Fund Launch Labs
Fund Launch AI
Entity: Fund Launch Labs, Inc., a Delaware C-Corporation
Principal Office: 3400 North 1200 West, Suite 201, Lehi, Utah 84043
Privacy Contact: privacy@fundlaunch.com
Privacy Office: privacy@fundlaunch.com
Last Updated: June 1, 2026
Effective Date: June 1, 2026
California residents: your right to opt out of sale or sharing
We share certain device and visit signals with marketing partners (HubSpot, Hyros, and Google) on our unauthenticated marketing pages for attribution and audience measurement. Under the CCPA/CPRA you have the right to opt out. Visit Do Not Sell or Share My Information to manage your preferences. Section 7.5 and Section 9.3 below describe this in more detail.
This Privacy Policy (“Policy”) describes how Fund Launch Labs, Inc. (“Company,” “we,” “our,” or “us”) collects, uses, discloses, retains, and protects personal information in connection with the Fund Launch AI platform, including all web-based interfaces, APIs, integrations, and mobile applications (collectively, the “Platform”).
This Policy applies to (a) individuals who create accounts on the Platform; (b) authorized users of those accounts; (c) visitors to Company’s websites; (d) recipients of Company’s communications; and (e) individuals whose personal data is uploaded to the Platform by Company’s customers (“Clients”), subject to the role limitations in Section 14.
This Policy is incorporated by reference into our Terms of Service. Capitalized terms used but not defined here have the meanings given in the Terms of Service. In the event of any conflict between this Policy and the Terms of Service with respect to data practices, this Policy controls.
By accessing or using the Platform, you agree to the collection, use, and disclosure of your information as described in this Policy. If you do not agree, do not use the Platform.
Plain-English overview. The full terms are in the sections that follow. In case of conflict, the full text governs.
· Account Information: name, email address, phone number, company name, mailing address, professional title, and other registration details.
· Client Data: documents, financial data, fund information, investor details, cap tables, capital-raising materials, and other materials you upload to or create within the Platform.
· AI Inputs: prompts, queries, instructions, documents, and other content you submit to AI-powered features.
· Payment Information: billing address and payment method details. Payment processing is handled by third-party processors (e.g., Stripe); we do not store full card numbers.
· Identity Verification: information collected to verify identity, business existence, beneficial ownership, sanctions screening, or to meet our payment processor’s KYC requirements.
· Communications: messages, feedback, support requests, survey responses, and other correspondence with us.
· Marketing Information: information about your interests, preferences, and event attendance.
· Usage Data: browser type, device type, operating system, IP address, referring site, pages visited, features used, click behavior, session duration, time spent.
· Log Data: server logs, error reports, API call metadata, performance metrics.
· AI Interaction Data: prompts submitted, AI Outputs generated, model versions used, response metadata, feedback signals (thumbs up/down, regeneration requests), edits, and revisions.
· Cookies and Tracking Technologies: described in Section 6.
· Device Identifiers: hardware model, OS version, advertising identifiers, mobile network information (mobile only).
· Approximate Location: derived from IP address. We do not collect precise location unless you opt in.
We may receive information from third parties that you authorize, including single sign-on (SSO) providers, social media platforms (when you sign in), payment processors, identity verification vendors, business partners, and publicly available sources, in each case as permitted by applicable law and the third party’s terms.
For purposes of the California Consumer Privacy Act, as amended by the California Privacy Rights Act, we collect personal information in the following categories within the preceding twelve (12) months:
“Sensitive Personal Information” (SPI) under the CPRA means specific categories of personal information that warrant heightened protection. We may collect the following SPI categories:
· Government-issued identifiers (in connection with identity verification or KYC) — e.g., driver’s license, passport, or Social Security Number where required;
· Financial account information (in connection with payment or accredited-investor verification);
· Precise geolocation — we do NOT collect precise geolocation by default; if a feature requires it, we will obtain your consent;
· Voice content of Advisor calls (when recorded under Section 15.2);
· Citizenship or immigration status (only if collected during accredited-investor or beneficial-owner verification);
· Account credentials enabling access to financial accounts (e.g., where Client integrates external accounting systems).
We use SPI only for the purposes for which it was collected (e.g., identity verification, payment processing, fraud prevention, providing the Platform). We do not use SPI to infer characteristics about you. California residents have the right to limit our use of SPI as described in Section 9.3.
