Privacy Policy
Effective Date: November 17, 2024
Last Updated: November 17, 2024
Version: 1.0
Our Commitment to Your Privacy
At RaiseReady Impact, we understand that you're entrusting us with sensitive business information, financial projections, and strategic plans. We take this responsibility seriously and are committed to protecting your privacy and securing your data.
For Founders:
- ✓ You control who sees your pitch deck
- ✓ You decide what's publicly discoverable
- ✓ We never share your data for marketing
- ✓ Export or delete your data anytime
For Investors:
- ✓ Your criteria stay confidential
- ✓ Founders see only what you choose
- ✓ We never sell your information
- ✓ Full control over your visibility
1. Who We Are
- Legal Entity:
- Global Buildtech Australia Pty Ltd
- Trading As:
- Corporate AI Solutions
- Product:
- RaiseReady Impact
- Location:
- Brisbane, Queensland, Australia
Contact Information
- General Inquiries: dennis@corporateaisolutions.com
- Privacy Inquiries: dennis@corporateaisolutions.com
- Phone: +61 402 612 471
2. Information We Collect
2.1 Information You Provide Directly
For Founders:
- • Company/project details
- • Business sector and stage
- • Target raise amount
- • SDGs you're addressing
- • Pitch deck materials
- • Financial projections
- • Team information
- • Impact projections
For Investors:
- • Firm/individual name
- • Investment focus areas
- • Investment range
- • SDG preferences
- • Investment criteria
- • Portfolio information
- • Geographic focus
2.2 Information We Collect Automatically
- Login times and usage patterns
- Features you use and pages you visit
- Browser and device information
- IP address (for security)
2.3 Information from Third Parties
If you sign up with Google/LinkedIn, we receive your name and email. We don't access your contacts or post on your behalf.
3. How We Use Your Information
To Provide the Service
- Create and manage your account
- Match founders with suitable investors
- Generate AI-powered pitch feedback
- Calculate impact returns and SDG valuations
- Enable discovery and networking
Legal Basis: Performance of contract
To Improve the Platform
- Analyze usage patterns
- Test new matching algorithms
- Improve AI coaching quality
Legal Basis: Legitimate interest. You can object anytime.
Marketing (With Your Consent)
- Platform updates and new features
- Educational content
- Relevant opportunities
Legal Basis: Your explicit consent. Unsubscribe anytime.
We NEVER:
- ❌ Sell your data to third parties
- ❌ Use your data for advertising
- ❌ Share with data brokers
- ❌ Train AI models on your content
4. Data Visibility & Sharing (The Three Tiers)
RaiseReady Impact uses a tiered visibility system that puts YOU in control of who sees your information.
Tier 1: Public Preview (Discoverable)
Who Can See: All logged-in users (if you enable "Make Discoverable")
✅ What's Visible (Founders):
- • Project name and tagline
- • Business sector and stage
- • Location
- • SDGs you're addressing
- • Target raise range (not exact)
- • Logo and website
❌ What's Hidden:
- • Full pitch deck
- • Financial projections
- • Cap table
- • Customer names
- • Team details
- • Contact information
Tier 2: Gated Preview (Request → Approval)
Who Can See: Investors who request access AND you approve
How It Works:
- 1.Investor sees your Tier 1 (Public Preview) and is interested
- 2.Investor clicks "Request Access" and includes a message
- 3.You receive a notification
- 4.You review the investor's profile
- 5.You approve or reject the request
- 6.If approved, investor sees Tier 2 information
✅ Additional Info Visible:
- • Detailed business description
- • Team summary
- • Current revenue/traction
- • Customer count (not names)
- • Market size
- • Exact raise amount
- • Use of funds
- • 3-slide deck preview
❌ Still Hidden:
- • Full pitch deck
- • 3-year financials
- • Cap table
- • Customer names
- • Team equity details
- • Legal/IP details
Tier 3: Full Access (Explicit Sharing)
Who Can See: ONLY investors you explicitly share with
How It Works:
- 1.You click "Share Full Deck with [Investor Name]"
- 2.Optional: Require NDA signature first
- 3.Optional: Set expiration date
- 4.Investor gets notification and can view everything
✅ Everything Becomes Visible:
- • Complete pitch deck
- • 3-5 year financials
- • Revenue, expenses, runway
- • Cap table
- • Customer names
- • Team details & equity
- • Legal structure
- • IP documentation
Tracking & Control:
- ✓ See when investor views your deck
- ✓ Track view count
- ✓ Revoke access anytime
- ✓ Require NDA (optional)
- ✓ Set expiration dates
5. How We Protect Your Information
🔒 Encryption
- AES-256 at rest
- TLS 1.3 in transit
- Bcrypt passwords
👤 Access Control
- Row-Level Security
- Role-based permissions
- Audit logging
🏢 Infrastructure
- SOC 2 Type II
- ISO 27001
- 24/7 monitoring
Who Has Access to Your Data?
