Privacy Policy

Last updated: May 17, 2026

Short version: we collect the bare minimum to run the service, we don't sell anything, we don't train AI on your content, and you can delete everything from the dashboard.

What we collect

Account data: your email address. Used to identify your account and send transactional emails (sign-in links, new-message notifications).

Profile data: everything you type into the dashboard — name, handle, bio, projects, links, avatar, theme preference, customization. Public unless you delete it.

Messages received: sender's name, email, and message body. Visible to you in your inbox.

Click events: we count page views and clicks on your projects/links so you can see analytics. We store the click event with the date and the user agent. We do not store full IP addresses (last octet zeroed).

Payment data: if you upgrade to Pro, Stripe handles the card. We only store your Stripe customer ID. We never see your card.

What we do NOT collect

• No tracking cookies for advertising
• No third-party analytics scripts (no Google Analytics, no Mixpanel)
• No social-graph scraping
• No AI training on your bio, projects, or messages

Cookies

One cookie: next-auth.session-token. It keeps you signed in. HttpOnly, Secure, SameSite=Lax. No advertising cookies, no third-party trackers.

Who we share with

• Railway — hosting (servers, database)
• Stripe — payments (only if you upgrade to Pro)
• Resend — transactional emails (sign-in links, message notifications)
• Google s2/favicons — fetches favicons for your project URLs (the URL is sent to Google to retrieve the icon)

That's the whole list. No advertising networks, no data brokers.

Retention

Account + profile data: until you delete your account. Click events: 12 months, then aggregated. Messages: until you delete them. Stripe payment records: kept indefinitely for tax/legal reasons (Stripe's policy).

Your rights

You can:

• Export your data — request a JSON dump at hi@foundersss.com (we'll respond within 7 days)
• Delete your account — Dashboard → Account → Delete (removes public profile within 24h, all data within 30 days)
• Correct data — Edit any field in the dashboard
• Object to processing — Email us; we'll work with you

If you're in the EU/UK you have rights under GDPR/UK-GDPR. Same email address handles all requests.

Children

Foundersss is not intended for users under 13. If you believe a child has an account, email us and we'll remove it.

Security

All traffic is HTTPS. Passwords aren't stored (we use magic links). Database is encrypted at rest. Sessions are HttpOnly cookies. We rotate keys periodically.

Changes

We'll email registered users about material changes. For minor edits, the "Last updated" date at the top tells you when this page changed.

Questions? hi@foundersss.com