As of the Last Updated date of this Policy, the Platform is not designed for and does not knowingly collect: Protected Health Information (PHI) under HIPAA; personal information of children under 18; biometric identifiers for identification purposes (other than voice content in recorded Advisor calls under Section 15.2); or information classified as restricted national security information. Clients may not upload such information. If Company introduces features in the future that would involve any such collection, this Policy will be updated and, where required, additional notices or consents will be obtained.
· Delivering Services, including AI-powered features, template-based document assembly, and marketplace functionality
· Processing transactions, managing your account, allocating Credits
· Authenticating users, maintaining Platform security, detecting and preventing fraud and abuse
· Providing customer support and responding to inquiries
· Processing AI Inputs to generate AI Outputs as directed by you
· Transmitting AI Inputs and Client Data to third-party AI model providers as described in Sections 5.3 and 7.2
· Logging AI interactions for quality assurance, error resolution, and abuse prevention
· Generating personalized recommendations and tailoring Platform features to your usage
· Analyzing usage patterns to improve features, performance, and user experience
· Training, fine-tuning, and improving Company’s proprietary machine learning models (see Section 5.4)
· Conducting internal research and development
· Generating aggregate analytics, benchmarks, and product metrics
· Transactional communications: account confirmations, security alerts, billing notices, password resets, feature updates affecting service
· Marketing communications: promotional emails and SMS where permitted by law and consented to where required. You may opt out of marketing communications at any time via the unsubscribe link in each email or by replying STOP to SMS
· SMS notice: message frequency may vary. Message and data rates may apply. Text HELP for help. Text STOP to unsubscribe. Carriers are not liable for delayed or undelivered messages
· Surveys, research, and customer satisfaction inquiries
· Facilitating Advisor call bookings, scheduling, and payment via Credits
· Routing Client click-throughs to Service Provider websites and tracking referrals (with disclosure under Section 17.5 of the Terms of Service)
· Recording and storing Advisor call recordings (see Section 15)
· Complying with applicable laws, regulations, legal process, and government requests
· Enforcing our Terms of Service and protecting our rights, property, and the safety of users and the public
· Detecting, preventing, investigating, and addressing fraud, security incidents, AUP violations, and abuse
· Sanctions screening and meeting KYC obligations of our payment processors
· Establishing, exercising, or defending legal claims
· Any other purpose disclosed at the time of collection and to which you have consented
When you use AI-powered features, the prompts, documents, and data you submit (“AI Inputs”) are processed by the Platform and, in certain cases, transmitted to third-party AI model providers to generate outputs. AI Inputs may be temporarily cached or logged for the purposes of delivering the Services, error resolution, debugging, and abuse prevention.
AI Outputs are generated algorithmically based on your AI Inputs, applicable templates, and the capabilities of the underlying models. AI Outputs may not be unique — similar inputs from different users may produce similar or identical outputs. Company does not guarantee the accuracy, completeness, or legal sufficiency of any AI Output. You are responsible for independently reviewing and verifying any AI Output before use, as further described in the Terms of Service.
We access third-party AI models (e.g., large language model APIs from major providers) exclusively through paid API integrations with contractual commitments prohibiting provider-side training on customer-submitted data. Your Client Data and AI Inputs are transmitted to these providers solely for the purpose of generating AI Outputs for you. A current list of material third-party AI model providers is available upon request by contacting privacy@fundlaunch.com.
Company develops and operates proprietary machine learning models to power Platform features such as algorithmic scoring, recommendations, document quality optimization, and response improvement. By accessing and using the Platform, you acknowledge that Company uses Client Data, AI Inputs, AI Outputs, and Interaction Signals to train, fine-tune, and improve Company’s proprietary models. This processing is grounded in Company’s legitimate interest in operating, improving, and securing the Platform for all Clients, and in contractual necessity to deliver the AI-powered features you have subscribed to (see Section 8 for the GDPR legal-basis analysis). Company will implement reasonable technical safeguards designed to prevent the exposure of any individual Client’s identifiable Client Data to other Clients through model outputs. Company will not share Client’s proprietary content (including fund strategies, investor lists, and other materials you upload) with other Clients in identifiable form.
You may opt out of having your identifiable Client Data used for Company proprietary model training at any time through your account settings under “Data & Training” or by contacting privacy@fundlaunch.com.
For clarity, this opt-out applies only to identifiable Client Data. Regardless of any opt-out, Company retains the right to use the following for any purpose, including model training, benchmarking, analytics, marketing, and product development:
(a) AI Inputs, AI Outputs, Interaction Signals, and feedback signals;
(b) aggregate, de-identified, and anonymized data derived from Platform usage; and
(c) any information that has been irreversibly de-identified or aggregated such that it cannot reasonably be linked back to you or any identifiable individual.
