Privacy Policy

Who We Are

FoundersBoxx is a product of Fabric 33 LLC ("we", "us", or "our"). We operate the startup management platform (the
"Service"), which includes tools for financial tracking, investor updates, team management, and more.

What We Collect

We store only the information you enter about your employees and company. This includes names, addresses, phone numbers,
and dates of birth. We do not collect behavioral data or use analytics scripts. No frontend tracking, no session
metrics—just the data you provide.

How We Use Data

We use your data only to operate the Service on your behalf. We don't analyze your data or share it with third parties.
It's yours, and we treat it that way.

---

Third-Party Integrations

You can connect FoundersBoxx to other services. Here's what happens when you do:

Google Calendar

When you connect Google Calendar, we access only the calendar you select. We use it to sync your company events from
FoundersBoxx to your Google Calendar. That's it.

What we access:

• Your list of calendars (so you can choose which one to sync)
• Events in your selected calendar

What we do with it:

• Sync company events to your chosen calendar
• Update or delete synced events when you change them in FoundersBoxx
• Nothing else

What we don't do:

• Access your other calendars or Google services
• Read your personal events for any other purpose
• Share your calendar data with anyone
• Use it for ads or AI training
• Sell it

Your control:

• Disconnect anytime in Calendar settings
• Or revoke access at https://myaccount.google.com/permissions
• When you disconnect, we immediately delete your connection and stop accessing your calendar

Google's policy: FoundersBoxx's use of information received from Google APIs adheres to
the Google API Services User Data Policy, including
the Limited Use requirements.

Accounting Software (QuickBooks & Xero)

Connect your accounting software to import financial data. We only read transactions and accounts you've authorized—we
don't modify your books.

What we access:

• Chart of accounts
• Income and expense transactions
• Bank account balances

What we do:

• Import transactions into your FoundersBoxx financials
• Map accounts to our categories
• Display financial data in your dashboard

What we don't do:

• Modify your accounting records
• Share data with third parties
• Access more than you authorize

Your control:

• Disconnect anytime in Settings → Integrations
• Imported data stays in FoundersBoxx unless you delete it

Slack

Connect Slack to receive notifications about important events (fundraising milestones, metric alerts, etc.).

What we access:

• Permission to post messages to channels you select
• Channel list (so you can choose where notifications go)

What we do:

• Send notifications about your FoundersBoxx activity
• Only to channels you specify

What we don't do:

• Read your Slack messages
• Access DMs or private channels you didn't select
• Post without your explicit configuration

Your control:

• Disconnect in Settings → Integrations
• Configure which notifications go to Slack

---

AI Features

We use AI to help you work faster—generating draft investor updates, analyzing financial trends, and answering questions
about your data.

How it works:

• You can use our AI assistant (powered by Claude or OpenAI)
• Or connect your own API keys

What we send to AI providers:

• Only the specific data you ask about in a conversation
• Context needed to answer your questions (e.g., financial data if you ask about burn rate)

What we don't do:

• We don't train AI models on your data
• We don't share your data with AI providers for their use
• AI providers process your data temporarily to respond, then discard it
• We don't send data to AI unless you actively use an AI feature

Your control:

• AI features are optional—don't use them if you prefer
• Each AI interaction requires your explicit action
• Use your own API keys if you want direct control

---

Legal Basis (EU GDPR)

If you're in the EU:

• You are the data controller responsible for any employee or team data you enter
• We are the data processor acting only on your instructions

Employee Rights

Your employees may have rights regarding their data—including the right to access, correct, or delete it. As the
controller, you handle those requests. We provide tools to help you respond appropriately.

We automatically archive data for employees marked as inactive. You can permanently delete archived records at any time.

Data Security

All data is encrypted in transit and at rest. OAuth tokens and API keys are encrypted using industry-standard
encryption. We use standard authentication methods and keep regular backups. In the event of a breach, we will notify
you promptly.

Retention

Data stays in your account as long as you remain a customer. You control retention of archived data and can delete it at
will. Integration tokens are deleted immediately when you disconnect a service.

International Transfers

If you're located in the EU or elsewhere outside the U.S., please note your data may be processed in the United States.
By using our service, you consent to this transfer and processing.

Cookie Policy

We use only essential cookies needed to run the app. We don't use analytics cookies, tracking pixels, or third-party
cookies of any kind.

• Session cookies – to keep you logged in
• Preference cookies – to remember your settings

Changes to This Policy

If this policy changes, we'll notify you through the Service or by email.

Your Privacy Rights

You have the right to access, correct, or delete your personal data. For integration-specific data deletion or
questions, contact us at [email protected].

Contact

General questions: [email protected] Privacy & data questions: [email protected]