Privacy & Data Protection

Last updated: December 15, 2025

Startup Heist (“Startup Heist,” “we,” “us”) respects your privacy. This Privacy & Data Protection notice explains what we collect, why we collect it, how we use it, and the choices you have.

If you have questions, contact: hello@startupheist.com.

What we collect

Information you provide

• Account info: name (if provided), email address, password (stored securely by our platform, not in plain text).
• Subscription & billing info: plan, payment status, invoices/receipts, and limited payment metadata (we do not store full card numbers).
• Communications: messages you send us (e.g., to hello@startupheist.com, ops@startupheist.com, briefings@startupheist.com, press@startupheist.com, research@startupheist.com) and any attachments/screenshots you include.
• Submissions: tips/leads you submit (links, notes, and any optional contact details you include).

Information collected automatically

• Usage data: pages viewed, clicks, referrers, approximate location (city/region), device/browser info, and general site interaction metrics.
• Cookies / similar tech: used for login sessions, security, preferences, and (optionally) analytics.

How we use your information

We use your information to:

• Provide and operate the site and newsletter (including account access and paid membership)
• Process payments and manage subscriptions
• Send briefings, product updates, and service emails (e.g., billing notices, authentication, deliverability)
• Respond to support requests and troubleshoot issues
• Improve content, site performance, and user experience
• Protect against spam, fraud, abuse, and security incidents
• Comply with legal obligations

Legal bases (EEA/UK visitors)

If you are in the EEA/UK, we process personal data under these bases:

• Contract: to provide your membership/newsletter and fulfill purchases
• Consent: for optional marketing/analytics and certain communications where required
• Legitimate interests: to secure our service, prevent abuse, and improve our product/content
• Legal obligation: tax, accounting, and compliance requirements

Who we share data with

We share data only as needed to run Startup Heist, including with:

• Payment processors (to charge you and manage subscriptions)
• Newsletter / website hosting providers (to host the site, manage accounts, and deliver emails)
• Analytics and performance providers (if enabled)
• Security and anti-abuse tools (spam prevention, rate-limiting, fraud monitoring)
• Professional advisors (legal/accounting) when necessary
• Authorities if required by law or to protect rights/safety

We do not sell your personal information.

Cookies and tracking

We use essential cookies for:

• Login/authentication
• Security
• Basic site functionality

We may also use analytics cookies to understand site usage and improve Startup Heist. If you prefer, you can disable non-essential cookies via your browser settings and/or any cookie banner controls (if enabled).

Email preferences

• Briefings and membership emails are part of the service.
• You can unsubscribe from non-essential marketing emails using the link in those emails.
• If you have trouble unsubscribing or changing your email, contact hello@startupheist.com.

Data retention

We keep personal data only as long as needed for:

• Providing the service
• Legitimate business purposes (e.g., improving/operating Startup Heist)
• Legal/tax/accounting requirements

Support emails and submissions may be retained to maintain continuity, prevent repeat issues, and improve our systems.

Security

We use reasonable administrative, technical, and organizational safeguards to protect information. No method of transmission or storage is 100% secure, but we work to protect your data and limit access on a need-to-know basis.

Your rights and choices

Depending on your location, you may have rights to:

• Access, correct, or delete your personal data
• Object to or restrict certain processing
• Receive a copy of your data (data portability)
• Withdraw consent (where processing is based on consent)

To exercise these rights, email hello@startupheist.com. We may need to verify your identity.

California notice (CPRA/CCPA): We do not sell personal information. You may request access or deletion by emailing hello@startupheist.com.

International transfers

If you access Startup Heist from outside the United States, your information may be processed in countries with different data protection laws. We take steps designed to protect your information consistent with this policy.

Children

Startup Heist is not intended for children under 13, and we do not knowingly collect personal data from them.

Third-party links

Our content may link to third-party sites. Their privacy practices are governed by their own policies, not ours.

Changes to this policy

We may update this notice from time to time. If changes are material, we’ll update the “Last updated” date and may provide additional notice where appropriate.