Opt-out does not apply retroactively to models already trained prior to your opt-out request and does not affect the lawfulness of any processing that occurred before your opt-out. Opting out does not affect the core availability or functionality of the Platform, though certain personalization features may be less tailored to your specific use case.
We may collect, use, retain, disclose, and exploit aggregate, de-identified, and anonymized data derived from Platform usage (including AI interaction patterns, feature usage, scoring outcomes, and Interaction Signals) for any purpose, including to improve the Platform, train proprietary and third-party models, develop new features, generate industry benchmarks, conduct research, and produce marketing and analytical materials. Such data cannot reasonably be linked back to you. Our rights under this Section 5.6 survive termination of your account and are not subject to opt-out.
Interaction Signals — including button clicks, thumbs up/down ratings, regeneration requests, dwell time, scroll behavior, edit patterns, feedback signals, anonymized usage patterns, aggregate session metadata, and model performance metrics — are not Client Data, are the sole property of Company, and are not subject to opt-out. Company may collect, retain, use, and exploit Interaction Signals indefinitely for any purpose without restriction.
We log AI interactions (prompts, outputs, model metadata, and user feedback) for the purposes of: (a) delivering and improving the Services; (b) debugging and error resolution; (c) detecting and preventing abuse, misuse, or policy violations; and (d) compliance with legal obligations. AI interaction logs are retained in accordance with Section 10.3.
The Platform may use automated processing, including AI, to generate content, scoring, recommendations, or analyses. These outputs are informational and operational tools only. They do not constitute legal, financial, tax, or investment advice and are not used to make decisions that produce legal or similarly significant effects on you without human review.
For users in the European Economic Area, United Kingdom, or other jurisdictions with analogous protections (such as GDPR Article 22): you have the right not to be subject to a decision based solely on automated processing that produces legal effects concerning you or similarly significantly affects you. The Platform’s outputs are not such decisions; they are tools that require human review before any decision is made. If you believe an automated process has produced a legally or similarly significant effect on you, contact privacy@fundlaunch.com to request human review, explanation, and the right to contest the decision.
· Essential Cookies: required for basic Platform functionality (authentication, security, session management). These are deployed automatically.
· Functional Cookies: remember settings, preferences, and language choices. Deployed only with your consent (where required by law).
· Analytics Cookies: help us understand how the Platform is used. Deployed only with your consent where required by law.
· Marketing / Advertising-Partner Cookies: used for attribution, audience measurement, and targeted communications. Deployed only with your consent. On our unauthenticated marketing pages this includes:
— HubSpot tracking cookies (__hstc, hubspotutk, __hssc, __hssrc) used to tie waitlist sign-ups and other marketing-page conversions to the visitor’s prior pageviews on our domain.
— Hyros tracking cookies and identity-graph signals used for cross-property attribution, conversion measurement, and ad spend optimization. Hyros builds a profile of the visit fingerprint (device, browser, IP-derived region) and combines it with attribution data from other properties we advertise on, which under CCPA/CPRA is treated as “sharing” rather than a sale.
— Google tags, loaded through Google Tag Manager. Tag Manager is a container that can load Google’s measurement and advertising tags — such as Google Analytics (cookies like _ga and _ga_*) and Google Ads (cookies like _gcl_*) — which set first-party cookies on our domain and may share device and visit signals with Google for analytics, attribution, and conversion measurement.
These cookies and trackers are loaded only when you accept the advertising / marketing-partner category in our consent banner (or, in U.S. jurisdictions, until you opt out via the banner, the Cookie Preferences link in the footer, or the dedicated Do Not Sell or Share My Information page).
· Pixels, Web Beacons, and Tags: small images and code snippets that track email opens, link clicks, and page visits. Used with the same consent as the corresponding cookie category. The HubSpot, Hyros, and Google (Tag Manager) tracking pixels and tags are loaded under the advertising / marketing-partner category described above and are restricted to the unauthenticated marketing surface (the front page for signed-out visitors and the waitlist page).
· Mobile SDKs and Device Identifiers: similar tracking on mobile devices, including hashed advertising identifiers.
Users in jurisdictions requiring consent (including the EEA, UK, and applicable U.S. states) are presented with a cookie consent banner upon first accessing the Platform. You may manage your cookie preferences at any time through the cookie settings page accessible from the Platform footer, or by contacting privacy@fundlaunch.com. Withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal. A current list of cookies and similar technologies used on the Platform is available upon request.
