Privacy Policy

1. Introduction

Risehat (“Risehat,” “we,” “our,” or “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our mobile application, website, and related services (collectively, the “Service”).

This Privacy Policy applies to all users of the Service, including Founders, startups, organizations. employees, and visitors. It covers information collected directly from you, automatically through your use of the Service, and from third-party sources integrated into the platform.

By accessing or using the Service, you acknowledge that you have read, understood, and agree to the data practices described in this Privacy Policy and consent to the collection, use, processing, and disclosure of your information as outlined herein. This Privacy Policy forms part of, and is incorporated into, Risehat’s Terms of Service.

Your continued use of the Service constitutes your acceptance of this Privacy Policy and any updates we may make from time to time. We process personal data on the legal bases of user consent, contract performance, compliance with legal obligations, and Risehat’s legitimate business interests, as further described in this Policy.

Please note that your personal data may be transferred to, and stored or processed in, jurisdictions other than your country of residence, including Israel and the United States, which may have different data protection standards.

The Service is not intended for individuals under the age of 18, and we do not knowingly collect personal data from children.

2. Scope

This Privacy Policy applies to all personal data and information collected, used, or shared by Risehat in connection with the Service. This includes, but is not limited to:

• Information you provide directly when creating an account, completing a profile, uploading pictures and documents, or communicating with other users or Risehat.
• Information automatically collected through your use of the Service, such as device data, usage patterns, log files, cookies, and similar technologies (as further described in our Cookies and Tracking Technologies section or policy).
• Payment and billing information provided during subscription transactions. Please note that full payment details are collected and processed by our third-party payment processor (such as Stripe); Risehat only receives limited transaction data necessary for account management and compliance.
• Information obtained from third-party services that you connect to the Service, such as scheduling tools, single sign-on (SSO) providers, or authentication services.
• Communications and content shared through messaging, scheduling, and other interactive features of the Service.
• Verification data submitted to confirm eligibility, credentials, or professional status.

This Privacy Policy does not apply to any data collected outside of the Service or by third parties not acting on behalf of Risehat. Where Risehat integrates with third-party services, those services may process your data as independent controllers subject to their own privacy policies.

3. Information We Collect

Risehat collects the following categories of information to provide, maintain, and improve the Service, to fulfill contractual and legal obligations, to personalize and enhance user experience, and to protect the security and integrity of the platform:

A. Information You Provide Directly

We collect information that you voluntarily provide when creating an account, completing your profile, participating in activities within the Service, or contacting us. This may include:

• Full name, title, email address, password, pictures, LinkedIn profile URL, and professional background.
• Profile information including startup or organization details, co-founders, stage, industries, AI preferences, and scheduling preferences.
• Billing information, collected and processed securely by third-party payment processors (e.g., Stripe).
• Content of messages, communications, and other user-generated content shared through the Service.
• Documents uploaded for eligibility verification.
• Information provided through customer support requests or inquiries.

Purpose: To provide the Service, verify eligibility, facilitate connections and communications, process payments, pro vide support, and comply with legal obligations.

Certain information is required to create an account and use the Service. Failure to provide requested data may result in limited functionality or inability to access the Service.

B. Information Automatically Collected

When you access or use the Service, we automatically collect technical and usage data, including:

• Device information (type, operating system, browser type, unique device identifiers, crash data).
• IP address and geographic location (based on IP).
• Log data (access times, pages viewed, app features used, and interaction data).
• Cookies, web beacons, pixels, session identifiers, and similar tracking technologies (see our Cookies and Tracking Technologies section or policy for details).

Purpose: To operate the Service, perform analytics, improve performance, ensure security, detect fraud, and enhance user experience.

