• Simulation settings and preferences

Why we collect this: To provide AI feedback, improve service quality, and track your progress over time.

Analytics and Performance Data

• Usage statistics and session duration
• Feature engagement and interaction data
• Performance trends and improvement metrics
• Comparative benchmarking data
• Success rates and outcome tracking

Payment and Billing Information

• Credit card information (processed by Stripe)
• Billing address and payment history
• Subscription status and credit usage
• Invoice and transaction records

Technical Information

• IP address and browser information
• Device type and operating system
• Log files and error reports
• API usage and performance metrics

Core Service Delivery

• Provide AI-powered investor simulation experiences
• Generate personalized feedback and recommendations
• Track your progress and performance over time
• Customize investor personas based on your industry and stage

Service Improvement

• Analyze anonymized conversation patterns to improve response quality and realism
• Enhance investor personas based on aggregated feedback
• Improve feedback quality based on user outcomes
• Refine industry-specific questioning patterns

Analytics and Insights

• Generate performance analytics and trend reports
• Provide industry benchmarking and comparative analysis
• Identify common improvement areas and success patterns
• Create aggregated insights for product enhancement

Account Management

• Authenticate users and maintain secure sessions
• Process payments and manage subscription billing
• Provide customer support and technical assistance
• Send important account and service notifications

Essential Service Providers

• Supabase: Database hosting and user authentication (AWS-hosted, SOC 2 Type II certified)
• Stripe: Payment processing and subscription management (PCI DSS Level 1 certified—we never store card details)
• ElevenLabs: Text-to-speech voice generation (no personal data shared, only text for synthesis)
• OpenAI: AI conversation and feedback generation (zero retention policy, see above)
• Vercel: Application hosting and content delivery (AWS infrastructure, enterprise-grade security)

What Information We Share

• Authentication data with Supabase for account management
• Payment information with Stripe (we never store card details)
• Practice session content with OpenAI for real-time response generation
• Voice synthesis requests with ElevenLabs (no personal data)
• Aggregated, anonymized usage statistics with hosting providers

Enterprise-Grade Security Measures

• Encryption in Transit: All data transmissions use TLS 1.3 encryption
• Encryption at Rest: All stored data is encrypted using AES-256 encryption
• Access Controls: Practice session data is siloed per user with strict role-based access controls (RBAC)
• Infrastructure: Hosted on AWS infrastructure with enterprise-grade security and compliance certifications
• Authentication: Secure authentication with JWT tokens and session management
• Security Audits: Regular security assessments and vulnerability reviews
• Security Testing: Ongoing security assessments to identify and address vulnerabilities
• DDoS Protection: Rate limiting and distributed denial-of-service protection

Security Compliance: We are committed to maintaining enterprise-grade security standards and evaluating formal compliance certifications as we scale.

Data Confidentiality

• Your startup information remains completely confidential
• Pitch content is never shared with real investors or third parties without your explicit consent
• Internal AI improvement uses anonymized and aggregated data patterns only
• Strict employee access controls with signed confidentiality agreements
• No human reviewers access your individual conversations without explicit permission

Data Breach Notification

In the unlikely event of a data breach affecting your personal information:

• 72-Hour Notification: We will notify affected users within 72 hours of discovering the breach
• Transparency: Clear communication about what happened, what data was affected, and remediation steps
• Incident Response: Immediate action to contain the breach and prevent further unauthorized access
• Support: Dedicated support to help affected users secure their accounts

Retention Periods

• Active Accounts: Practice sessions and account data retained as long as your account is active
• Deleted Accounts: All personal data permanently deleted within 30 days of account deletion request
• Payment Records: Billing records kept for 7 years for legal and tax compliance requirements
• Analytics Data: Anonymized, aggregated data retained indefinitely for service improvement (cannot be linked back to you)
• Voice Recordings: Processed in real-time for transcription, not permanently stored
• Legal Obligations: Minimal data retained only as required by law (billing records, etc.)

Your Data Control Rights

• Export Data: Request a download of all your practice sessions and feedback by contacting support
• Delete Data: Request complete deletion of your account and all associated data within 30 days
• Anonymization Options: Practice sessions can be anonymized for platform improvement while removing personal identifiers
• Access Rights: View and access all personal data we hold about you
• Correction Rights: Request corrections to inaccurate or incomplete personal data
• Data Portability: Receive your data in a structured, machine-readable format

AI Conversations

• Your conversations with AI investors are recorded for feedback generation and progress tracking
• Conversation data helps improve AI responses and realism (using anonymized patterns only)
• No human reviewers access your individual conversations without explicit permission
• Internal AI models are trained on aggregated, anonymized conversation patterns only
• External AI providers (OpenAI) do NOT use your data for training their models

Voice Processing

• Voice input is processed in real-time for speech-to-text conversion
• Audio data is not permanently stored on our servers (only text transcripts are retained)
• Voice synthesis uses text input only, not voice biometrics or voice cloning
• You can disable voice features and use text-only mode at any time

Dedicated Privacy Contact

We take your privacy seriously. If you have any questions, concerns, or requests regarding your data:

• Email: privacy@kydarin.com
• Response Time: We aim to respond to privacy inquiries within 2-3 business days
• General Support: support@kydarin.com

How We Handle Policy Changes

• Version History: All previous versions of this policy are available upon request
• Material Changes: We will notify you via email 30 days before any material changes take effect
• Platform Notification: Important changes will also be displayed prominently in the platform
• Continued Use: Continued use of the service after changes indicates acceptance of the updated policy
• Opt-Out Option: If you disagree with changes, you can delete your account before they take effect