Several U.S. states — including California, Colorado, Connecticut, and Oregon (among others) — recognize the Global Privacy Control (GPC) browser signal as a valid opt-out signal for sale/sharing of personal information and for targeted advertising. We honor GPC signals where required by law as an opt-out of sale/sharing for users in those jurisdictions. We do not currently respond to legacy “Do Not Track” browser signals, as there is no industry-standard implementation.
Some cookies and tracking technologies are placed by third-party providers (e.g., analytics, advertising, customer-support widgets). These are subject to the privacy policies of those providers. You can manage many third-party cookies through your browser settings or industry opt-out tools such as the Network Advertising Initiative (https://optout.networkadvertising.org) and the Digital Advertising Alliance (https://optout.aboutads.info).
We do not use cookies or similar technologies to track users across third-party websites for the purposes of building profiles based on sensitive personal information, health conditions, religion, race, sexual orientation, or political views.
Our consent banner splits non-essential cookies and trackers into two independent categories so you can accept or reject them separately:
· Analytics — product-usage telemetry via PostHog. Tells us which features visitors interact with, how long sessions last, and where in the funnel users drop off. This data is not shared with advertising partners and is not used to build cross-context profiles.
· Advertising / Marketing Partners — HubSpot tracking pixel (cookies like hubspotutk), Hyros (cross-property attribution and identity-graph signals), and Google tags loaded through Google Tag Manager (e.g. Google Analytics cookies like _ga, and Google Ads). When enabled, the corresponding scripts run only on our unauthenticated marketing pages and the data is shared with these partners for analytics, attribution measurement, and ad spend optimization. This category constitutes “sharing” for purposes of CCPA/CPRA. See Section 7.5 and Section 9.3 for opt-out details.
Either category can be rejected without affecting the other. U.S. visitors see a default-on notice with a Reject button; EEA/UK/Switzerland visitors see two opt-in checkboxes and nothing fires until you explicitly accept. Authenticated app pages (everything signed-in users see after login) do not load the advertising-category trackers regardless of your cookie choice.
Not in either category: HubSpot Forms. When you voluntarily submit your email through our waitlist form, that email is sent to HubSpot via their Forms API so HubSpot can create a contact record we use to email you back. HubSpot acts as our service provider for this specific purpose under CCPA §1798.140(ag), which is a different legal category from “sharing”. Form submissions happen regardless of your cookie-consent choice; the only behavior gated by the advertising category is whether the hubspotutk tracking cookie is attached to the form submission for pageview-funnel attribution. Section 7.5 explains the distinction in more detail.
We use third-party service providers to operate and support the Platform. Each provider is contractually obligated to maintain appropriate security and confidentiality and to use personal data only for the purposes for which we engaged them. Material categories include:
· Payment Processing: Stripe
· Analytics and Product Telemetry: Posthog
· Customer Relationship Management and Marketing: Salesforce, HubSpot
· Marketing Attribution and Ad-Spend Measurement: Hyros (loaded only on unauthenticated marketing pages, only when the advertising / marketing-partner consent category is accepted)
· Tag Management, Analytics, and Advertising Measurement: Google (Google Tag Manager and the Google Analytics / Google Ads tags it loads — loaded only on unauthenticated marketing pages, only when the advertising / marketing-partner consent category is accepted)
· Cloud Infrastructure and Hosting: Databricks, Vercel, and other major cloud providers
· Identity Verification and KYC providers (as needed)
· Customer Support tooling
A current list of material service providers is available upon request by contacting privacy@fundlaunch.com.
The Platform utilizes third-party AI model providers to power AI features. When you use AI-powered features, your AI Inputs and related data may be transmitted to these providers for processing. We require our AI model providers to maintain appropriate data security and confidentiality standards, including:
· Contractual prohibitions on using your data for training their own models
· Data processing agreements with appropriate security and privacy commitments
· Compliance with applicable data protection laws
When you click a link to a Service Provider listed on the Marketplace, you are taken to that Service Provider’s website. The Service Provider’s collection and use of your information is governed by the Service Provider’s own privacy policy. For some Service Providers, we may share the referral source (i.e., that you came from the Platform) so the Service Provider can track the referral or extend a discount, and we may receive a referral fee, as disclosed on the Services tab and in the Terms of Service.
