Privacy Policy

1. What We Collect

When you register, we collect:

• Your email address
• A bcrypt hash of your password (never the plaintext password)
• The date and time you accepted these terms
• If you sign in with Google: your Google account email and profile picture URL

2. How We Use Your Data

We use your data solely to:

• Authenticate you and maintain your session
• Send transactional emails (email verification, password reset)
• Comply with legal obligations

We do not sell, rent, or share your personal data with third parties for marketing.

3. Third-Party Services

• MongoDB Atlas — stores your account data securely in the cloud
• Resend — used to send transactional emails
• Google OAuth — optional sign-in method; governed by Google's Privacy Policy
• TrustMrr — source of startup data displayed in the app; no personal data is shared with them

4. Cookies & Sessions

We use a single HTTP-only cookie to maintain your authenticated session (via NextAuth.js). No tracking or advertising cookies are used.

5. Data Retention

Your data is retained for as long as your account exists. You may delete your account at any time from the account settings page, which permanently removes all personal data associated with your account.

6. Security

Passwords are hashed using bcrypt and never stored in plaintext. All data is transmitted over HTTPS. We take reasonable precautions to protect your data, but no system is completely secure.

7. Your Rights

You have the right to access, correct, or delete your personal data. To exercise these rights, delete your account from the settings page or contact us directly.

8. Contact

Questions about this policy? Reach out on Twitter.