Back to home

Privacy Policy

Last updated: May 28, 2026

At Startups Map, your privacy is a fundamental priority. This Privacy Policy explains what personal information we collect, why we collect it, how we use and share it, and the rights and choices you have in relation to that information. This policy applies to all users of startupsmap.xyz and our related services.

Terms of ServiceCookie Policy

1. Who We Are

Startups Map ("we", "us", "our") is an online platform connecting startup founders, entrepreneurs, and the broader startup ecosystem. Our platform is accessible at startupsmap.xyz. For the purposes of applicable data protection legislation, Startups Map is the data controller responsible for your personal information collected through our Services.

If you have any questions or concerns about this Privacy Policy or our data practices, please contact our team at [email protected].

2. Information We Collect

We collect different types of information depending on how you interact with our Services:

2.1 Information You Provide Directly

  • Account Information: When you register, we collect your name, email address, and password (stored securely via hashing).
  • Profile Information: Your username, profile photo (avatar), banner image, headline, bio, city, country, interests, what you're looking for, LinkedIn/Twitter/website URLs, and other optional profile fields.
  • Startup Information: Startup name, slug, logo, banner, tagline, description, category, stage, team size, website, location (city, country, and optionally geographic coordinates for map display), social links, and contact email.
  • Messages: Content of direct messages exchanged between founders on our platform.
  • Payment Information: When you subscribe to a paid plan, your payment details (such as card number) are processed directly by Stripe. We do not store your full payment card details on our servers. We do receive and store billing-related metadata such as subscription status, plan type, and transaction IDs.
  • Communications: When you contact us by email or through contact forms, we collect your name, email address, and the content of your message.

2.2 Information Collected Automatically

  • Usage Data: Information about how you interact with our Services, including pages visited, features used, links clicked, time spent on pages, and navigation paths.
  • Device & Browser Information: Your IP address, browser type and version, operating system, screen resolution, language preference, and timezone.
  • Cookies & Tracking Technologies: We use cookies, local storage, and similar technologies to maintain your session, remember your preferences, and analyse usage patterns. See our Cookie Policy for full details.
  • Log Data: Server logs that include your IP address, request timestamps, HTTP method, URL requested, and response codes.
  • Profile View Data: When your profile or startup listing is viewed by other users, we record view counts and, in some cases, the identity of the viewer if they are a logged-in user (to power our "who viewed your profile" feature).

2.3 Information From Third Parties

  • Authentication Providers: If you sign in via a third-party authentication service (such as Google or GitHub), we receive basic profile information such as your name, email address, and profile picture as permitted by that service.
  • Stripe: We receive subscription and billing metadata from Stripe when you make a payment or manage your subscription.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Services: Creating and managing your account, displaying your profile and startup listings, enabling connections and messaging, and delivering platform features.
  • Personalisation: Customising your experience, including surfacing relevant founders and startups based on your location and interests.
  • Communication: Sending you service-related emails (such as account confirmations, password resets, and billing receipts), platform updates, and, where you have opted in, newsletters and product announcements.
  • Payments & Billing: Processing your subscription payments, managing your plan, handling refund requests, and preventing fraudulent transactions.
  • Safety & Security: Detecting and preventing fraud, abuse, spam, and other harmful activities; verifying accounts; and enforcing our Terms of Service.
  • Analytics & Improvement: Understanding how users interact with the Services, identifying bugs and performance issues, and improving our features and user experience.
  • Legal Compliance: Complying with applicable laws, regulations, legal processes, and governmental requests, and enforcing our legal rights.
  • Moderation: Reviewing submitted profiles and startup listings for compliance with our community guidelines before they are made publicly visible.

4. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on the following legal bases to process your personal information:

  • Contract Performance: Processing necessary to fulfil our contract with you (providing the Services you signed up for), including account management, profile display, and payment processing.
  • Legitimate Interests: Processing in our legitimate interests, such as improving the Services, preventing fraud, securing our platform, and sending relevant service communications, provided those interests are not overridden by your rights.
  • Consent: Where we rely on your consent, such as for marketing emails or certain cookie categories, you may withdraw your consent at any time.
  • Legal Obligation: Processing required to comply with applicable laws and regulations.

5. How We Share Your Information

We do not sell your personal information to third parties. We may share your information in the following circumstances:

  • With Other Users: Information you include in your public founder profile or startup listing (such as your name, photo, headline, location, and startup details) is visible to other users of the platform and to the public if your profile is set to public.
  • Service Providers: We share information with trusted third-party service providers that help us operate the Services, including Supabase (database and authentication), Stripe (payment processing), Mapbox (map rendering), and WorkOS (enterprise authentication). These providers are contractually obligated to use your information only as directed by us and in accordance with this Privacy Policy.
  • Business Transfers: If Startups Map is involved in a merger, acquisition, restructuring, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.
  • Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, and safety of Startups Map, our users, or the public.
  • Aggregated / Anonymised Data: We may share aggregated or de-identified information that cannot reasonably be used to identify you (e.g., platform usage statistics) with third parties for research, marketing, or other purposes.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you the Services. Specifically:

  • Account Data: Retained for the duration of your account and for up to 90 days after deletion to allow for account recovery and to comply with legal obligations.
  • Messages: Retained for as long as the conversation is active. Deleted messages may persist in our backups for up to 30 days.
  • Billing Records: Retained for up to 7 years as required by applicable tax and financial regulations.
  • Log Data: Retained for up to 90 days for security and debugging purposes.
  • Analytics Data: Retained in aggregated form indefinitely; raw event data is retained for up to 24 months.

7. Your Rights & Choices

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Rectification: Request that we correct inaccurate or incomplete personal information.
  • Erasure: Request that we delete your personal information ("right to be forgotten"), subject to certain legal exceptions.
  • Restriction: Request that we restrict processing of your personal information in certain circumstances.
  • Portability: Request a structured, machine-readable copy of your personal information to transfer to another service.
  • Objection: Object to our processing of your personal information where we rely on legitimate interests.
  • Withdraw Consent: Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of prior processing.
  • Marketing Opt-Out: Unsubscribe from marketing emails at any time using the link in the footer of our emails or by contacting us.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

8. Data Security

We implement industry-standard technical and organisational security measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS (HTTPS) and at rest.
  • Access controls limiting who within our organisation can access personal data.
  • Use of secure, reputable infrastructure providers (Supabase, Stripe) with their own robust security certifications.
  • Regular security assessments and monitoring for vulnerabilities.
  • Server-side authentication and row-level security policies on our database to prevent cross-user data access.

No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. If you discover a security vulnerability, please report it responsibly to [email protected].

9. International Data Transfers

Startups Map operates globally. Your information may be stored and processed in countries other than your own, including countries that may not provide the same level of data protection as your home country. Where we transfer personal data from the EEA, UK, or Switzerland to countries that have not received an adequacy decision, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission.

10. Children's Privacy

Our Services are not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected personal information from a child under 16, we will take steps to delete that information as quickly as possible. If you believe we have collected information from a child under 16, please contact us at [email protected].

11. Cookies & Tracking Technologies

We use cookies and similar technologies to provide and improve our Services. For detailed information about the types of cookies we use, their purposes, and how to control them, please see our Cookie Policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email or by posting a notice on our website at least 14 days before the changes take effect. We encourage you to review this page periodically. Your continued use of the Services after any changes constitutes your acceptance of the revised Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests about this Privacy Policy or our data practices, please reach out:

Startups Map — Privacy Team

Email: [email protected]

Website: startupsmap.xyz