PocketFund
Log inGet started
Legal

Privacy Policy

Effective May 7, 2026 · Last updated May 7, 2026

This Privacy Policy describes how PocketFund Technologies ("PocketFund", "we", "us") collects, uses, stores, and protects information when you visit our website or use our platform. By using the platform, you consent to the practices described here.

What we collect

You give us

  • Account info — name, email, role, password (hashed by our auth provider)
  • Founder fields — startup name, project descriptions, artefacts you upload
  • Investor fields — firm name, investor types, cheque size range, accreditation status
  • Communication content — messages, NDA signatures, bid details, meeting notes you create on the platform

Automatic

  • Device + browser metadata (IP, user-agent, referrer)
  • Page-view + interaction logs (which features you use, click paths)
  • Error reports (so we can fix bugs)

How we use it

  • Run the matching engine that pairs founders + investors
  • Authenticate you + secure your sessions
  • Send transactional email (signup verification, password reset, deal updates) — never marketing without your opt-in
  • Improve the product based on aggregated, de-identified usage
  • Comply with our legal obligations (tax, fraud prevention, lawful requests)

How we store + protect it

  • HTTPS everywhere — TLS 1.3 + HSTS
  • Encrypted at rest by our database + storage providers
  • Row-level security policies — your data is only readable by your account or the counterparty in a deal
  • NDA-gated data rooms; every view is logged and timestamped
  • Backups + audit logs retained per the schedule below

Retention

We retain account data for as long as your account is active. After deletion, personally identifying records are expunged within 30 days, except where tax / legal / regulatory obligations require longer retention (typically 7 years for financial records).

Service providers we use

We use a small number of trusted vendors to operate the platform: Supabase (auth + database), Vercel (hosting + edge), and a transactional email provider for account emails. Each handles your data only as needed to provide their service to us, never for their own purposes.

Your rights

Subject to applicable law (including the EU GDPR and India's DPDP Act 2023), you have the right to access, correct, port, or delete your personal data, and to object to certain processing. See our GDPR / DPDP page for the detailed mechanism.

Cookies + analytics

We use a minimal set of first-party cookies for authentication + session management. We do not use advertising or tracking cookies. If we add product analytics, we'll add a cookie banner and update this page.

Changes to this policy

We'll update this page when our practices change. The effective date at the top changes when we do. Material changes are also emailed to active users with at least 14 days' notice.

Contact

Questions about this policy? Email legal@pocketfund.in.

Honest disclosure

PocketFund is a young company. We follow GDPR + DPDP best practices but are not yet SOC 2 / ISO 27001 audited. We'll publish those certifications when (and only when) they actually complete. See Security for details.