Privacy Policy

TransFlect (“we”, “us”, or “our”) is an AI-powered platform designed to connect early-stage startups with investors. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit our website or sign up for our waitlist.

TransFlect is currently operated as a pre-launch project from Poland (European Union) by its founder, who acts as the data controller pending incorporation. By using our website or submitting your information, you consent to the practices described in this policy. If you do not agree, please do not use our website or provide your personal data.

We collect the following categories of personal data:

Information you provide directly

• Email address — collected when you join our waitlist.
• Role — whether you are a Founder or an Investor (selected during sign-up).
• Age confirmation — confirmation that you are 18 years of age or older.
• Timestamp — the date and time you submitted the form.

Usage data collected automatically

• Browser type and version.
• Operating system.
• Pages visited and time spent on pages.
• Referring URL.
• IP address (used only for security and fraud prevention).

Cookies and similar technologies

• Strictly necessary cookies: used to store your cookie consent preference (localStorage key tf_cookie_consent). These do not require your consent.
• Analytics cookies: used to understand how visitors interact with our website. These are only activated after you explicitly accept them via our cookie consent banner.

We use your personal data for the following purposes:

• Waitlist management — to place you on our early-access waitlist and contact you when your spot is ready.
• Product communications — to send you updates about TransFlect's launch, features, and important changes.
• Service improvement — to understand how our website is being used and to improve the user experience (analytics data, only if consented).
• Legal compliance — to comply with applicable laws, regulations, and legitimate legal processes.
• Security — to detect and prevent fraudulent or unauthorised access to our systems.

Unsubscribing from product communications

You may opt out of marketing and product update emails at any time. Every such email contains an unsubscribe link in the footer. Alternatively, you may email hello@transflect.com with the subject line “Unsubscribe”. We will process all opt-out requests within 10 business days.

Please note that transactional and service-related messages (for example, confirmation of account deletion, security alerts, or responses to data subject requests) may still be sent after you unsubscribe, as they are necessary to operate the service.

If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction that applies the General Data Protection Regulation (GDPR) or equivalent legislation, we process your personal data on the following legal bases:

• Consent (Article 6(1)(a) GDPR) — for all data collected via the waitlist form and for analytics cookies. You may withdraw your consent at any time by contacting us or by clearing your browser's local storage.
• Legitimate interests (Article 6(1)(f) GDPR) — for security, fraud prevention, and basic usage analytics where consent is not required.
• Legal obligation (Article 6(1)(c) GDPR) — where processing is required to comply with applicable law.

Withdrawal of consent does not affect the lawfulness of processing that occurred before withdrawal.

• Waitlist data (email and role) is retained for the duration of the waitlist period and for up to 24 months after the platform launches, unless you request deletion earlier.
• If you request deletion of your data before launch, we will remove your entry from the waitlist within 30 days.
• Analytics data is retained in accordance with the retention policies of our third-party analytics providers.
• Cookie consent preferences stored in your browser's localStorage persist until you clear your browser data.

Depending on your location, you may have the following rights regarding your personal data:

• Right of access — you may request a copy of the personal data we hold about you.
• Right to rectification — you may request correction of inaccurate or incomplete data.
• Right to erasure — you may request deletion of your personal data ('right to be forgotten').
• Right to data portability — you may request your data in a structured, machine-readable format.
• Right to withdraw consent — you may withdraw consent at any time, without affecting the lawfulness of prior processing.
• Right to object — you may object to processing based on legitimate interests.
• Right to lodge a complaint — you have the right to lodge a complaint with a supervisory data protection authority in your jurisdiction.

To exercise any of these rights, please contact us at privacy@transflect.com.

Response times

• GDPR and UK GDPR requests: we will respond within 30 days of receiving a valid request.
• California (CCPA/CPRA) requests: we will respond within 45 days, extendable by a further 45 days where reasonably necessary, with notice provided to you.