| Who | Access Level | Purpose |
|---|---|---|
| You (Data Owner) | Full access | View, edit, download, delete |
| Superadmins | Support only (logged) | Troubleshooting & support |
| AI Providers | Processing only (30 days max) | Pitch analysis, coaching |
| Approved Investors | What you grant (Tier 2/3) | Review opportunities |
| Everyone Else | ❌ No Access | We don't share with marketing, brokers, or third parties |
6. Where Your Data is Stored
🇦🇺 Primary Storage: AWS Sydney, Australia
All user data, pitch decks, and project information is stored in Australia.
- ✓ Complies with Australian Privacy Principles
- ✓ Data sovereignty (stays in Australia)
- ✓ Low latency for AU/NZ users
- ✓ Subject to Australian privacy laws
International Users
EU Users: Standard Contractual Clauses ensure GDPR compliance. Enterprise clients can request EU-only processing.
NZ Users: Data stored in Australia is acceptable under Trans-Tasman Privacy Principles.
7. Your Rights
📥Right to Access
Download a complete copy of all your data.
Format: JSON/CSV
Timeline: Immediate
✏️Right to Rectification
Correct inaccurate or incomplete data.
Timeline: Immediate (self-service)
🗑️Right to Erasure
Delete your account and all associated data permanently.
Effect: Hard delete (data actually removed)
Timeline: Immediate, 30 days for backups
📤Right to Data Portability
Receive your data in machine-readable format.
Format: JSON (machine-readable)
🚫Right to Object
Object to certain types of processing.
Analytics: Settings → Privacy → "Disable Analytics"
9. Third-Party Services
- Supabase: Database & auth (SOC 2, ISO 27001, AWS Sydney)
- Anthropic Claude: AI analysis (GDPR compliant, 30-day retention max)
- ElevenLabs: Voice AI (GDPR compliant, zero retention mode)
- Vercel: Hosting (no data storage)
10. Data Retention
- Active accounts: Retained indefinitely (until you delete)
- Deleted accounts: Immediate deletion, 30 days for backups
- Transaction records: 7 years (legal requirement)
- Analytics: 2 years (anonymized)
11. Changes to This Policy
We'll notify you 30 days before any material changes via email and platform banner. Minor clarifications are updated immediately with notice at the top.
12. Contact Us
Privacy Questions or Concerns
Email: dennis@corporateaisolutions.com
Response Time: Within 30 days (usually much faster)
General Support
Email: dennis@corporateaisolutions.com
Phone: +61 402 612 471
13. Compliance Status
Current compliance status as of November 17, 2024
| Framework/Requirement | Status | Details |
|---|---|---|
| Legal Compliance | ||
| Australian Privacy Act 1988 | ✅ | All 13 APPs implemented |
| NZ Privacy Act 2020 | ✅ | All 13 IPPs implemented |
| GDPR (EU) | ✅ | All Articles implemented |
| CCPA/CPRA (California) | ✅ | User rights implemented |
| Infrastructure Security | ||
| Row-Level Security (RLS) | ✅ | All 33 tables protected |
| Encryption at Rest | ✅ | AES-256 automatic |
| Encryption in Transit | ✅ | TLS 1.3 enforced |
| SOC 2 Infrastructure | ✅ | Via Supabase/AWS |
| ISO 27001 | ✅ | Via Supabase/AWS |
| Data Protection | ||
| Privacy Policy | ✅ | Published (this document) |
| Terms of Service | 🔶 | In progress |
| Consent Tracking | 🔶 | Coming this week |
| Data Export Feature | 🔶 | Coming this month |
| Account Deletion | 🔶 | Coming this month |
| Email Verification | ✅ | Required for signup |
| User Controls | ||
| Tier 1 (Public Preview) | ✅ | Discoverable toggle |
| Tier 2 (Gated Access) | 🔶 | Tables created, UI pending |
| Tier 3 (Full Access) | 🔶 | Tables created, UI pending |
| Future Enhancements | ||
| Multi-Factor Auth (MFA) | 📋 | Planned Q1 2025 |
| Penetration Testing | 📋 | When enterprise clients |
Legend:
- ✅ Compliant/Implemented
- 🔶 Partially Implemented
- 📋 Planned
14. Frequently Asked Questions
General Privacy Questions
Q: Do you sell my data?