C. Information from Third-Party Integrations

If you connect third-party services to your Risehat account or use integrated tools, we may receive:

• Email delivery providers (e.g., SendGrid): Email delivery status, open and click metrics, and related communication data.
• Scheduling tools (e.g., Calendly, Google Calendar): Scheduling links, availability, and meeting preferences.
• Payment processors (e.g., Stripe): Payment status, billing history, and subscription details. Sensitive payment data (e.g., full card numbers) is processed directly by the payment processor and is not stored by Risehat.
• Analytics providers (e.g., Mixpanel): Usage data and engagement metrics.
• Chat / messaging providers (e.g., Sendbird): Metadata such as message times, delivery status, and user interaction data.

Purpose: To facilitate Service functionality, process transactions, improve user experience, and provide customer support.

Third-party data collection and use are governed by the privacy policies of those services. Risehat uses third-party data solely to provide and improve the Service, not for unrelated purposes.

D. Other Information

We may also collect:

• Publicly available information or data from trusted third-party sources, to verify eligibility or enhance user profiles, subject to applicable law.
• Aggregated and anonymized data for analytics, reporting, industry insights, and Service improvement.

Please note, Risehat is not responsible for the privacy or confidentiality of startup profiles once shared with organizations or employees. If a shared link or profile is forwarded, accessed, or otherwise disclosed outside your organization, Risehat bears no responsibility for any resulting access or exposure of that information.

E. Sensitive Information Disclaimer

We do not intentionally collect sensitive personal information such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health information, or government-issued identification numbers (except as strictly necessary for eligibility verification). We request that you do not submit sensitive data in profiles, messaging, or customer support inquiries.

If you voluntarily provide sensitive information, you acknowledge that you do so at your own risk, and Risehat disclaims liability for any use, disclosure, or processing of such data beyond what is strictly required to deliver the Service.

4. How We Use Your Information

We collect and use your information for the following purposes:

• To provide, operate, and maintain the Service, including enabling account registration, profile creation, connecting, messaging, and scheduling features.
• To verify your eligibility and prevent fraudulent or unauthorized accounts, including identity and organization verifications.
• To process payments and manage subscriptions, including billing, renewals, and payment dispute resolution, through secure third-party payment processors.
• To communicate with you, including sending transactional emails, service updates, security alerts, policy changes, and important notifications about your account and the Service.
• To personalize and improve the Service, including conducting research, analysis, testing, and developing new features or services.
• To maintain the security, integrity, and stability of the Service, including fraud prevention, monitoring for suspicious activity, and enforcing our Terms of Service.
• To comply with legal obligations, such as responding to lawful requests from government authorities or legal processes.
• To enforce our rights and protect against legal liability, including pursuing or defending against claims arising from your use of the Service.
• To market the Service and communicate promotional offers or opportunities, subject to your communication preferences and applicable law. You may opt out of promotional emails at any time through your account settings or by following the unsubscribe instructions in our communications.
• To use aggregated or anonymized data for reporting, analytics, industry insights, and business improvement purposes. This data does not personally identify any individual user and is processed under Risehat’s legitimate business interests.

We do not sell or rent your personal data to third parties for their direct marketing purposes or for any unrelated commercial use.

Legal Bases for Processing (GDPR, UK GDPR, and Similar Laws)

If you reside in the European Economic Area (EEA), United Kingdom (UK), or other regions with similar data protection laws, we process your personal data based on the following legal grounds:

• Contractual necessity: To provide the Service and fulfill our contractual obligations to you, including creating and maintaining your account, facilitating matches, and processing payments.
• Legitimate interests: To operate and improve our business, maintain the security and integrity of the Service, prevent fraud, and market our offerings (unless overridden by your fundamental rights and freedoms). This basis also applies to the use of aggregated or anonymized data for analytics and industry insights.
• Legal obligations: To comply with applicable laws, regulations, and lawful requests from authorities.
• Consent: Where required, we may rely on your consent to process your information for specific purposes, such as marketing communications. You may withdraw your consent at any time by updating your communication preferences or contacting us.

International Data Transfers: Your data may be transferred to, and stored or processed in, jurisdictions outside your country of residence, including Israel and the United States. Where required, such transfers are governed by Standard Contractual Clauses or other legally recognized safeguards.