We may disclose your personal information in the following circumstances:
· Service Providers: with the third parties described in Sections 7.1–7.3
· Authorized Personnel: with our employees, contractors, and agents who need access to perform their duties, subject to confidentiality obligations
· Legal Requirements: when required by law, regulation, legal process, subpoena, court order, or governmental request
· Protection of Rights: to enforce our Terms of Service, protect our rights, privacy, safety, or property, or that of our users or the public
· Business Transfers: in connection with a merger, acquisition, reorganization, financing, sale of assets, or bankruptcy, in which case your information may be transferred to the acquiring entity, subject to the protections of this Policy
· With Your Consent: in any other circumstances where you have provided explicit consent
We do not sell personal information in exchange for monetary consideration. To be precise about how we engage HubSpot, Hyros, and Google, we distinguish two categories of data flow:
(a) First-party data you voluntarily submit (CCPA “service provider” relationship, not “sharing”). When you enter your email into our waitlist form and click submit, we forward that email plus the page URL and title to HubSpot via their Forms API so HubSpot can create a contact record we use to email you back. HubSpot acts as our service provider under CCPA §1798.140(ag) — they process your email on our behalf for a single specified purpose (waitlist contact management), and they cannot use it for their own purposes or share it with their other customers. This is not “sharing” under CCPA/CPRA and happens regardless of your cookie-consent choice. You can request deletion of your contact record at any time by emailing privacy@fundlaunch.com.
(b) Tracking pixels and identity-graph signals (“sharing” under CCPA/CPRA). On our unauthenticated marketing pages (the front page for signed-out visitors and the waitlist page), and onlywhen you accept the advertising / marketing-partner consent category, we share certain device and visit signals — IP address, browser fingerprint, page views, click paths, and tracking cookies (the HubSpot hubspotutk cookie and Google’s _ga / _gcl_*cookies) — with HubSpot, Hyros, and Google (via Google Tag Manager) for attribution measurement, audience analytics, and ad-spend optimization. Under CCPA/CPRA this constitutes “sharing” of personal information for cross-context behavioral advertising even though no money changes hands. You have the right to opt out at any time:
— Visit Do Not Sell or Share My Information and choose “Reject all” (or untick the Marketing partners toggle and click Save).
— Or open the Cookie Preferences modal from the footer of any marketing page and untick the same toggle.
— Or enable the Global Privacy Control (GPC) signal in your browser; we honor GPC as an opt-out of sale/sharing automatically.
When you opt out of category (b), we clear the HubSpot and Google (GTM / Analytics / Ads) tracking cookies on your device and reload the page to flush any loaded tracker state, so the opt-out takes effect immediately on receipt. Your waitlist signup (category (a)) is unaffected — we still have your email as a service-provider relationship and you remain on the waitlist; only the cross-context behavioral attribution stops.
We apply the same cleanup automatically when an unauthenticated visitor signs in: as soon as your session becomes authenticated we clear the HubSpot and Google tracking cookies and reload so the loaded marketing-tracker state does not follow you into the authenticated app. This enforces the authenticated-app exclusion described below at the moment of the transition, not on the next pageview.
Authenticated app pages (everything signed-in users see after login) do not load HubSpot, Hyros, or Google marketing trackers regardless of your cookie choice, and signals collected inside the authenticated app are not shared with these partners. SMS opt-in data is not shared with any third parties for promotional purposes.
For users in the European Economic Area, United Kingdom, or other jurisdictions requiring a legal basis for processing, we process personal data on the following grounds:
· Consent: where you have given explicit consent (e.g., marketing communications, non-essential cookies, precise location data, recording of Advisor calls)
· Contractual Necessity: where processing is necessary to perform our contract with you (e.g., providing the Platform and Services, processing payment, delivering AI Outputs based on your AI Inputs)
· Legal Obligation: where processing is necessary to comply with applicable law (e.g., tax records, sanctions screening, AML/KYC obligations of our payment processors, responding to legal process)
· Legitimate Interests: where processing is necessary for our legitimate interests and not overridden by your rights and freedoms. Our legitimate interests include: (i) operating, improving, and securing the Platform; (ii) training, fine-tuning, and improving Company’s proprietary AI and machine learning models, which is necessary to maintain product quality and competitive parity in the rapidly evolving AI market and provides direct benefit to all Clients (subject to your right to opt out under Section 5.5 for identifiable Client Data); (iii) preventing fraud, abuse, and security incidents; (iv) conducting analytics and business operations; (v) communicating with you about your account; and (vi) direct marketing to existing customers within the limits permitted by applicable law. Company has conducted a balancing assessment and determined that these interests are not overridden by your rights and freedoms, particularly given (a) the opt-out available under Section 5.5; (b) the technical safeguards preventing identifiable-data exposure across Clients; and (c) the absence of automated decisions producing legal or similarly significant effects (Section 5.9)
· Vital Interests: in the rare circumstance where processing is necessary to protect a person’s life
You have the right to object to processing based on legitimate interests at any time. Contact privacy@fundlaunch.com.