If you are a resident of California, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to know — the categories and specific pieces of personal information we have collected about you, the sources of that information, our purposes for collecting it, and the third parties with whom we share it.
• Right to delete — you may request that we delete personal information we have collected from you, subject to certain exceptions. We process deletion requests using the same procedure described in Section 6.
• Right to correct — you may request that we correct inaccurate personal information we hold about you.
• Right to opt out of sale or sharing — you may direct us not to sell or share your personal information.
• Right to non-discrimination — we will not deny you services, charge you different prices, or provide a different level of quality because you exercised your CCPA rights.

To submit a CCPA request, email privacy@transflect.com with the subject “California Privacy Request”. We will respond within 45 days, extendable by a further 45 days where reasonably necessary.

California residents may designate an authorised agent to submit requests on their behalf. We may require written authorisation from you confirming the agent's authority, and we may verify the identity of both you and the agent before processing the request.

For more information, see our dedicated Do Not Sell or Share My Personal Information page.

We share data with the following third-party service providers only to the extent necessary to operate our service:

Google LLC

We use Google Apps Script and Google Sheets to receive and store waitlist submissions. Data processed includes email address, role, and timestamp. Google's privacy policy is available at policies.google.com/privacy.

TransFlect has accepted Google's Data Processing Amendment (DPA) in accordance with Article 28 of the GDPR. The DPA is available at business.safety.google/adeudpa.

Cloudflare, Inc.

Our website is hosted on Cloudflare Pages. Cloudflare may process IP addresses and usage data for security, performance, and DDoS protection. Cloudflare's privacy policy is available at cloudflare.com/privacypolicy.

Analytics providers

If and when analytics are implemented and you have provided consent, data may be shared with analytics providers. We will update this policy when such providers are added.

We do not sell, rent, or trade your personal data to any third party for marketing purposes.

Some of our third-party processors, including Google LLC, are based outside the European Economic Area (EEA), primarily in the United States. As a result, your personal data may be transferred to and processed in countries that do not have the same data protection laws as the EEA or the United Kingdom.

Where such transfers occur, we ensure they are protected by appropriate safeguards. We rely on the European Commission's Standard Contractual Clauses (SCCs), supplemented by additional technical and organisational measures where required.

You can read more about the SCCs at commission.europa.eu — Standard Contractual Clauses.

In the event of a personal data breach, TransFlect will notify the competent supervisory authority — the President of the Personal Data Protection Office of Poland (UODO) — without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with Article 33 of the GDPR.

Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify affected data subjects without undue delay, in accordance with Article 34 of the GDPR.

This notification policy is also designed to meet equivalent requirements under the UK GDPR and under Quebec's Act respecting the protection of personal information in the private sector (Law 25), which require notification within similar timeframes.

TransFlect is based in Poland, within the European Union, and therefore has an establishment within the EEA. As such, the appointment of an Article 27 GDPR representative for EEA data subjects is not currently required.

If, at any future point, TransFlect no longer has an establishment within the EEA, an EU representative will be appointed prior to that change and this section will be updated with their name and contact details.

Similarly, a UK representative under Article 27 of the UK GDPR will be appointed if and when required by changes to TransFlect's establishment in the United Kingdom.

We use a cookie consent banner to obtain your explicit consent before any non-essential cookies are set. The banner appears on your first visit and your preference is stored in your browser's localStorage.

• Strictly necessary: tf_cookie_consent (localStorage) — stores your consent choice. Not a tracking cookie.
• tf_disclaimer_dismissed (localStorage) — stores whether you have dismissed the investment disclaimer. Not a tracking cookie.
• Analytics cookies: only activated if you click 'Accept All' in the cookie consent banner. If you click 'Reject All', no analytics or tracking cookies are set.

You may change your cookie preference at any time by clearing your browser's localStorage for this site and refreshing the page.

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Our service is not directed at persons under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@transflect.com and we will delete it promptly.

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. If changes are material, we will notify waitlist members by email. Continued use of our website after changes constitutes acceptance of the updated policy.

For general enquiries: hello@transflect.com

For data protection requests (access, deletion, portability, CCPA): privacy@transflect.com