Privacy Policy

1. Introduction

SophonEye, Inc., a Delaware corporation doing business as FounderDrills ("Company," "we," "us," or "our"), respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the FounderDrills platform, including our website at founderdrills.com and all related services (collectively, the "Service").

By accessing or using the Service, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with our policies and practices, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

Account Information

When you create an account, we collect:

• Email address (required)
• Name (optional)
• Profile picture (optional, from OAuth providers)
• Password (hashed, for email/password signup)

Payment Information

When you subscribe to a paid tier, we collect payment intent information. However, we do not store your credit card numbers, CVV, or banking details. All payment information is processed and stored securely by our payment processor, Stripe. We store only:

• Stripe customer ID (a reference identifier)
• Stripe subscription ID (a reference identifier)
• Subscription tier and status

Student Verification

If you apply for student pricing, we collect your .edu email address for verification purposes.

Onboarding Information (Optional)

During onboarding, you may choose to provide:

• Founder stage (aspiring, pre-launch, early-stage, growing, serial)
• Professional background (technical, business, design, other)
• Industries of interest
• How you heard about us

Communications

When you contact us, we collect the content of your messages and any information you provide.

2.2 Information Collected Automatically

Learning Progress and Behavioral Data

We automatically collect data about your use of the Service, including:

• Lessons completed and scores
• Exercise responses (selected answers, correctness, time spent)
• XP earned and current level
• Daily streaks and achievements
• Time spent on lessons
• Feature usage patterns

Device and Usage Information

• Browser type and version
• Operating system
• Device type
• IP address (for fraud prevention and rate limiting)
• Referring website
• Pages viewed and features used
• Date and time of access

Cookies and Similar Technologies

We and our third-party partners use cookies, web beacons, and similar technologies. See Section 7 (Cookies and Tracking Technologies) for details.

2.3 Information from Third Parties

OAuth Providers

When you sign in using Google or Microsoft OAuth, we receive:

• Email address
• Display name
• Profile picture URL
• OAuth tokens (for authentication)

We only access information you authorize through your OAuth provider settings.

3. How We Use Your Information

We use the information we collect to:

Provide and Operate the Service

• Create and manage your account
• Deliver educational content and track your progress
• Process transactions and manage subscriptions
• Provide customer support

Personalize Your Experience

• Track your learning progress across sessions
• Calculate XP, levels, and achievements
• Maintain streaks and leaderboard standings
• Power the AI mentor (Ember) with contextual responses

Process Payments

• Process subscription payments through Stripe
• Manage billing cycles and renewals
• Verify student status for discounts

Communicate with You

• Send transactional emails (password resets, subscription confirmations)
• Notify you about changes to the Service
• Respond to your inquiries and support requests

Prevent Fraud and Abuse

• Detect and prevent fraudulent referrals
• Enforce our Terms of Service
• Implement rate limiting to protect the Service

Improve the Service

• Analyze usage patterns and trends
• Fix bugs and improve performance
• Develop new features and content
• Conduct research and analytics

Legal Compliance

• Comply with applicable laws and regulations
• Respond to legal requests and prevent harm
• Protect our rights and property

4. How We Share Your Information

We do not sell your personal information to third parties. We share your information only in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.2 Business Transfers

If SophonEye, Inc. is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your personal information.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court order, subpoena, or government regulation).

4.4 Protection of Rights

We may disclose information when we believe in good faith that disclosure is necessary to:

• Protect our rights, property, or safety
• Protect the rights, property, or safety of our users or others
• Prevent fraud or abuse of the Service
• Enforce our Terms of Service

4.5 Aggregated and De-identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you.

5. Data Retention

We retain your information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

When you delete your account, we will delete or anonymize your personal information within 90 days, except where we are required to retain information for legal purposes.

6. Your Rights and Choices

6.1 Account Information

You can access and update your account information at any time through your account settings. This includes your name, email preferences, and profile information.

6.2 Email Communications

You can opt out of promotional emails by clicking the "unsubscribe" link in any email or updating your preferences. Note that you cannot opt out of transactional emails (such as password resets or subscription confirmations).

6.3 Data Access

You have the right to request access to the personal information we hold about you. To request a copy of your data, please contact us at support@founderdrills.com. We will respond within 30 days.