A: No. Never. We don't sell, rent, or trade your data to anyone. Our business model is subscription fees from users, not data monetization.
Q: Who can see my pitch deck?
A: Only you, unless you explicitly share it. Even then, you control exactly which investors see it and can revoke access anytime. See the Three Tiers section above for details.
Q: Can other founders see my project?
A: Only if you make it discoverable, and even then they only see Tier 1 (basic info). Founders never see your pitch deck or financials unless you share it directly with them.
Data Storage & Security
Q: Where is my data physically stored?
A: AWS Sydney, Australia. Your data never leaves Australia unless you're using our AI features (Anthropic/ElevenLabs process in US with GDPR compliance).
Q: What happens if there's a data breach?
A: We have a comprehensive incident response plan. We'll contain the breach immediately, assess what data was affected, notify you within 72 hours (GDPR) or 30 days (AU Privacy Act), notify relevant authorities, and fix the vulnerability.
Q: Can RaiseReady staff see my pitch deck?
A: Superadmins can access data for support and troubleshooting, but all access is logged, requires a legitimate business reason, and is never used for competitive intelligence.
The Three Tiers (Visibility Control)
Q: What's the difference between Tier 1, 2, and 3?
A:
- Tier 1 (Public Preview): Basic info visible to all if you enable "Make Discoverable"
- Tier 2 (Gated Access): More details, but investor must request and you must approve
- Tier 3 (Full Access): Complete pitch deck, but only investors you explicitly share with
Q: Can I change my mind and revoke access?
A: Yes, anytime. Tier 2 and Tier 3 access can be revoked instantly from your dashboard.
Q: How do I know who's viewed my pitch deck?
A: In Dashboard → Pitch Deck → Sharing, you'll see who has access, when they last viewed it, and how many times they've viewed it. You can revoke access anytime.
Third-Party Services & AI
Q: Does Anthropic Claude train on my pitch deck?
A: No. We have a Data Processing Agreement with Anthropic that explicitly prohibits using your data for model training.
Q: How long does Anthropic keep my pitch deck?
A: Maximum 30 days (for troubleshooting), but we can configure zero-day retention for sensitive data.
Q: Does ElevenLabs keep my voice recordings?
A: No. We've enabled zero-retention mode for voice coaching sessions.
User Rights
Q: How do I download all my data?
A: Settings → Privacy → "Download My Data". You'll get a complete export in JSON format.
Q: How do I delete my account?
A: Settings → Account → "Delete My Account". This permanently deletes all your data (hard delete, not soft delete).
Q: What happens to my data after I delete my account?
A: Personal data is deleted immediately. Backups are purged within 30 days. Transaction records are kept for 7 years (legal requirement for accounting). Analytics may be retained in anonymized form.
Getting Help
Q: I have a privacy question not answered here. What do I do?
A: Email dennis@corporateaisolutions.com - we respond within 30 days (usually much faster).
Your Privacy Matters
We built RaiseReady Impact because we believe impact-driven founders deserve better fundraising tools. We know you're trusting us with sensitive business information, and we take that responsibility seriously.
If you ever have questions or concerns about your privacy, we're here to help.
Last Updated: November 17, 2024 • Version 1.0 • Next Review: February 17, 2025