Privacy Policy

We handle your data the way we'd want ours handled — carefully, transparently, and with respect.

Effective: February 9, 2026

1. Who We Are

RaisePilot.io is operated by:

Lech Kaniuk Holding Sp. z o.o.
Zachodnia 70/417
90-403 Łódź, Poland

Data protection contact: privacy@raisepilot.io

We are the data controller for the personal data processed through RaisePilot.io. That means we decide what data is collected, why, and how it's used. If you have any questions about this policy, write to us at the address above.

2. What We Collect

We collect only what we need to match you with relevant investors and help you manage your fundraising pipeline. Here's a clear breakdown:

Data Category What Specifically
Account data Name, email address, password (hashed — we never see it in plain text).
Startup profile Company name, stage, sector, location/country, funding target, check size preference, short description. You provide this during onboarding.
Pipeline data Investors you add, deal stages, notes, follow-up dates, tags. This is your workspace — only you can see it.
Payment data Billing email, subscription plan, payment status. Card details are processed directly by Stripe — we never see or store your full card number.
Usage data Pages visited, features used, session duration. Collected via Google Analytics to help us improve the product.
Technical data IP address, browser type, device type, operating system. Standard web server logs.

3. Why We Collect It

Every piece of data we collect has a specific purpose:

  • To match you with investors. Your startup profile (stage, sector, geography, check size) is compared against our investor database to surface relevant matches.
  • To run your CRM. Your pipeline data powers the deal stages, follow-ups, and notes you manage inside RaisePilot.
  • To process payments. Your billing data lets us manage subscriptions through Stripe.
  • To improve the product. Usage and technical data help us understand what works, what's broken, and what to build next.
  • To communicate with you. Your email is used for account-related messages (password resets, billing updates, critical product changes). No spam.

4. Matching & Your Privacy

This matters, so we're being explicit.

Your startup data is used only for matching. We do not share it with investors, competitors, other founders, or anyone else. No investor sees your profile. No other user sees your pipeline. Your data stays in your account.

Matching works by comparing your startup profile against fund-level criteria in our database (stage focus, sector focus, geography, typical check size, thesis). The matching happens programmatically inside our system. No human at RaisePilot reviews your profile to make matches, and no investor is notified about your profile.

You decide if and when to reach out to any investor. RaisePilot gives you the list — you own the relationship.

6. Third-Party Processors

We use a small number of trusted services to operate RaisePilot. Each processes data only as instructed by us, under Data Processing Agreements (DPAs) where applicable:

Service Purpose Data Processed
Supabase Database, authentication, backend Account data, startup profile, pipeline data
Stripe Payment processing Billing email, card details (Stripe-side only), transaction records
Vercel Hosting and content delivery Technical data (IP, headers), served page content
Google Analytics Product analytics Usage data, anonymized IP, device info

We do not sell your data to anyone. We do not share your data with advertising networks. We do not allow third-party processors to use your data for their own purposes.

7. Cookies & Analytics

RaisePilot uses a limited number of cookies:

Essential cookies

Required for the application to function — authentication sessions, security tokens, and preference settings. These cannot be disabled while using RaisePilot.

Analytics cookies (Google Analytics)

We use Google Analytics with IP anonymization enabled to understand how founders use RaisePilot. This helps us prioritize features and fix problems. We activate analytics cookies only after you give consent via our cookie banner. You can withdraw consent at any time through the cookie settings on the site.

We do not use advertising cookies, remarketing pixels, or social media trackers.

8. Data Retention

We keep your data for as long as your account is active. When you delete your account, here's what happens:

  • Account data, startup profile, and pipeline data: deleted within 30 days of account deletion.
  • Payment records: retained for up to 5 years as required by Polish and EU tax and accounting regulations.
  • Server logs: automatically purged after 90 days.
  • Analytics data: retained in Google Analytics in anonymized/aggregated form. Individual-level data is deleted when you withdraw consent or delete your account.

If you want your data deleted sooner, email us at privacy@raisepilot.io and we'll handle it.

9. International Transfers

Some of our processors (Supabase, Stripe, Vercel, Google) operate servers outside the European Economic Area, including in the United States. When your data is transferred outside the EEA, it is protected by:

  • EU-U.S. Data Privacy Framework (where the processor is certified), or
  • Standard Contractual Clauses (SCCs) approved by the European Commission, or
  • Adequacy decisions by the European Commission for the recipient country.

If you'd like more detail on the safeguards in place for a specific processor, contact us and we'll provide the relevant documentation.

10. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Access. Request a copy of the data we hold about you.
  • Rectification. Ask us to correct inaccurate or incomplete data.
  • Erasure. Ask us to delete your data ("right to be forgotten").
  • Restriction. Ask us to limit how we process your data in certain circumstances.
  • Portability. Receive your data in a structured, machine-readable format.
  • Objection. Object to processing based on legitimate interest.
  • Withdraw consent. Where processing is based on consent (analytics), withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email privacy@raisepilot.io. We'll respond within 30 days.

Right to complain. If you believe we're not handling your data correctly, you have the right to lodge a complaint with the President of the Office for Personal Data Protection (UODO) in Poland: uodo.gov.pl, ul. Stawki 2, 00-193 Warsaw.

11. Security

We take data security seriously:

  • All data is encrypted in transit (TLS/HTTPS) and at rest.
  • Supabase enforces row-level security — your pipeline data is isolated to your account at the database level. No other user can access it.
  • Passwords are hashed using industry-standard algorithms. We never store or see plaintext passwords.
  • Access to production systems is restricted and logged.
  • Stripe handles all card data in a PCI DSS Level 1 certified environment.

No system is 100% secure. If we ever discover a breach affecting your data, we will notify you and the relevant supervisory authority within the timeframes required by GDPR (72 hours).

12. Children

RaisePilot is a business tool for startup founders. We do not knowingly collect data from anyone under 18. If you believe a minor has provided us with personal data, contact us and we will delete it immediately.

13. Changes to This Policy

If we make material changes to this privacy policy, we'll notify you by email and post the updated version here with a new effective date. We won't reduce your rights under this policy without your explicit consent.

14. Contact Us

Questions, concerns, or requests? Reach out.

Email: privacy@raisepilot.io

Postal address:
Lech Kaniuk Holding Sp. z o.o.
Zachodnia 70/417
90-403 Łódź, Poland