Privacy Policy

Effective Date: December 31, 2026

1. Introduction

Capstacker Inc. ("Capstacker," "we," "us," or "our") operates a platform that enables startups and independent operators to structure, document, and track flexible compensation arrangements. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.

By accessing or using Capstacker, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our platform.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Full name and email address
  • Authentication data based on your chosen sign-up method:
    • Google Sign-In: Google account identifier and basic profile information (name, email, profile picture) provided by Google OAuth
    • LinkedIn Sign-In: LinkedIn account identifier and basic profile information (name, email, profile URL) provided by LinkedIn OAuth
    • Email OTP Verification: Email address and verification status
  • LinkedIn profile URL (if not using LinkedIn sign-in)
  • Role/domain selection (e.g., Growth, Product, Engineering)
Note on Third-Party Authentication

When you sign up or log in using Google or LinkedIn, we receive only the information you authorize those services to share. We do not receive or store your Google or LinkedIn passwords. Your use of Google or LinkedIn sign-in is also subject to their respective privacy policies.

2.2 Profile Information

Depending on your user type, we collect:

For Startup Founders:

  • Company stage, team size, and execution readiness
  • Cash runway (optional, range-based)
  • Product links, usage metrics, and traction signals (optional)
  • Revenue proof links (optional, visibility controlled)

For Operators:

  • Professional experience and domain expertise
  • Past engagement descriptions and outcomes
  • Work samples and portfolio materials
  • Video introductions (60-90 seconds)
  • Reference contact information

2.3 Deal and Transaction Data

  • Listing details and opportunity descriptions
  • Proposals, counterproposals, and negotiation communications
  • Compensation terms (cash, equity, milestones)
  • Signed agreements and contract documents
  • Milestone progress and completion status

2.4 Usage and Technical Data

  • Device information and browser type
  • IP address and approximate location
  • Platform interaction logs and feature usage
  • Session duration and navigation patterns

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our platform services
  • Facilitate connections between startups and operators
  • Enable deal negotiation, documentation, and milestone tracking
  • Generate anonymized benchmarks and market insights (Deal Architect)
  • Send transactional communications and platform updates
  • Verify user identities and prevent fraud
  • Comply with legal obligations and enforce our terms
  • Respond to user inquiries and provide support

4. AI and Automated Processing

Our platform uses AI-powered features ("Deal Architect") to provide compensation benchmarks, milestone recommendations, and risk assessments. This processing involves:

  • Structuring deal inputs into standardized data objects
  • Anonymizing data by removing personally identifiable information
  • Aggregating data across multiple deals before generating insights
  • Applying minimum aggregation thresholds to protect individual deal privacy
Important

All AI-generated outputs are advisory and non-binding. They do not constitute legal, financial, tax, or investment advice. Users should consult qualified professionals before making decisions based on platform recommendations.

5. Information Sharing and Disclosure

We may share your information in the following circumstances:

5.1 Between Platform Users

Profile information is shared with potential matches based on your visibility settings. Deal-specific information is shared only with parties you choose to engage with through our Dealroom feature.

5.2 Service Providers

  • Payment processors (e.g., Stripe) for transaction processing
  • E-signature providers for document execution
  • Cloud infrastructure and hosting providers
  • Analytics services for platform improvement
  • Customer support tools

5.3 Legal Requirements

We may disclose information when required by law, subpoena, court order, or other legal process, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

6. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption of data in transit and at rest
  • Access-gated Dealrooms with permission controls
  • Fine-grained audit logging of access and actions
  • Regular security assessments and monitoring
  • Employee access controls and training

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide services. After account termination:

  • Account data is retained for 30 days to allow reactivation
  • Deal records may be retained longer for legal and compliance purposes
  • Anonymized, aggregated data may be retained indefinitely for analytics

8. Your Rights and Choices

8.1 All Users

  • Access and review your personal information
  • Correct inaccurate or incomplete information
  • Delete your account and associated data
  • Control visibility settings for optional profile signals
  • Opt out of non-essential communications

8.2 California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. We do not sell personal information.

8.3 European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR), including:

  • Right to data portability
  • Right to restrict processing
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

9. International Data Transfers

Capstacker operates in the United States and Europe. Your information may be transferred to and processed in countries other than your country of residence. We implement appropriate safeguards for international transfers, including Standard Contractual Clauses approved by the European Commission where required.

10. Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Essential functionality (authentication, security)
  • Performance and analytics
  • User preferences and settings

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect platform functionality.

11. Children's Privacy

Capstacker is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will take steps to delete that information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our platform and updating the "Effective Date". Your continued use of Capstacker after changes become effective constitutes acceptance of the revised policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Capstacker Inc.
Data Protection Officer
Email: privacy@capstacker.io
General Inquiries: hello@capstacker.io