Last updated: January 4, 2026

1. Controller and Contact

The controller responsible for the processing of personal data on this website is:

Danny Quick
Germany
Email: info@foundd.ai

foundd.ai is currently in the process of incorporation. Until a legal entity is formed, Danny Quick remains the data controller under the General Data Protection Regulation (GDPR).

2. Scope and Purpose

This Privacy Policy applies to the processing of personal data on the website foundd.ai. The website is a marketing platform for a B2B service targeting professional investors, venture capital funds, and startups. No user accounts, transactions, or consumer services are offered.

3. Personal Data We Collect

We process the following categories of personal data:

3.1 Contact Inquiries
When you contact us via email or request early access, we collect your name, email address, company name, and any message or information you voluntarily provide.

3.2 Technical Data
When you visit our website, technical data is automatically collected for operational and security purposes, including IP address, browser type and version, operating system, referrer URL, date and time of access, and pages visited.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under Article 6(1) GDPR:

(a) Consent (Art. 6(1)(a) GDPR)
When you voluntarily provide your contact details via an access request or inquiry form, we rely on your consent.

(b) Legitimate Interests (Art. 6(1)(f) GDPR)
Technical data is processed based on our legitimate interest in ensuring the security, stability, and functionality of the website, and in preventing fraud or abuse.

(c) Pre-contractual Measures (Art. 6(1)(b) GDPR)
If you request information or access to our services, processing is necessary to respond to your request and to take steps prior to entering into a potential business relationship.

5. Purpose of Processing

We use your personal data exclusively for the following purposes:

• Responding to contact inquiries and access requests
• Providing information about our services
• Maintaining the security and operation of the website
• Preventing misuse, fraud, or technical issues

We do not use personal data for automated decision-making or profiling.

6. Data Retention

Personal data is retained only as long as necessary for the purposes described in this Privacy Policy:

• Contact inquiries: Retained for the duration of correspondence and deleted after three years unless ongoing communication or a business relationship exists.
• Technical logs: Retained for up to 90 days for security and operational purposes, then deleted or anonymized.

We may retain data longer if required by law or to defend legal claims.

7. Disclosure to Third Parties

We do not sell, rent, or trade your personal data. We may share data with the following categories of recipients only to the extent necessary:

7.1 Service Providers
We engage service providers for website hosting and infrastructure. These processors act solely on our instructions and are contractually bound to comply with GDPR requirements.

7.2 Legal Obligations
We may disclose personal data if required by law, regulation, legal process, or governmental request.

8. International Data Transfers

Personal data is processed within the European Economic Area (EEA). If data is transferred to a third country, we ensure appropriate safeguards under Chapter V GDPR (e.g. standard contractual clauses or adequacy decisions).

9. Your Rights Under GDPR

You have the following rights under the GDPR:

Right of Access (Art. 15 GDPR)
You may request confirmation of whether we process your personal data and obtain a copy of such data.

Right to Rectification (Art. 16 GDPR)
You may request correction of inaccurate or incomplete personal data.

Right to Erasure (Art. 17 GDPR)
You may request deletion of your personal data where processing is no longer necessary, consent is withdrawn, or processing is unlawful.

Right to Restriction of Processing (Art. 18 GDPR)
You may request restriction of processing in certain circumstances (e.g. during verification of accuracy or lawfulness).

Right to Data Portability (Art. 20 GDPR)
You may request that personal data you provided be transmitted to you or another controller in a structured, commonly used, and machine-readable format.

Right to Object (Art. 21 GDPR)
You may object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.

Right to Withdraw Consent
Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

To exercise any of these rights, please contact us at info@foundd.ai.

10. Right to Lodge a Complaint

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

The competent supervisory authority in Germany is:
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Graurheindorfer Str. 153
53117 Bonn, Germany
Website: www.bfdi.bund.de

11. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or disclosure. However, no method of transmission over the Internet or electronic storage is completely secure.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The "Last updated" date at the top of this page indicates when the policy was last revised. Continued use of the website after changes constitutes acceptance of the updated policy.

13. Contact

If you have questions regarding this Privacy Policy or the processing of your personal data, please contact:
Email: info@foundd.ai