Legal

Privacy Policy

Effective: March 12, 2026  ·  Updated: March 12, 2026

Contents
  1. Who We Are
  2. Information We Collect
  3. How We Use Your Data
  4. Google API Data
  5. Legal Basis (GDPR)
  6. California Residents (CCPA)
  7. Data Sharing
  8. Data Processors
  9. International Transfers
  10. Data Retention
  11. Security
  12. Your Rights
  13. Cookies
  14. Meeting Recordings
  15. Children
  16. Changes
  17. Contact & DPO

FounderUnit is a product of AspGenX Inc., a Delaware corporation. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our platform at founderunit.com. By using FounderUnit you agree to the practices described here.

1 Who We Are

Company: AspGenX Inc.  ·  Product: FounderUnit
Address: 8 The Green, STE R, Dover, DE 19901, USA
Privacy contact: privacy@founderunit.com

AspGenX Inc. is the data controller for all personal data processed through FounderUnit. For EEA/UK users we act as data controller under GDPR and UK GDPR respectively.

2 Information We Collect

Account & identity — name, email, hashed password, company name, role, profile photo, billing metadata.

Content you create — documents, notes, messages, uploaded files, meeting recordings, AI transcripts, calendar events, OKRs, backlog items, investor data, bug reports.

Usage & technical — IP address, browser/OS/device, pages visited, features used, error logs, performance metrics.

Third-party integration data — when you connect Google Calendar or Outlook Calendar we receive data from those services as described below.

3 How We Use Your Data

  • Providing, operating, and maintaining the platform
  • Authentication and workspace/team management
  • Processing payments and sending billing communications
  • Sending transactional emails — invitations, notifications, password resets, security alerts
  • Syncing data from connected third-party services within your workspace
  • Generating AI-powered meeting transcripts when recording is enabled
  • Detecting, investigating, and preventing fraud or illegal activity
  • Responding to support requests
  • Complying with legal obligations
  • Improving the platform via anonymised, aggregated usage patterns

We do not use your data for advertising, not sell it to any third party, and not use it to train AI or ML models.

4 Google API Data

FounderUnit optionally integrates with Google Calendar via OAuth — always optional, always requires explicit consent, disconnectable at any time.

Google API Limited Use Disclosure

FounderUnit's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

What we access: calendar event titles, dates, times, locations, and descriptions for authorised calendars; your Google account email and display name.

What we never do: share it with any third party; use it for advertising; use it to train AI; allow human access except where required by law or with your documented consent for direct support.

OAuth tokens are encrypted at rest using AES-256-GCM. Disconnect anytime via Settings → Integrations — tokens are immediately deleted. You can also revoke at myaccount.google.com/permissions.

5 Legal Basis for Processing (GDPR)

ActivityLegal Basis
Providing the platform and fulfilling your subscriptionContract (Art. 6(1)(b))
Sending transactional emailsContract (Art. 6(1)(b))
Google Calendar / Outlook syncConsent (Art. 6(1)(a))
Meeting recording and AI transcriptionConsent (Art. 6(1)(a))
Fraud prevention and security monitoringLegitimate interests (Art. 6(1)(f))
Improving via anonymised analyticsLegitimate interests (Art. 6(1)(f))
Complying with legal obligationsLegal obligation (Art. 6(1)(c))

6 California Residents (CCPA/CPRA)

  • Right to know — what we collect, use, and disclose
  • Right to delete — request deletion of your personal information
  • Right to correct — request correction of inaccurate data
  • Right to opt-out — we do not sell personal information
  • Right to non-discrimination — we will not discriminate for exercising these rights

Email privacy@founderunit.com. We respond within 45 days.

7 Data Sharing

We do not sell, rent, or trade your personal data. We share only with service providers under strict data processing agreements, when required by law, or in the event of a business transfer (with 30 days' notice and the right to delete your account before transfer).

8 Data Processors

ProcessorPurposeData Processed
Microsoft AzureCloud infrastructure, hosting, database, storageAll platform data
ResendTransactional email deliveryEmail address, email content
AgoraReal-time audio/video for meetings and callsAudio/video streams during sessions
DeepgramAI meeting transcriptionMeeting audio (when recording enabled)
Google FirebasePush notificationsDevice tokens, notification content
PusherReal-time WebSocket messagingChat message events
Google LLCGoogle Calendar integration (when connected)Calendar data, Google account email
Microsoft CorporationOutlook Calendar integration (when connected)Calendar data, Microsoft account email

9 International Transfers

Data is stored on Microsoft Azure infrastructure in the United States. EEA/UK transfers are covered by Standard Contractual Clauses (SCCs) and UK IDTAs.

10 Data Retention

Data TypeRetentionAfter Expiry
Account and workspace dataDuration of active subscriptionDeleted within 30 days of account closure
OAuth tokens (Google / Outlook)Until revoked or account closedImmediately deleted on disconnect
Meeting recordings and transcriptsAs configured by workspace adminPermanently deleted on request or closure
Email logs90 daysPII anonymised, metadata retained for billing
Billing and payment records7 yearsRequired for legal/tax compliance
Audit logs12 monthsPermanently deleted

11 Security

  • All data in transit encrypted via TLS 1.2+ (HTTPS enforced)
  • All data at rest encrypted on Azure managed storage
  • OAuth tokens encrypted using AES-256-GCM with a unique per-tenant key
  • Each tenant's data is isolated in a dedicated database — cross-tenant access is architecturally impossible
  • Full audit logs for all administrative and access events

Report security vulnerabilities to security@founderunit.com.

12 Your Rights

RightDescriptionApplies To
AccessObtain a copy of your personal dataEEA, UK, California, Global
RectificationCorrect inaccurate or incomplete dataEEA, UK, California, Global
ErasureRequest deletion of your personal dataEEA, UK, California
PortabilityReceive your data in machine-readable formatEEA, UK
Withdraw consentWithdraw at any time (e.g. disconnect Google Calendar)All users
Lodge a complaintComplain to your local supervisory authorityEEA, UK

Email privacy@founderunit.com. We respond within 30 days (GDPR) or 45 days (CCPA).

13 Cookies

We use essential, preference, and anonymised analytics cookies only. No advertising or tracking cookies. See our Cookie Policy.

14 Meeting Recordings & Transcription

  • Recording is never automatic — it must be explicitly started by a participant
  • All participants see a visible recording indicator throughout
  • Audio sent to Deepgram solely to generate a transcript; Deepgram is contractually prohibited from using your audio to train AI
  • It is your responsibility as workspace admin to ensure all participants consent per the laws of all relevant jurisdictions

15 Children's Privacy

FounderUnit is not directed at children under 16. Email privacy@founderunit.com if you believe a minor has registered and we will delete the account promptly.

16 Changes to This Policy

We will provide at least 14 days' notice of material changes by email and/or prominent platform notice before changes take effect.

17 Contact & Data Protection

For all privacy enquiries, data subject requests, or concerns:

Privacy & Data Protection

We aim to respond within 30 days.

privacy@founderunit.com

AspGenX Inc. · 8 The Green, STE R, Dover, DE 19901, USA

EEA/UK users may also lodge a complaint with their local supervisory authority.