Legal

Privacy Policy

Last updated: March 2026

Note: This Privacy Policy is provided for informational purposes. It is not legal advice. Foundyr FZ-LLC recommends that you consult a UAE-licensed legal professional for advice specific to your data protection obligations.

1. Overview

Foundyr FZ-LLC (“Foundyr”, “we”, “our”, or “us”) operates the platform at foundyr.net.

We are committed to protecting your personal data in accordance with the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (the “PDPL”) and its Executive Regulations.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, who we share it with, and what rights you have under UAE law.

2. Personal data we collect

Account data

  • Name
  • Email address
  • Password (stored as a one-way hash — never in plain text)
  • Profile photo (optional)

Venture data

  • Business idea descriptions and responses to interview questions
  • Startup plan content you generate
  • Evidence files you upload (documents, screenshots)
  • Stage progress and milestone records

Usage data

  • Pages visited and features used
  • Session duration and interaction logs
  • Browser type, device type, and operating system
  • IP address (anonymised after 30 days)

Communication data

  • Emails you send to us
  • Support tickets and chat messages

3. Legal basis for processing

Under the UAE PDPL, we process your personal data on the following bases:

Contract performance
Processing necessary to provide you with the Foundyr platform and services you have signed up for.
Consent
Where we have obtained your explicit consent — for example, for marketing emails or optional analytics.
Legitimate interests
To improve our platform, prevent fraud, and ensure the security of our services — where these interests are not overridden by your rights.
Legal obligation
Where we are required to process or retain data by applicable UAE law.

4. How we use your personal data

  • To provide and operate the Foundyr platform
  • To generate your personalised Startup Plan and artifacts
  • To track and enforce evidence-gated stage progression
  • To send you transactional emails (account confirmations, stage completion notifications)
  • To send you product updates and newsletters (with your consent — unsubscribe any time)
  • To respond to your support requests
  • To improve the platform through aggregated, anonymised usage analysis
  • To comply with applicable UAE legal obligations

5. Data storage and security

Your data is stored using Supabase, which uses PostgreSQL with row-level security (RLS). This means only you — authenticated as your account — can access your personal venture data.

All data is encrypted in transit using TLS 1.2 or higher, and encrypted at rest using AES-256.

Our primary infrastructure is hosted in data centres that comply with ISO/IEC 27001. We will publish our full data processing record before commercial launch.

6. Who we share your data with

We do not sell your personal data. We may share data with the following categories of third parties, solely to operate our platform:

SupabaseDatabase, authentication, and file storage
AnthropicAI language model processing for the interview engine (conversation content only — no PII is intentionally sent)
StripePayment processing — subject to Stripe's own privacy policy
Resend / SendGridTransactional and marketing email delivery
VercelWeb hosting and edge network

7. Your rights under UAE PDPL

Under the UAE Personal Data Protection Law, you have the following rights:

Right to access
Request a copy of the personal data we hold about you.
Right to correction
Request that we correct any inaccurate or incomplete personal data.
Right to erasure
Request deletion of your personal data, subject to legal retention requirements.
Right to restrict processing
Request that we limit how we process your data in certain circumstances.
Right to portability
Receive your data in a structured, machine-readable format.
Right to object
Object to processing based on legitimate interests or for direct marketing.

To exercise any of these rights, email us at privacy@foundyr.net. We will respond within 30 calendar days.

8. Data retention

We retain your personal data for as long as your account is active, or as needed to provide our services. If you close your account, we will delete or anonymise your personal data within 90 days, except where we are required to retain it by applicable UAE law (for example, financial records under Federal Law No. 2 of 2015 on Commercial Companies).

9. Cookies

We use cookies and similar technologies to operate our platform and improve your experience. Please see our Cookie Policy for full details.

10. Contact us

If you have any questions about this Privacy Policy or our data practices:

Company: Foundyr FZ-LLC
Website: foundyr.net

You also have the right to lodge a complaint with the UAE Data Office (uaedataoffice.gov.ae).