No Profiling or Automated Decision-Making: Risehat does not engage in automated decision-making, including profiling, that produces legal effects or similarly significant outcomes for users.

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

• Providing and operating the Service.
• Complying with legal, accounting, or reporting requirements.
• Enforcing our agreements and protecting our legal rights.
• Maintaining business records and data backups in accordance with our data retention policies.

Retention Periods:

Personal data is retained for the duration of your account’s active status and for a period of up to 5 years after account deletion or termination, depending on the type of data and applicable legal requirements. For example:

• Profile, connections, and communications data - deleted upon account closure, subject to backup retention.
• Verification documents - deleted upon account closure, subject to backup retention.
• Payment and billing records - retained for at least 7 years as required by tax and financial regulations.
• Anonymized or aggregated data - retained indefinitely for research, reporting, and business analytics, provided it does not personally identify you.

If you delete your account or if your account is terminated, we will permanently delete your profile, connections, messages, and other user-generated content, except as necessary to:

• Retain backups and archives for a limited period (typically 30-90 days).
• Comply with legal obligations or regulatory requirements.
• Resolve disputes or enforce our agreements.
• Maintain necessary business records.

Legal Holds and Disputes:

Data may be retained longer where necessary to comply with legal holds or where retention is required to address ongoing or anticipated disputes or investigations.

User Rights:

You may request deletion of your data at any time, subject to certain legal or contractual limitations. For more information, please see the "Your Rights" section below or contact privacy@risehat.com.

6. Security

Risehat implements reasonable administrative, technical, and physical safeguards designed to protect your personal data during collection, transmission, and storage. These measures are appropriate to the nature, scope, context, and sensitivity of the personal data we collect and are intended to protect against unauthorized access, disclosure, alteration, or destruction.

However, no method of electronic transmission or storage is entirely secure, and we cannot guarantee absolute security. By using the Service, you acknowledge and accept that there are inherent security risks in transmitting data online and that Risehat cannot be held liable for breaches or losses resulting from circumstances beyond our reasonable control.

Your Responsibilities:

You are responsible for safeguarding your account credentials, selecting a strong and secure password, and maintaining the confidentiality of any login information. You agree to notify Risehat immediately at support@risehat.com if you believe your account has been accessed without authorization or if you suspect any security breach related to the Service.

Third-Party Services:

While we implement security measures for the Service, we are not responsible for the security practices of third-party services you may use in connection with Risehat, including payment processors (e.g., Stripe), scheduling tools, marketing tools, analytics tools, or communication platforms. Your use of such services is subject to their respective security policies. Where required, Risehat enters into contracts with third-party service providers that obligate them to implement appropriate security measures and comply with applicable data protection laws.

Security Incidents:

If we become aware of a data breach or security incident affecting your personal data, we will notify you as required by applicable law and take reasonable steps to mitigate the impact.

We continually review and update our security practices to address new threats and maintain the integrity of the Service.

8. Third-Party Services

The Service may integrate with or provide access to third-party tools, services, and platforms, including but not limited to payment processors (such as Stripe), scheduling tools (such as Calendly), analytics providers (such as Mixpanel), and communication platforms (such as Sendbird & SendGrid).

Your use of any third-party services in connection with Risehat is entirely at your discretion and subject to the terms of service and privacy policies of those third parties. We encourage you to review the privacy policies and terms of any third-party services you choose to use in connection with the Service.

Where Risehat engages third parties as data processors (such as payment processors or cloud hosting providers), we require those parties to implement appropriate privacy and security safeguards and to process your personal data solely for the purposes of providing the Service and complying with legal obligations. Data shared with such processors is limited to what is necessary for those purposes.

Some third-party services (such as scheduling tools or analytics providers) may act as independent data controllers. Risehat does not control and is not responsible for the content, privacy practices, data collection, processing, storage, or security measures of such independent third-party services. Your interactions with these services are governed solely by their respective policies and agreements.

