Skip to main content

Privacy Policy

Last updated: February 26, 2026

1. Information We Collect

We collect information you provide directly: name, email, phone number, organization details, and financial information necessary for fund operations. We also collect usage data (pages visited, features used, session duration) and device information (browser type, IP address, operating system).

2. Sensitive Financial Data

Social Security Numbers (SSN), Employer Identification Numbers (EIN), wire transfer details (account numbers, routing numbers), and signature images are encrypted using AES-256-GCM before storage. These values are never logged, cached in plaintext, or exposed in API responses. Access is restricted to the data owner and authorized administrators with a valid audit trail.

3. How We Use Your Information

We use your information to: (a) provide and maintain the Service; (b) process investor onboarding and fund operations; (c) send transactional emails (verification, wire confirmations, document notifications); (d) comply with legal obligations including SEC regulations; (e) improve and optimize the Service; (f) prevent fraud and abuse.

4. Multi-Tenant Data Isolation

Every database query is scoped by organization ID (org_id). Your data is never accessible to users outside your organization. Each tenant's data is logically isolated at the application and database level.

5. Data Sharing

We do not sell your personal information. We share data only with: (a) service providers necessary to operate the platform (cloud hosting, email delivery, payment processing); (b) as required by law, regulation, or legal process; (c) to protect the rights, safety, or property of FundRoom AI, our users, or the public.

6. Third-Party Services

We use the following categories of service providers: cloud infrastructure (Vercel, AWS/Cloudflare for storage), database (Supabase/PostgreSQL), email delivery (Resend), payment processing (Stripe), error monitoring (Rollbar), and analytics (PostHog — opt-in, respects cookie consent).

7. Cookies & Tracking

We use essential cookies for authentication and session management. Analytics cookies (PostHog) are only activated after explicit user consent via our cookie consent banner. We respect Do Not Track (DNT) browser signals.

8. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Audit logs are retained per your organization's configured retention period (default: 7 years for SEC compliance). Upon account deletion, personal data is removed within 30 days, except where retention is required by law.

9. Your Rights

You have the right to: (a) access your personal data; (b) correct inaccurate data; (c) delete your data (subject to legal retention requirements); (d) export your data in machine-readable format; (e) object to data processing; (f) withdraw consent for analytics tracking at any time.

10. Security Measures

We implement security measures including: AES-256-GCM encryption at rest, TLS 1.3 in transit, RBAC with edge-level JWT enforcement, rate limiting, CSRF protection, Content Security Policy headers, and regular security audits.

11. Children's Privacy

The Service is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least 30 days before they take effect.

13. Contact

For privacy-related inquiries, contact our Data Protection Officer at privacy@fundroom.ai.

FundRoom AI provides technology tools for fund administration and investor management. FundRoom AI is not a broker-dealer, investment adviser, or funding portal, and does not provide investment advice or recommendations. Securities offerings are made solely by the issuing entities. All investments involve risk, including the possible loss of principal.

© 2026 FundRoom AI. All rights reserved.