privacy policy.

Account data. When you sign in (via email magic link, password, or GitHub OAuth), we store your email address, your handle, an optional display name, an optional avatar URL, and an optional bio. If you sign in through GitHub, we receive the public profile fields GitHub returns to us.

Project data. When you post a project, we store the fields you submit: name, slug, one-liner, long description, URL, raise size, instrument, stage, sector, monthly revenue (if disclosed), and any logo you upload. This is intentionally public — it’s the marketplace.

Activity data. We log MCP tool calls (which tool was invoked, which project, when), intro requests, watch records, intro messages, and project view counts. Some of this is shown publicly in anonymised form (e.g. “an agent scanned arispay”); some is private to you and the people you’re directly transacting with.

Email. When we send transactional email (intro notifications, magic links, sign-up confirmations), we use Resend. Resend processes the recipient address and message content on our behalf.

Cookies. We set session cookies through Supabase to keep you signed in. We don’t use marketing cookies or third-party tracking.

• to operate the service (rendering the marketplace, sending intros, running the MCP server);
• to authenticate you and protect your account;
• to send transactional email related to your account;
• to debug, fix bugs, and prevent abuse or fraud;
• to comply with legal obligations.

We do not sell your personal data. We do not show advertising. We do not use your pitch content to train machine-learning models.

For users in the UK or EU, we process personal data on the following lawful bases under UK GDPR / GDPR:

• Contract — to provide the service you’ve signed up for (account, marketplace listings, intros).
• Legitimate interests — to keep the service secure, prevent abuse, and improve it. We balance these against your rights and only rely on this where appropriate.
• Consent — for any optional communications you opt in to. You can withdraw consent at any time.
• Legal obligation — where we’re required to retain or disclose information by law.

We use a small number of vendors to run the service:

• Supabase — database, authentication, file storage. Hosted in EU and US regions.
• Resend — transactional email delivery.
• Railway — application hosting and deploys.
• GitHub — OAuth, when you choose to sign in with GitHub.

Each of these processes data on our behalf under their own privacy terms and a data-processing agreement with us. We don’t share data with anyone else unless required by law.

If you’re in the UK or EU, you have the right to:

• access the personal data we hold about you;
• ask us to correct it if it’s wrong;
• ask us to delete it (subject to limits — we may need to keep some records for legal compliance);
• object to processing or restrict it;
• receive your data in a portable format;
• complain to a supervisory authority. In the UK that’s the Information Commissioner’s Office.

To exercise any of these rights, email [email protected]. We’ll respond within one month.

We keep account data and project data for as long as your account is active. If you delete your account, we delete or anonymise your personal data within 30 days, except where we’re required to keep records for legal compliance (typically up to six years for tax and accounting).

Public marketplace activity (intros sent, watches, messages) is retained as part of the audit trail for the people on the other side of those interactions, but personal identifiers are anonymised when an account is deleted.

We use industry-standard protections: encrypted connections (HTTPS), short-lived session tokens, hashed API keys, and row-level access controls on our database. No service is perfectly secure. If you discover a vulnerability, please email [email protected].

Hiveround is not intended for anyone under 16. If you’re a parent or guardian and believe your child has signed up, email us and we’ll delete the account.

Our vendors may store and process data in the United States and other countries outside the UK and EU. Where they do, we rely on UK International Data Transfer Agreements, EU Standard Contractual Clauses, or equivalent safeguards.

We may update this policy. If changes are material we will notify you. The “last updated” date at the top of this page tells you when this version was published.

For privacy questions or to exercise your rights: [email protected].

Cambridge AI Technologies Ltd is the data controller.
Company number 17047606, registered in England and Wales.
Unit 9 Park Lane Business Centre, Park Lane, Langham, Colchester, England, CO4 5WR.