Risehat is not liable for any loss, damage, unauthorized access, data breach, or other harm arising from your use of third-party services, even if such services are integrated into or accessible through the Service. You acknowledge that the availability, features, and policies of third-party services may change without notice and that Risehat does not guarantee their continued availability or functionality.

The Service may also contain links to third-party websites or resources. Such links are provided for convenience only, and Risehat does not endorse or assume responsibility for the content or privacy practices of third-party sites.

Your use of third-party services and linked sites is at your own risk.

Cookies and Tracking: The use of certain third-party tools, including analytics and tracking technologies, is further described in our Cookie Policy.

9. International Users

If you access the Service from outside Israel, you acknowledge and agree that your personal data may be transferred to, stored in, and processed in Israel and the United States and other countries where Risehat and its service providers, processors, and sub-processors operate. These jurisdictions may have data protection laws that differ from, and may be less protective than, the laws of your country of residence.

By using the Service, you consent to the transfer and processing of your information in Israel and the United States and other jurisdictions, including any onward transfer to third parties assisting in providing the Service as described in this Privacy Policy. Where applicable, such transfers are necessary for the performance of the contract between you and Risehat.

Safeguards for International Transfers:

Risehat takes reasonable measures, including appropriate technical and organizational safeguards, to protect your personal data in accordance with this Privacy Policy and applicable law.

For users in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, Risehat implements legally recognized safeguards for cross-border data transfers. These may include Standard Contractual Clauses (SCCs) approved by the European Commission, the UK International Data Transfer Addendum (UK Addendum) or International Data Transfer Agreement (IDTA), or other lawful transfer mechanisms as required by applicable law.

By continuing to use the Service, you acknowledge and accept that cross-border data transfers are necessary to provide the Service and consent to such transfers where consent is required by law.

10. Children's Privacy

The Service is intended solely for individuals aged 18 and older. We do not knowingly collect, solicit, or process personal information from children under the age of 18.

By using the Service, you represent and warrant that you are at least 18 years of age. If we learn that we have inadvertently collected personal data from an individual under the age of 18 without verified parental consent, we will take reasonable steps to delete such information as soon as possible and will not use such data for any purpose except to comply with deletion requests or legal requirements.

While privacy laws in some jurisdictions (such as Israel, the United States, European Economic Area, United Kingdom, and certain U.S. states) may establish varying minimum ages for consent (typically between 13 and 16), Risehat’s Service requires all users to be at least 18 years old, regardless of jurisdiction.

We do not employ active age verification technology and rely on user self-representation regarding age. Risehat is not liable for any false representations regarding age provided by users or for any unauthorized use of the Service by minors.

If you are a parent or legal guardian and believe that your child under 18 has provided us with personal information, please contact us immediately at privacy@risehat.com so that we can delete the information.

The Service is not directed to or intended for use by anyone under 18.

11. Changes to this Privacy Policy

Risehat reserves the right to update, modify, or replace this Privacy Policy at any time, at our sole discretion. Changes may be made to reflect updates in our practices, legal requirements, or Service features.

Notice of changes will be provided by one or more of the following methods:

• Posting the updated Privacy Policy within the Service;
• Sending an email to the address associated with your account;
• Or by other reasonable means.

The updated Privacy Policy will include a revised "Effective Date." Changes will become effective immediately upon posting unless otherwise specified.

For material changes - such as introducing new categories of personal data, new uses of data, or new third-party recipients - Risehat will provide advance notice where required by law. In certain cases, we may seek your renewed consent before implementing material changes.

Your continued use of the Service after any changes take effect constitutes your acceptance of the updated Privacy Policy, except where explicit consent is required by law. If you do not agree to the revised policy, you must discontinue use of the Service and, if applicable, cancel your account before the changes take effect.

It is your responsibility to review the Privacy Policy periodically for any updates. Risehat is not liable for any loss, damage, or inconvenience resulting from your failure to review or comply with changes to the Privacy Policy.