6.4 Data Deletion

You have the right to request deletion of your personal information. To request account deletion, please contact us at support@founderdrills.com. We will process your request within 90 days, subject to our legal retention requirements.

6.5 Data Correction

If you believe any information we hold about you is inaccurate, you can update it through your account settings or contact us to request correction.

7. Cookies and Tracking Technologies

7.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website. We use cookies and similar technologies for functionality, analytics, and user experience.

7.2 Types of Cookies We Use

Essential Cookies

Required for the Service to function properly.

• Session authentication tokens (30-day duration)
• Firebase authentication cookies

Analytics Cookies

Help us understand how users interact with the Service.

• Google Analytics (_ga, _gid): 2 years / 24 hours

7.3 Local Storage

We use browser local storage for:

• Guest email pre-fill (fd_guest_email)
• UI preferences and state
• AI mentor (Ember) preferences

7.4 Managing Cookies

Most browsers allow you to control cookies through settings. However, disabling cookies may affect Service functionality. To manage cookies:

• Chrome: Settings > Privacy and Security > Cookies
• Firefox: Settings > Privacy & Security > Cookies
• Safari: Preferences > Privacy > Cookies
• Edge: Settings > Privacy, Search, and Services > Cookies

7.5 Do Not Track

Some browsers have a "Do Not Track" feature. We do not currently respond to Do Not Track signals, as there is no industry consensus on how to respond to such signals.

8. California Residents (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

8.1 Categories of Personal Information Collected

In the past 12 months, we have collected the following categories of personal information:

8.2 Your California Privacy Rights

• Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You have the right to request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell your personal information or share it for cross-context behavioral advertising. Therefore, no opt-out is necessary.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

8.3 How to Exercise Your Rights

To exercise your California privacy rights, please contact us at support@founderdrills.com. We will verify your identity before processing your request.

8.4 Authorized Agents

You may designate an authorized agent to make requests on your behalf. We may require verification of your identity and the agent's authority.

9. European Residents (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) and similar laws.

9.1 Legal Basis for Processing

We process your personal data under the following legal bases:

9.2 Your GDPR Rights

You have the following rights:

• Right of Access: Request a copy of your personal data.
• Right to Rectification: Request correction of inaccurate data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your data, subject to legal retention requirements.
• Right to Restrict Processing: Request that we limit how we use your data.
• Right to Data Portability: Request your data in a portable format.
• Right to Object: Object to processing based on legitimate interests.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your country.

9.3 International Data Transfers

Your information may be transferred to and processed in the United States, where our service providers are located. These transfers are protected by:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• EU-US Data Privacy Framework certifications where applicable
• Service provider data processing agreements

9.4 How to Exercise Your Rights

To exercise your GDPR rights, please contact us at support@founderdrills.com. We will respond within 30 days.

10. Security

We implement appropriate technical and organizational measures to protect your personal information, including:

Technical Safeguards

• Encryption of data in transit (TLS/HTTPS)
• Encryption of data at rest
• Password hashing using bcrypt
• Secure session management (JWT tokens)
• Rate limiting to prevent abuse

Organizational Safeguards

• Access controls limiting employee access to data
• Security-focused service provider selection
• Regular security reviews

What We Do NOT Store

• Credit card numbers, CVV, or full payment details (handled by Stripe)
• Government identification numbers
• Health information
• Biometric data

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

11. Children's Privacy

If we learn that we have collected personal information from a child under 18, we will delete that information promptly. If you believe we have collected information from a child under 18, please contact us immediately at support@founderdrills.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated Privacy Policy on our website
• Updating the "Last Updated" date
• Sending an email notification for significant changes

Your continued use of the Service after changes become effective constitutes your acceptance of the revised Privacy Policy.

13. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

For data protection inquiries, please email support@founderdrills.com with the subject line "Privacy Inquiry."

15. Subprocessors

For transparency and GDPR compliance, the following is a list of our current subprocessors as of November 2025:

1. Stripe, Inc.: Payment processing (United States)
2. Google LLC (Firebase): Authentication services (United States)
3. Supabase, Inc.: Database hosting (United States)
4. Google LLC (Analytics): Website analytics (United States)
5. Functional Software, Inc. (Sentry): Error monitoring (United States)
6. Resend, Inc.: Email delivery (United States)
7. Upstash, Inc.: Rate limiting infrastructure (United States)