Privacy Policy

We collect information in several ways: **Account Information**: When you sign up, we collect your name, email address, and profile picture through our authentication provider. You may also provide optional information like company name and location. **Project Data**: Information you provide about your startup ideas, product descriptions, target audiences, and business models. This data is used exclusively to power our AI agents and deliver your product. **Payment Information**: When you subscribe or use the Umbrella model, payment data is collected and processed by our payment partner. We do not store credit card numbers or sensitive payment details on our servers. **Usage Data**: We collect analytics about how you use the platform — pages visited, features used, agent interactions, and performance metrics. This helps us improve the product. **Device & Browser Data**: Standard technical information including IP address, browser type, operating system, and device identifiers for security and analytics purposes.

We use your information to: - **Provide and improve our services**: Power AI agents, generate code, deploy products, and process payments. - **Communicate with you**: Send account notifications, product updates, and respond to support requests. - **Ensure security**: Detect and prevent fraud, unauthorized access, and abuse. - **Analyze and improve**: Understand usage patterns to improve the platform, fix bugs, and develop new features. - **Legal compliance**: Meet our legal obligations, including tax reporting for the Umbrella model. We never sell your personal information to third parties.

We share data only with trusted service providers essential to operating LetStart: - **Authentication Provider**: User authentication and account management. - **Payment Processor**: Payment processing and Umbrella model financial services. - **Cloud Infrastructure**: Code repository hosting, product deployment, and hosting. - **AI Model Providers**: AI model providers for agent operations. Project data may be sent to these providers for processing — subject to their enterprise data policies. - **International Transfer Provider**: International withdrawal processing. We require all third-party providers to maintain appropriate security standards and only process data as instructed.

Your data is stored on secure cloud infrastructure with: - **Encryption at rest**: All databases are encrypted using AES-256. - **Encryption in transit**: All connections use TLS 1.3. - **Access controls**: Role-based access with audit logging. - **Regular backups**: Automated daily backups with 30-day retention. - **Incident response**: We maintain a security incident response plan and will notify affected users within 72 hours of a confirmed breach. Your code and deployment data are stored externally on secure cloud infrastructure, subject to our providers' respective security policies.

Depending on your jurisdiction, you may have the following rights: - **Access**: Request a copy of your personal data. - **Correction**: Update or correct inaccurate data. - **Deletion**: Request deletion of your account and associated data. - **Portability**: Export your data in a machine-readable format. - **Objection**: Object to certain types of processing. - **Restriction**: Request limited processing of your data. To exercise any of these rights, contact us at privacy@letstart.dev. We will respond within 30 days.

We use essential cookies for authentication sessions and preference storage (theme selection). We use analytics cookies to understand usage patterns. We do not use advertising cookies or third-party tracking pixels. You can control cookie preferences through your browser settings. Disabling essential cookies may affect platform functionality.

We retain your data for as long as your account is active or as needed to provide services. When you delete your account: - **Account data**: Deleted within 30 days. - **Project data**: Removed from our databases within 30 days. Code in your cloud repository and live deployments must be deleted by you separately. - **Payment records**: Retained for up to 7 years per legal requirements. - **Anonymized analytics**: May be retained indefinitely in aggregate, non-identifiable form.

LetStart is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If we learn we have collected data from a child under 16, we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on the platform. Your continued use after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices, contact us at: - **Email**: privacy@letstart.dev - **Address**: LetStart Inc., registered at [address placeholder] For data protection inquiries in the EU, you may also contact your local data protection authority.