Subject to applicable law, you may have the following rights:
· Access: request a copy of the personal data we hold about you
· Correction: request correction of inaccurate or incomplete personal data
· Deletion: request deletion of your personal data, subject to legal retention requirements
· Portability: request a copy of your data in a structured, commonly used, machine-readable format
· Restriction: request restriction of processing in certain circumstances
· Objection: object to processing based on legitimate interests
· Consent Withdrawal: withdraw any consent previously provided, without affecting the lawfulness of processing before withdrawal
· Non-discrimination: not be discriminated against for exercising your privacy rights
· Model Training Opt-Out: opt out of the use of your identifiable Client Data for Company proprietary model training at any time (see Section 5.5)
· AI Interaction Data: request access to or deletion of AI interaction logs associated with your account
· Explanation: request an explanation of how AI features process your data to generate outputs
· Human Review: request human review of any automated decision that you believe has produced a legal or similarly significant effect on you
California residents have the following rights, in addition to those above:
· Right to Know: details about categories and specific pieces of personal information collected, sources, purposes, and categories of recipients (see Sections 3.4 and 7)
· Right to Delete: request deletion of personal information, subject to statutory exceptions
· Right to Correct: request correction of inaccurate personal information
· Right to Opt Out of Sale or Sharing: we do not sell personal information for monetary consideration. On our unauthenticated marketing pages and only with your advertising / marketing- partner consent, we share device and visit signals with HubSpot, Hyros, and Google for attribution measurement — which constitutes “sharing” under CCPA/CPRA. Opt out at any time at Do Not Sell or Share My Information, via the Cookie Preferences link in the footer, or by enabling Global Privacy Control in your browser
· Right to Limit Use of Sensitive Personal Information: limit our use of SPI to purposes necessary to provide the Services. Contact privacy@fundlaunch.com to exercise
· Right to Non-Discrimination: we will not discriminate against you for exercising your rights
· Notice at Collection: this Policy serves as our Notice at Collection. We collect the categories of personal information listed in Section 3.4 from the sources and for the business purposes listed therein and retain personal data as described in Section 10
· Authorized Agents: you may designate an authorized agent to submit requests on your behalf. We may require verification of identity and agent authorization
· Shine the Light (Cal. Civ. Code §1798.83): California residents may request information once per year about disclosures of personal information for direct-marketing purposes. We do not disclose personal information to third parties for their direct-marketing purposes; therefore there is nothing to report
· Global Privacy Control: we honor GPC signals as opt-out of sale/sharing for California residents
Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Florida (FDBR), and certain other U.S. states with comprehensive privacy laws have the following rights (subject to state-specific variations):
· Right to Confirm and Access processing of personal data
· Right to Correct inaccurate personal data
· Right to Delete personal data
· Right to Data Portability
· Right to Opt Out of (i) targeted advertising; (ii) sale of personal data; and (iii) profiling in furtherance of decisions that produce legal or similarly significant effects
· Right to Appeal a denial of a privacy request (Colorado, Virginia, Connecticut, and analogous states)
Contact privacy@fundlaunch.com to exercise any of these rights. We will respond within the timeframes required by applicable law.
In addition to the general rights in Section 9.1, you may lodge a complaint with your local data protection authority. EEA residents may contact their national Data Protection Authority; UK residents may contact the Information Commissioner’s Office (ICO) at https://ico.org.uk. Company will appoint a representative in the European Union and in the United Kingdom under Article 27 of the GDPR and the UK GDPR if and when required by applicable law. Where appointed, the representative’s contact details will be posted on our website and available upon request from privacy@fundlaunch.com.
To exercise any of the rights described above:
· Email privacy@fundlaunch.com with the subject “Privacy Rights Request”
· Or, where available, use the in-Platform privacy controls in account settings under “Data & Privacy”
We will verify your identity using information already in our possession (e.g., the email associated with your account) before fulfilling any request. We will respond within the timeframes required by applicable law: 30 days for GDPR (extendable by 60 days for complex requests), 45 days for CCPA (extendable by 45 days), and the applicable timeframes under other state laws.
There is no fee to exercise your rights, except where requests are manifestly unfounded, excessive, or repetitive, in which case we may charge a reasonable fee or refuse to act.
We retain personal data only as long as necessary to fulfill the purposes described in this Policy or as required by law (including financial, tax, accounting, and regulatory obligations).
Client Data is retained for the duration of the Subscription Term and for thirty (30) days following termination, during which time you may request export of your data. After this period, Client Data will be deleted from active production systems unless retention is required by law.
Backend AI interaction logs — including raw prompt/response pairs, model metadata, latency data, and error traces — are retained for up to ninety (90) days for debugging, abuse prevention, quality assurance, and compliance purposes. After the retention period, these logs are deleted or irreversibly de-identified. This section applies to backend diagnostic and infrastructure logs only. User-facing content (saved documents, generated outputs, conversation history) is treated as Client Data and retained in accordance with Section 10.2.
Aggregate, de-identified, and anonymized data may be retained indefinitely for analytics, benchmarking, model training, research, marketing, and Platform improvement purposes. Retention of such data is not subject to opt-out and survives account termination.
Personal data residing in routine system backups is retained for the duration of the applicable backup-retention cycle (currently up to ninety (90) days), after which backups are deleted or overwritten in accordance with our backup schedule. Backup data is not actively accessed except for disaster recovery.
Billing records, payment history, and tax-relevant account data may be retained for up to seven (7) years following account termination, as required by financial, tax, accounting, and regulatory record-keeping obligations. Other non-financial account information (such as profile fields beyond name and email) will be deleted or de-identified within thirty (30) days of the end of the post-termination export window described in Section 10.2, unless retention is independently required by law.
If we are subject to a legal hold, subpoena, regulatory inquiry, or active investigation, we may retain personal data beyond the retention periods stated above for the duration of the matter.
We implement and maintain commercially reasonable administrative, technical, and physical safeguards designed to protect your personal data, including:
· Encryption in transit (TLS 1.2+) and at rest (AES-256 or equivalent)
· Role-based access controls and least-privilege principles for personnel
· Multi-factor authentication for administrative access
· Regular security assessments, vulnerability scanning, and penetration testing
· Incident response procedures and breach notification processes
· Payment card data processed in accordance with PCI-DSS standards via third-party processors
· Security training for employees with access to personal data
In the event of a confirmed unauthorized access, acquisition, use, disclosure, or destruction of personal information that is likely to result in a material risk of harm to you, we will notify affected individuals and applicable regulators in accordance with applicable law. For Clients receiving our Services, we will notify the primary administrator without undue delay, and in any event within seventy-two (72) hours of confirming the incident, to the extent required by the Terms of Service or applicable law. Notification will include, to the extent known: the nature of the incident, categories and approximate volume of data affected, actions taken or proposed, and contact information for further inquiries. Where applicable law requires shorter or additional notifications — including but not limited to California Civil Code §1798.82 (which may require notification to the California Attorney General within thirty (30) days for incidents affecting 500 or more California residents) and state-by-state breach notification statutes — we will comply with such additional requirements.
You play a critical role in keeping your data secure. You agree to: (a) maintain the confidentiality of your account credentials; (b) use strong, unique passwords and enable multi-factor authentication where available; (c) promptly report any suspected unauthorized access or compromise to security@fundlaunch.com; and (d) keep your contact information current. We are not liable for unauthorized access resulting from your failure to maintain account security.
No method of transmission or storage is 100% secure. While we strive to protect your data using industry-standard practices, we cannot guarantee absolute security.
We are based in the United States. Your personal data may be transferred to and processed in the United States and other countries where we or our service providers operate, which may have data protection laws different from those of your country of residence.
If personal data is transferred outside the European Economic Area, United Kingdom, or Switzerland to a country not deemed by the relevant authority to provide an adequate level of protection, we implement appropriate safeguards, including:
· Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable
· The UK International Data Transfer Agreement (IDTA) or UK Addendum to the SCCs
· Other appropriate transfer mechanisms recognized under applicable law
Company is not currently certified to the EU-U.S. Data Privacy Framework. If Company becomes certified, this Policy will be updated and the certification status will be reflected on our website. A copy of the relevant transfer safeguards is available upon request by contacting privacy@fundlaunch.com.
The Platform is intended for users aged 18 and over and is not directed to children. We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected personal information from a person under 18, we will take steps to delete such information promptly. If you believe a minor has provided us with personal information, please contact privacy@fundlaunch.com.
