Privacy Policy

1. Who We Are

One Startup a Day (OSD) curates real founder problems and turns them into actionable startup ideas. We operate globally from our remote-first team. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you interact with our website, daily drops, and related services (collectively, the "Services").

2. Information We Collect

We collect the minimum data required to deliver a personalised founder experience:

• Account details: Name, email address, authentication provider meta data, and preferences gathered when you register or subscribe via email or Google.
• Usage analytics: Idea cards opened, favourite actions, and session metadata captured through privacy-first analytics (e.g., Simple Analytics) to improve the product without invasive tracking.
• Device & log information: Anonymised IP address, browser, operating system, and referral data used for security, fraud prevention, and debugging.
• Communications: Messages, feedback, survey responses, and support requests that help us improve the Service.

3. How We Use Information

Your data enables us to:

• Deliver daily startup ideas and accompanying research tailored to your preferences.
• Authenticate and secure access to protected founder content.
• Improve idea recommendations, product performance, and user experience.
• Send service-related notifications, policy updates, and product announcements.
• Provide customer support, investigate bugs, and analyse trends.

4. Legal Bases

If you reside in the EEA or UK, we process your data under the following legal bases under the GDPR:

• Contractual necessity: To provide the Services you request when subscribing or creating an account.
• Legitimate interests: To maintain, protect, and improve our platform for founders.
• Consent: For optional communications, beta invitations, or analytics where required.

5. Sharing & Disclosure

We never sell personal information. Limited sharing occurs with:

• Trusted processors: Supabase (authentication & storage), email service providers, analytics tooling, and infrastructure partners bound by strict confidentiality and security commitments.
• Legal requirements: When laws, regulations, or valid legal processes compel us to disclose information.
• Business transfers: In the event of a merger, acquisition, or asset sale, subject to equivalent privacy safeguards.

6. Data Retention

We retain personal data while your account remains active. When you close your account, we delete or anonymise personal data within 30 days unless a longer retention period is required by law or legitimate business interests (e.g., fraud prevention, dispute resolution).

7. Your Rights

Depending on your jurisdiction, you may request access, correction, deletion, restriction, or portability of your personal data. You may also object to certain processing activities. Contact us at reach.onestartupaday@gmail.com to exercise these rights. We respond to verified requests within 30 days.

8. International Transfers

Our infrastructure and vendor ecosystem operate globally. When transferring personal data beyond your jurisdiction, we rely on standard contractual clauses or other lawful transfer mechanisms to ensure equivalent protection.

9. Security

We employ technical and organisational measures such as encryption, access controls, environment segmentation, and continuous monitoring. While no system is invulnerable, these controls help protect your information against unauthorised access or misuse.

10. Children’s Privacy

The Services target founders and professionals aged 16 and above. We do not knowingly collect personal data from children. If you believe a child has submitted information, contact us immediately so we can delete it.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in law, regulation, or our Service. We will post updates on this page and, for material changes, notify you via email or in-app notices. The “Last updated” date reflects the latest revision.

12. Contact

If you have questions, please contact our privacy team: