Privacy Policy
Last updated: March 2026
1. What We Collect
Information you provide:
- Name and email address (from application form)
- Company information (name, description, stage, sector, problem, solution, traction, fundraising details)
- Pitch deck (PDF upload, optional)
- Voice recordings and transcripts from sessions
- Payment information (processed by Stripe — we never see or store your card number)
Information collected automatically:
- Session metadata (duration, timestamps, partner used)
- Scores and feedback generated by AI
- Usage data (pages visited, features used)
- IP address and basic device information
- Cookies (functional only — see Section 6)
2. How We Use Your Data
| Data | Purpose | Legal basis |
|---|---|---|
| Name + email | Account, authentication, communication | Contract performance |
| Company information | Application screening, session context, reports | Contract performance |
| Pitch deck | Deck review, screening context | Contract performance |
| Voice recordings | Generate feedback, cross-session memory | Consent (checkbox at application) |
| Transcripts | Feedback generation, session summaries | Contract performance |
| Payment info | Process credit purchases | Contract performance (via Stripe) |
| Usage data | Service improvement, analytics | Legitimate interest |
| Aggregated/anonymized data | Trend reports, marketing, AI improvement | Legitimate interest |
3. Data Sharing
We do NOT sell your data.
We share data only with:
| Recipient | Data shared | Purpose |
|---|---|---|
| Stripe | Payment info | Process payments |
| Resend | Email address | Send transactional emails |
| OpenRouter / LLM providers | Application text, transcripts (no PII where possible) | AI processing |
| Cloudflare | IP address, request data | CDN, security |
| LiveKit Cloud | Voice audio | WebRTC transport, STT (Deepgram), TTS (Cartesia) |
Grant applicant profiles: If you are nominated for a grant, you may be asked to opt-in to sharing your profile with partner VCs. This is never automatic — always explicit consent.
Aggregated data: We may publish anonymized, aggregated statistics (e.g., “Average pre-seed startup raises $500K” or “Top pitch mistake: vague TAM”). No individual company is identifiable.
4. Data Retention
| Data | Retention |
|---|---|
| Account data | Until you request deletion |
| Application data | Until you request deletion |
| Voice recordings | 12 months, then auto-deleted (or earlier on request) |
| Transcripts | Until you request deletion |
| Session summaries (anonymized) | Indefinite (aggregated, no PII) |
| Payment records | 7 years (tax/legal requirement) |
| Anonymized analytics | Indefinite |
5. Your Rights
All users:
- Request a copy of your data (email: [email protected])
- Request deletion of your account and all associated data
- Request deletion of specific voice recordings
- Opt out of aggregated data usage
- Withdraw consent for session recording (note: this means you cannot use voice sessions)
EU/EEA users (GDPR):
- Right to access, rectification, erasure, restriction, portability, and objection
- Right to lodge a complaint with your local data protection authority
- Data controller: Rigor VC
California users (CCPA):
- Right to know what personal information is collected and how it's used
- Right to delete personal information
- Right to opt out of sale of personal information (we do not sell data)
- Right to non-discrimination for exercising privacy rights
6. Cookies
We use only functional cookies required for the Service to work:
- Session authentication (magic link token)
- CSRF protection
We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
7. Security
- All data is encrypted in transit (TLS/HTTPS)
- Database is encrypted at rest
- Voice recordings stored in encrypted object storage (Cloudflare R2)
- Access to production systems is restricted
- Pitch decks are processed in a sandboxed environment
- We do not store payment card data (Stripe handles all payment processing)
8. Children
Rigor VC is not intended for anyone under 18. We do not knowingly collect data from minors.
9. International Transfers
Data is processed in the United States and European Union (depending on infrastructure provider). By using the Service, you consent to data transfer to these jurisdictions.
10. Changes
We may update this Privacy Policy. Material changes will be communicated via email. Continued use after changes constitutes acceptance.
11. Contact
- Privacy inquiries: [email protected]
- Data deletion requests: [email protected]