Policy owner
Nay Linn Aung
Founder & Full-Stack Engineer
na27@hood.eduPrivacy policy
Privacy details based on the product behavior that is actually shipped today.
This page documents the current Startup Screener public and signed-in data flows without adding enterprise or compliance claims that do not exist in source. It focuses on the founder-led product as implemented now.
Privacy posture
Anonymous quick screens expire after 7 days.
Local-account deletion removes owned workspace data.
No third-party analytics SDK is documented in the tracked source.
Collected data
What the current product stores
These categories map to behaviors visible in the public quick screen, signed-in workspace, backend logging, and local account flows.
Account information
Signed-in workspace accounts store the information needed for local authentication and role-aware access, including name, email address, organization context, and role assignments.
Uploaded files and supplements
Startup Screener stores uploaded PDF, PPTX, DOCX, and XLSX files plus any optional structured JSON supplement attached to a quick screen or workspace submission.
Generated reports and reviewer notes
Completed analyses can create scorecards, SWOT summaries, recommendations, report annotations, and export artifacts tied to the uploaded submission.
Operational metadata
The platform records request IDs, request method, route, response status, latency, and client IP for operational logging. Anonymous quick screens also use a salted hash of the client IP for abuse control.
Use of data
Why that information is used
The current implementation is operational: authenticate users, analyze uploaded files, support abuse controls, and let authorized users reopen the resulting work.
To authenticate signed-in users and apply role-aware access to dashboards, cohorts, reports, and exports.
To parse uploaded business files, classify slides or sections, score the submission, and render narrative outputs.
To support anonymous quick-screen abuse controls through hashed-IP rate limiting and request logging.
To let authorized users reopen reports, export reviewer materials, and delete their own local account data.
Retention and deletion
What expires automatically and what does not
This page keeps the claims narrow. It only states retention and deletion behavior that can be supported directly from the current codebase.
Anonymous quick screens
Public quick-screen submissions expire automatically after 7 days. Expired rows and stored files are purged by the application.
Local account deletion
Deleting a local account removes the user profile, owned decks, reports, memberships, related annotations and feedback, job rows, and stored upload artifacts owned by that account.
Signed-in workspace data
Workspace submissions do not have a blanket automatic expiration policy documented in source. This site does not claim automatic signed-in report deletion beyond the explicit account-deletion flow.
AI processing
When external model providers are involved
When Anthropic is configured, extracted content needed for classification, scoring, and narrative generation can be sent to Anthropic through the structured-output analysis path.
When Google Gemini on Vertex AI is configured, extracted content needed for the same analysis steps can be sent to Google through the structured-output analysis path.
If the configured provider is unavailable or structured validation fails, Startup Screener can fall back to a deterministic local scoring path.
The product surface shows provider, fallback, and warning metadata so reviewers can see how a result was produced.
Cookies and tracking
What the site documents about sessions, logging, and analytics
This section is intentionally narrow and product-specific. It does not claim a broader marketing data program that is not present in source.
Essential session cookie
Local sign-in uses an HttpOnly session cookie so authentication stays on the server-managed session path rather than exposing raw tokens in browser storage.
No third-party analytics in source
The tracked codebase does not include a third-party analytics or tracking SDK such as Google Analytics, Plausible, PostHog, Segment, or Mixpanel.
No marketing-cookie claims
This page documents essential product behavior only. It does not claim a broader consent-management or advertising-cookie program that is not present in source.
Privacy contact
Privacy questions about the current public product or local-account data handling can be sent to na27@hood.edu.