Various state and federal laws (including the Children’s Online Privacy Protection Act, California SB-976, and similar state laws addressing minors’ use of online services) impose heightened protections for users under 18. Consistent with the age requirement above, the Platform does not offer accounts to such users; we will cooperate with parental requests to the extent required by law.
The Platform is primarily designed for fund formation, document drafting, and operational tooling. It is not currently designed for processing investor subscriptions, capital raises, or investor relations directly. Nevertheless, Clients may from time to time upload to the Platform personal data relating to individuals other than themselves, including investors, limited partners, advisors, employees, and other third parties (“Third-Party Data”). With respect to Third-Party Data:
As between Client and Company, Client is the data controller (or analogous designation under applicable law) of Third-Party Data, and Company acts as a data processor or service provider, processing such Third-Party Data on Client’s behalf and in accordance with Client’s instructions and the Terms of Service. For clarity, Company’s processor role with respect to identifiable Third-Party Data does not limit Company’s separate rights, as set forth in Section 5.4 and 5.6, to use AI Inputs, AI Outputs, Interaction Signals, and aggregate/de- identified data derived from Platform usage for Company’s own purposes, including proprietary model training. Identifiable Third-Party Data that has not been irreversibly de-identified will not be used by Company for purposes other than providing the Services to Client and complying with applicable law.
Client represents and warrants that it has (a) obtained all necessary consents and rights to upload Third-Party Data to the Platform; (b) provided any required notices to the individuals whose data is uploaded; and (c) complied with any contractual or legal restrictions on the use, sharing, and processing of such data (including any limited partner agreement confidentiality provisions, Regulation S-P obligations, and applicable state breach notification laws).
If an individual whose Third-Party Data has been uploaded contacts Company directly to exercise privacy rights, Company will generally direct that individual to Client as the responsible data controller, except where Company is required by law to respond directly.
Enterprise Clients may request a Data Processing Addendum (DPA) for execution by contacting privacy@fundlaunch.com. The DPA supplements this Policy with processor-controller specific terms required under GDPR, UK GDPR, CCPA, and analogous laws.
When you click a link to a Service Provider on the Marketplace, you may be redirected to the Service Provider’s website. Once you leave the Platform, the Service Provider’s privacy policy and terms govern. We may share with the Service Provider that you were referred from the Platform (and, in limited cases, your name or email) so that the Service Provider can credit the referral or honor a Platform-specific offer. We may receive a referral fee in connection with this referral, as disclosed on the Services tab.
Advisor calls and certain Service Provider interactions conducted on the Platform may be recorded for quality assurance, training, dispute resolution, and compliance purposes. By scheduling and joining a call, you consent to such recording. Recordings are personal data and are processed in accordance with this Policy. Where two-party-consent (all-party-consent) state law applies (including California, Connecticut, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, Nevada, New Hampshire, Pennsylvania, Vermont, and Washington), an explicit recording notice is presented to all participants before the call. You may request that a specific call not be recorded by emailing support@fundlaunch.com at least twenty-four (24) hours in advance.
If we run paid marketing or affiliate programs in the future, we will disclose the use of any affiliate tracking technologies and provide an opt-out mechanism in compliance with applicable law.
We may update this Policy from time to time. Material changes — including changes to the categories of personal information we collect, the purposes for which we use it, third-party recipients, or your rights — will be communicated with at least thirty (30) days’ prior notice via email to the address on file or through prominent in-Platform notice. For material adverse changes affecting Clients on annual prepaid subscriptions, such changes will not take effect until the start of the Client’s next renewal term, and the Client may terminate without further obligation by providing notice prior to the effective date.
The updated Policy will be posted on the Platform with the revised “Last Updated” date. Continued use of the Platform after the effective date of any non-material modification, or after your affirmative acceptance of a material modification where required, constitutes acceptance of the updated Policy.
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about our data practices, please contact:
Email: privacy@fundlaunch.com
Mail: Fund Launch Labs, Inc., 3400 North 1200 West, Suite 201, Lehi, Utah 84043
Attn: Privacy
Fund Launch Labs, Inc.’s Privacy Office handles privacy questions, rights requests, and complaints. Contact privacy@fundlaunch.com.
Email: security@fundlaunch.com (for suspected security breaches or vulnerabilities)
For GDPR/UK GDPR-related inquiries, contact privacy@fundlaunch.com. You may also lodge a complaint with your local data protection authority (e.g., the UK ICO at https://ico.org.uk) if you believe your rights have been violated.