Privacy Policy

1. Introduction and Scope

Founders Today ("we", "our", "us", "the Platform") is committed to protecting your personal information. This Privacy Policy explains what data we collect, why we collect it, how we use and protect it, and what rights you have over your information.

This policy applies to all users of founderstoday.org and any associated services, including the web application, community features, product launch system, and newsletter. By using Founders Today, you agree to the data practices described in this policy.

If you do not agree with this policy, please do not use our platform. If you have questions, contact us at privacy@founderstoday.org.

2. Information We Collect

We collect information in the following ways:

2.1 Account Registration

• Email address (required for login and notifications)
• Full name (used in your public profile)
• Username (unique handle visible across the platform)
• Password (stored securely using industry-standard hashing — we never store plaintext passwords)

2.2 Profile Information (Optional)

• Bio, headline, and company details
• Profile photo (avatar URL)
• Website, Twitter, LinkedIn, and GitHub URLs
• Location (country and city — you control when this is set and updated)

2.3 Content You Create

• Posts, comments, and replies you publish
• Product launch submissions (name, description, URLs, pricing, media)
• Upvotes, bookmarks, and engagement actions
• FAQ entries and product page edits
• Newsletter subscription status
• Contact form and ad inquiry submissions
• Community reports you submit

2.4 Usage and Analytics Data

• Pages visited and time spent on pages
• Post views, product page views, and click-through data
• Device type, browser, and operating system (anonymised)
• IP address (used for security and fraud prevention — not sold or shared)
• Referral sources (how you arrived at the platform)

2.5 Cookies and Similar Technologies

We use session cookies and local storage to maintain your authenticated session and remember your preferences. We may use analytics tools that set their own cookies. See Section 5 for more details.

3. How We Use Your Information

We use the data we collect strictly for legitimate platform purposes:

• Platform operation: To provide authentication, display your profile, show your posts, and enable community features.
• Content ranking: To calculate engagement scores that determine content visibility in the feed.
• Notifications: To send you emails about replies, milestones, and platform updates you have opted into.
• Security and fraud prevention: To detect suspicious activity, prevent abuse, and protect the integrity of the community.
• Product improvements: To understand how features are used and where we can improve the platform experience.
• Newsletter: To send editorial content to subscribers who have explicitly opted in through their account.
• Legal compliance: To comply with applicable laws and respond to legitimate legal requests.
• Customer support: To respond to your contact form submissions and resolve issues.

We do not use your data for algorithmic advertising targeting, behavioural profiling for third-party sales, or any purpose not listed above.

4. Data Sharing and Third Parties

We do not sell your personal data. We never have and we never will.

We share data only in the following limited circumstances:

4.1 Service Providers

• Supabase — Our database and authentication infrastructure provider. Your data is stored securely on Supabase-managed servers with encryption at rest and in transit.
• Netlify — Our web hosting and serverless function provider.
• AWS S3 / compatible storage — Used for storing media uploads (avatars, product images). Files are stored with access controls.

4.2 Analytics

We may use privacy-respecting analytics tools to understand aggregate platform usage. Any analytics provider we use must comply with applicable privacy regulations. No personally identifiable data is shared with analytics providers.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or legitimate government authority. We will notify you to the extent permitted by law.

4.4 Business Transfers

If Founders Today is acquired or merges with another entity, your data may be transferred as part of that transaction. We will notify users before any such transfer and your rights under this policy will continue to be honoured.

5. Cookies and Tracking Technologies

We use the following types of cookies and local storage:

5.1 Essential Cookies

Required for the platform to function. This includes your authentication session token (stored securely via Supabase Auth). These cannot be disabled without breaking your ability to use the platform.

5.2 Preference Storage

We may store your display preferences (such as theme settings) in your browser's local storage. This data stays on your device and is not transmitted to our servers.

5.3 Analytics Cookies

If we use third-party analytics, those services may set cookies to track aggregate usage patterns. We configure these to be as privacy-preserving as possible, with IP anonymisation enabled wherever available.

5.4 Managing Cookies

You can control and delete cookies through your browser settings. Disabling essential cookies will log you out and may prevent you from using authenticated features. For analytics cookies, you can opt out through your browser or using tools like uBlock Origin.

6. Your Rights

You have the following rights regarding your personal data:

• Right of Access: You can request a copy of the personal data we hold about you.
• Right to Correction: You can update your profile information at any time through Settings. Contact us if you need to correct data we hold that you cannot edit yourself.
• Right to Deletion: You can request deletion of your account and associated personal data. See Section 7 for details.
• Right to Portability: You can request an export of your data in a machine-readable format (JSON or CSV).
• Right to Restrict Processing: You can ask us to limit how we use your data in certain circumstances.
• Right to Object: You can object to processing of your data for specific purposes, including marketing emails. Unsubscribe links are included in all marketing communications.
• Right to Withdraw Consent: Where processing is based on your consent (e.g. newsletter subscription), you can withdraw consent at any time by unsubscribing in your account settings.

To exercise any of these rights, email us at privacy@founderstoday.org. We will respond within 30 days.

7. Account Deletion and Data Retention

You can delete your account at any time by contacting privacy@founderstoday.org or through the account settings when that feature becomes available.

When you delete your account:

• Your profile data (name, bio, avatar, social links) is deleted immediately.
• Your posts may be anonymised rather than deleted if they are part of active discussions, to preserve the integrity of those conversations. We will inform you of this at deletion time.
• Product launch pages you submitted will be removed or anonymised within 30 days.
• Your email address will be removed from our newsletter list immediately.
• We may retain minimal data (such as transaction or report records) as required by law or for legitimate fraud-prevention purposes.

For non-account data (contact form submissions, ad inquiries), we retain records for up to 2 years for business purposes, then delete them.

8. Children's Privacy

Founders Today is not intended for and does not knowingly collect data from children under the age of 13. Our community platform is designed for founders, builders, and professionals.

If you are under 13, do not use this platform or submit any personal information. If we become aware that we have collected data from a child under 13, we will delete that data immediately. Parents or guardians who believe their child has submitted data to us should contact privacy@founderstoday.org.

Users between the ages of 13 and 18 should use the platform with parental awareness and guidance.

9. Security Measures

We take security seriously and implement industry-standard protections:

• All data transmitted between your browser and our servers is encrypted using HTTPS/TLS.
• Passwords are never stored in plaintext. We use Supabase Auth's secure hashing.
• Database access is restricted using Row Level Security (RLS) policies — users can only access their own data through client-side queries.
• Media uploads are stored with access controls and served via signed URLs where appropriate.
• We regularly review our security posture and update protections as threats evolve.

Despite these measures, no internet transmission or storage system is 100% secure. If you believe your account has been compromised, contact us immediately at privacy@founderstoday.org.

10. International Data Transfers

Founders Today is operated globally. Your data may be stored and processed in countries other than your own, including the United States and European Economic Area countries where our infrastructure providers operate.

By using our platform, you consent to the transfer of your information to these countries. We ensure that any international transfer complies with applicable data protection laws, including GDPR where applicable, through appropriate safeguards such as Standard Contractual Clauses.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

• Update the "Last updated" date at the top of this page.
• Send an email notification to all registered users with a summary of key changes.
• Display a notice on the platform for at least 14 days after the update.

Your continued use of the platform after the effective date of any changes constitutes acceptance of the updated policy. If you do not agree to the changes, please delete your account before the effective date.

12. Contact Us

For all privacy-related inquiries, data access requests, or deletion requests, contact our privacy team:

• Email: privacy@founderstoday.org
• Response time: We aim to respond to all privacy requests within 30 days.

For general support and other inquiries, see our Contact page.