Legal
Privacy Policy
Last updated: June 2, 2026 · Effective: June 2, 2026 · Version 1.1
This Privacy Policy explains how StartSieve ("StartSieve", "we", "us", "our") collects, uses, and protects personal data when you use the StartSieve website and product. StartSieve is operated from Italy and is the data controller for that processing under the EU General Data Protection Regulation (GDPR) and the Italian Data Protection Code. This document is written in plain English wherever possible; where it uses GDPR terms, they have the meaning given in the Regulation.
1.Who is responsible (data controller)
The controller of your personal data is StartSieve, operated from Italy. The contact address is shown at the foot of this page. For any privacy question, data request, or concern about an idea submission, contact us at privacy@startsieve.com.
StartSieve is run without a separate legal entity at this stage; the controller is the individual operating the service. If a Data Protection Officer is later appointed, their contact details will be published here.
2.What data we collect
We collect information you provide directly and information generated as you use the product. We practise data minimisation: we ask for the smallest amount of data needed to run the service.
- Account data — your name, email address, and authentication credentials.
- Onboarding answers — the responses you give while setting up your account, including your consent choices.
- Idea content — the idea descriptions, notes, and evaluation inputs you submit, and the verdicts and reports generated from them.
- Billing data — credit balance activity, plan/subscription status, and payment events. Card details are handled by our payment processor; we do not store full card numbers.
- Technical and usage data — device and browser details, log and security events, and product interaction needed to operate and protect the service.
3.Why we use it, and our legal basis
Under the GDPR we must have a legal basis for each use of your data. The bases we rely on are:
- To provide the service you ask for — run evaluations, show results, keep your account history (Art. 6(1)(b), performance of a contract).
- To process payments and keep billing records (Art. 6(1)(b) and (c), contract and legal obligation).
- To keep the service secure, prevent abuse and fraud, and debug problems (Art. 6(1)(f), legitimate interests).
- To improve the product using aggregated or de-identified usage patterns (Art. 6(1)(f), legitimate interests).
- For optional analytics and non-essential cookies, and for the AI processing of your idea content, where you have given consent (Art. 6(1)(a)). You can withdraw consent at any time.
4.AI and evaluation processing
StartSieve is built around structured analysis. To generate critiques, scores, summaries, and follow-up prompts, your idea text and related context may be sent to third-party AI sub-processors — including AI gateways and the underlying model providers they route to.
We do not sell, license, or publish your ideas, and we instruct our AI sub-processors not to train their models on your inputs where that option is offered. Different model providers offer different data-retention and training terms; the relevant provider policies are linked below so you can review them. Please do not paste sensitive personal data into idea prompts unless the product explicitly asks for it.
- Inputs may include market assumptions, customer descriptions, pricing thoughts, and founder context.
- Outputs may include verdict summaries, risk notes, and suggested next steps.
- AI processing of your content relies on your consent and can be withdrawn by deleting the relevant content or your account.
5.Sub-processors and sharing
We share personal data only with service providers that help us operate StartSieve, and only as needed to deliver the service. These sub-processors act on our instructions under data-processing agreements. The categories we use are:
- Cloud hosting and infrastructure (located in Germany) — runs the application and stores data.
- AI gateways and model providers (e.g. routed via OpenRouter) — generate evaluations from idea content.
- Payment processing — handles purchases, subscriptions, and refunds.
- Email and customer support — sends transactional messages and answers requests.
- Product analytics — Google Analytics 4, provided by Google Ireland Limited / Google LLC. Loaded only after you consent to non-essential cookies, with IP anonymisation enabled. See "International transfers" below.
We will keep an up-to-date list of named sub-processors available on request and, before public launch, link it here. We may also disclose information where required by law, to protect the service from abuse, or to complete a business transfer.
6.International transfers
Our application and database are hosted in Germany. Some of our sub-processors, particularly AI providers, may process data outside the European Economic Area. Where that happens, we rely on an adequacy decision or appropriate safeguards such as the European Commission’s Standard Contractual Clauses, together with additional technical measures where needed.
Optional analytics use Google Analytics 4. Where analytics data is transferred to Google LLC in the United States, that transfer relies on the EU–US Data Protection Framework (Google is certified under it) and Standard Contractual Clauses as a fallback. Analytics only loads after you consent to non-essential cookies, and we enable IP anonymisation. You can withdraw consent at any time from the cookie controls, which stops further analytics and clears the related cookies.
You can ask us for more information about the safeguards that apply to a specific transfer by contacting privacy@startsieve.com.
7.How long we keep data
We keep personal data only for as long as needed for the purpose it was collected. Active account and idea history is kept while your account exists. Short-lived operational logs are rotated sooner unless needed for security or debugging.
When you delete your account, we delete or anonymise your personal data within a reasonable period, except where we must keep specific records to meet a legal obligation (for example, tax or accounting records relating to payments).
8.Your rights under the GDPR
If you are in the EEA or UK, you have the following rights over your personal data. We will respond to a verified request within the time limits set by the GDPR (normally one month).
- Access — get a copy of the personal data we hold about you.
- Rectification — correct data that is inaccurate or incomplete.
- Erasure — ask us to delete your data ("right to be forgotten").
- Restriction — ask us to limit how we use your data in certain cases.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on our legitimate interests, including any profiling.
- Withdraw consent — withdraw consent at any time, without affecting prior lawful processing.
- Complain — lodge a complaint with your local supervisory authority. In Italy this is the Garante per la protezione dei dati personali.
To exercise any of these rights, email privacy@startsieve.com or use the controls in your account settings. You can delete your account and content yourself at any time — one-click unsubscribe, one-click cancel, one-click delete.
10.Age requirement (18+)
StartSieve is an AI-powered product intended for adults only. It is not directed to anyone under 18, and we do not knowingly collect personal data from anyone under 18. If you believe someone under 18 has provided us data, contact privacy@startsieve.com and we will delete it.
11.Changes to this policy
We may update this policy as the product evolves or the law changes. We will update the "Last updated" date above and, for material changes, give notice through the product or by email before the change takes effect.
12.Contact
For any privacy question or to exercise your rights, contact us at privacy@startsieve.com or by post at the registered address below.