Privacy

Privacy Policy.

Plain-English summary first, full policy below. We do not sell your data, ever, and we do not use your business information to train AI models.

Last updated · 27 April 2026

The short version

  • We collect only what we need to write your plan and run your account.
  • We never sell, rent, or share your business information.
  • Your business data is never used to train any AI model.
  • We use cookies for sessions and Google Analytics for traffic measurement.
  • You can request a copy or deletion of your data at any time by emailing support@fundedplan.com.

1. Who we are

FundedPlan, LLC is a Delaware limited liability company headquartered at Dover, DE 19904, United States. In this policy, "FundedPlan", "we", "us", and "our" refer to FundedPlan, LLC. "You" refers to anyone who visits our website or purchases a deliverable package.

For privacy questions, the data controller is FundedPlan, LLC and you can reach us at support@fundedplan.com.

2. What we collect

Account data. Name, email address, password hash, billing details, and any profile information you provide.

Project data. Everything you submit through the questionnaire — business description, financial assumptions, team information, market context, supporting documents.

Payment data. Card details and billing address are collected and processed by our payment processor (Stripe). We do not see or store full card numbers.

Usage data. Page views, clicks, device type, browser type, IP address, referring URL, and session duration. Collected through cookies and Google Analytics.

Communications. Emails you send us, live chat transcripts, and support tickets.

3. How we use it

  • To produce your business plan and financial model.
  • To deliver, support, and improve our service.
  • To process payments and send receipts.
  • To send transactional emails (delivery notifications, account changes, password resets).
  • To send occasional product updates — you can opt out at any time.
  • To detect fraud, abuse, and security incidents.
  • To comply with legal obligations (tax records, lawful requests).

4. Legal basis (GDPR)

If you are in the EU, UK, or other GDPR jurisdictions, we process your data under one of the following legal bases:

  • Contract. To deliver the service you purchased.
  • Legitimate interests. To run, secure, and improve our service.
  • Consent. For marketing emails and non-essential cookies.
  • Legal obligation. To meet tax, accounting, and lawful disclosure requirements.

5. Cookies and analytics

We use a small number of cookies to keep you logged in, remember your preferences, and measure how visitors use the site. We use Google Analytics to understand traffic patterns in aggregate. Google Analytics is configured with IP anonymization and we do not enable advertising features.

For full detail on each cookie and how to disable them, see our Cookies Policy.

6. AI and your data

We use AI tools internally to accelerate research, drafting, and modeling. Your business information is never used to train any AI model. All third-party AI providers we use have been configured for zero data retention on our account.

7. Sub-processors

We share the minimum necessary data with the following sub-processors. All are bound by data processing agreements that require GDPR-equivalent protections.

  • Vercel — website and application hosting (United States).
  • Supabase — database, authentication, and file storage (United States).
  • Stripe — payment processing (United States).
  • Anthropic — AI provider for content generation (United States, zero data retention configured).
  • Google Analytics — traffic analytics (United States, IP anonymization enabled).
  • Calendly — demo scheduling (United States).
  • Tawk.to — live chat support (United States).
  • Trustpilot — review collection (Denmark, EU).
  • Amazon Web Services — backend compute and storage (United States).

We update this list whenever a sub-processor is added or removed. The current version is always on this page.

8. International transfers

FundedPlan is based in the United States. If you are outside the US, your data will be transferred to and stored in the US. Where required (such as transfers from the EU), we rely on Standard Contractual Clauses or equivalent safeguards.

9. How we store and protect it

Your data is encrypted in transit (TLS 1.2+) and at rest (AES-256). We host on SOC 2-compliant infrastructure and limit internal access to staff who need it to deliver your project. See our Security page for details.

10. Retention

Project data is retained for 24 months after delivery so you can request re-downloads. After that, it is permanently deleted. Account and billing records are retained for as long as required by tax and accounting law (typically 7 years in the US). Anonymized usage logs are retained for up to 26 months.

You can request earlier deletion of your project data at any time by emailing support@fundedplan.com.

11. Sharing

We do not sell, rent, or trade your personal data. We share it only with the sub-processors listed above, and only the minimum needed to operate the service. We may also disclose data when required by law, court order, or to protect our rights, property, or users.

If FundedPlan is acquired or merges with another company, your data may transfer to the new owner. We will notify you before any such transfer takes effect and give you the option to delete your data first.

12. Your rights

Depending on your jurisdiction, you may have rights to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your data (subject to legal retention requirements).
  • Export your data in a portable format.
  • Restrict or object to certain processing.
  • Withdraw consent for marketing at any time.
  • Lodge a complaint with your local data protection authority.

To exercise any of these rights, email support@fundedplan.com. We will respond within 30 days.

13. California residents (CCPA / CPRA)

California residents have the right to know what personal information we collect, to request deletion, to correct inaccurate information, and to opt out of the "sale" or "sharing" of personal information.

We do not sell or share your personal information as those terms are defined under the CCPA and CPRA. To exercise any California-specific right, email support@fundedplan.com.

14. Children

FundedPlan is not directed at children under 16, and we do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

15. Data breach notification

In the unlikely event of a data breach affecting your personal information, we will notify affected users without undue delay, and in any case within the timelines required by applicable law (72 hours for GDPR-relevant breaches).

16. Changes to this policy

We may update this policy occasionally. The current version is always posted on this page with the "Last updated" date. Material changes will be communicated by email or in-app notice before they take effect.

17. Contact

Questions about this policy or how we handle your data? Email us at support@fundedplan.com.

FundedPlan, LLC
Dover, DE 19904
United States