StartInsight

Privacy Policy

We take your privacy seriously. Here's how we handle your data.

Last updated: March 23, 2026

1. Introduction

StartInsight ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully.

2. Information We Collect

We collect information you provide directly to us, such as when you create an account (name, email address), payment information (processed securely by Stripe — we do not store card numbers), and content you submit to the platform. We also collect usage data automatically, including IP addresses, browser type, pages visited, and interaction logs to improve the Service.

3. How We Use Your Information

We use collected information to: (a) provide, operate, and maintain the Service; (b) personalise AI-generated insights and recommendations; (c) process transactions and send billing communications; (d) send product updates and newsletters (you can opt out at any time); (e) respond to support requests; (f) detect and prevent fraud or abuse; and (g) comply with legal obligations.

4. AI Processing of Your Data

To deliver personalised startup insights, our AI systems process the information you provide — including your industry preferences, quiz responses, and saved ideas. This processing is used solely to generate relevant recommendations for you. We do not sell your personal data to third parties for advertising purposes.

5. Sharing Your Information

We may share your information with: (a) service providers who assist in operating our platform (e.g., Stripe for payments, Supabase for database hosting, Vercel for hosting) under strict data processing agreements; (b) law enforcement or government authorities when required by law; and (c) a successor entity in the event of a merger or acquisition, with prior notice to you.

6. Cookies and Tracking

We use cookies and similar tracking technologies to improve your experience. Essential cookies are required for the Service to function. Analytics cookies help us understand how users interact with the platform (you may opt out via your browser settings). We do not use third-party advertising cookies.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention).

8. Your Rights

Depending on your location, you may have the right to: access the personal data we hold about you; correct inaccurate data; request deletion of your data; restrict or object to processing; and data portability. To exercise these rights, contact us at privacy@startinsight.co. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. This includes encryption in transit (TLS) and at rest, access controls, and regular security reviews. However, no internet transmission is completely secure and we cannot guarantee absolute security.

10. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it promptly.

11. International Data Transfers

Your data may be processed in countries other than the one in which you reside, including Australia, the United States, and the European Union. We ensure appropriate safeguards are in place for such transfers in accordance with applicable data protection laws.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by posting the new policy on this page and updating the "Last Updated" date. For material changes, we will also send an email notification to your registered address.

13. Malaysia Personal Data Protection Act (PDPA 2010)

If you are located in Malaysia, you have rights under the Personal Data Protection Act 2010 (PDPA). StartInsight Sdn Bhd is the data controller responsible for your personal data. We process your data based on consent (provided at registration and newsletter signup) and contractual necessity (to deliver the Service). You have the right to: (a) access and correct your personal data; (b) withdraw consent at any time (which does not affect the lawfulness of prior processing); (c) make complaints to the Department of Personal Data Protection (JPDP). For cross-border transfers, we ensure your data is protected to a standard comparable to the PDPA. To exercise your rights, contact privacy@startinsight.co.

14. Newsletter and Email Communications

When you subscribe to our newsletter, we collect your email address and subscription source (e.g., homepage or footer form). We use a double opt-in process: after submitting your email, you will receive a confirmation email with a verification link that expires after 24 hours. Your subscription is only active after you click this link. We use Resend as our email delivery provider. You may unsubscribe at any time via the unsubscribe link in every email or by contacting us. We retain newsletter subscriber data (email and subscription date) until you unsubscribe, after which we delete it within 30 days. If you later create an account, your newsletter preferences will be linked to your user profile.

15. Referral Programme

Our referral programme allows you to share a unique referral link with others. When someone signs up using your referral link, we record: (a) the referrer's referral code (linked to your account); (b) the referee's signup origin (that they arrived via a referral link). This data is used solely to attribute referrals and deliver referral rewards (e.g., free premium report access). We do not share your referral activity with third parties. You may request deletion of your referral data by contacting us.

16. Analytics and Tracking (PostHog)

We use PostHog, a product analytics platform, to understand how users interact with the Service. PostHog collects: page views, feature usage events (e.g., report viewed, paywall interactions), session replays (anonymised), and device/browser information. PostHog data is processed in the EU/US under a data processing agreement. You may opt out of PostHog tracking by: (a) enabling "Do Not Track" in your browser settings; (b) using a browser extension that blocks analytics scripts; or (c) contacting us at privacy@startinsight.co to request exclusion. Opting out does not affect your ability to use the Service.

17. Contact Us

For privacy-related inquiries, please contact our Data Protection Officer at privacy@startinsight.co or write to us via our contact page. We aim to respond to all requests within 30 days.

Privacy questions? Contact our team or email privacy@startinsight.co