Privacy Policy
Last updated: June 2026
This Privacy Policy explains how Future Ventures ("we", "us") collects, uses, discloses, and safeguards information in connection with the Capital Intelligence Platform (the "Service"). The Service is a business-to-business tool used by capital advisors, investment firms, and growth-stage companies to manage fundraising relationships, deal pipelines, investor and company research, communications, and data rooms.
The Service processes two kinds of information: (a) data about you as a user of the Service, and (b) business data that you and your organization upload, import, or generate — which may include personal information about third parties such as investors, founders, and contacts. When you upload personal information about other people, you act as the controller of that data and you are responsible for having a lawful basis to do so; we process it on your behalf as a processor under your instructions.
1. Information We Collect
Account information. When you create an account we collect your name, email address, organization, and role. Authentication is handled by our identity provider, which stores a user identifier and login metadata.
Content you provide. Investors, companies, people and contacts (including names, email addresses, phone numbers, LinkedIn URLs, titles, and biographies), notes, activities, tasks, deals, funds, rounds, and any documents you upload (such as pitch decks, CIMs, and data-room files).
Connected email and meetings. If you connect an email account or import communications, the Service stores message content (subject, body, sender and recipient addresses) and the encrypted access tokens needed to sync. If you import or upload meeting recordings or notes, the Service stores meeting details, attendee lists, transcripts, and AI-generated summaries. You can disconnect these integrations at any time.
Enriched and scraped data. To help you research investors and companies, the Service can retrieve information from third-party data providers and from publicly accessible web pages, and can synthesize it using AI. This enriched data is associated with the relevant records in your organization.
Usage, log, and audit data. We record actions taken in the Service (for security and compliance audit logs), along with technical data such as IP address, user agent, request identifiers, and error diagnostics. Sensitive values (passwords, tokens, API keys) are redacted from logs.
Third-party API keys. If you configure integrations (e.g., enrichment or AI providers), the API keys you supply are encrypted at rest and used only to perform the actions you request.
2. How We Use Information
We use information to: provide, operate, secure, and improve the Service; authenticate users and enforce access controls; perform the enrichment, drafting, summarization, and analysis features you invoke (including AI processing); send transactional and outreach emails you initiate; maintain audit and security logs; provide support; and comply with legal obligations. We do not use your content to train our own or third parties' foundation models.
3. AI and Automated Processing
Several features use large language models to enrich records, draft messages, summarize meetings, critique pitches, and power assistant and agent workflows. When you invoke these features, the relevant content is sent to the AI provider configured for your organization (see sub-processors below) and processed to return a result. These features are assistive — they do not make legal or financial decisions about individuals on our behalf.
4. Sub-Processors and Data Sharing
We do not sell personal information. We share data only with the service providers below, who process it on our behalf to deliver the Service, and only to the extent needed for the feature you use. Some of these providers are engaged only when you enable the corresponding integration. Each provider is governed by its own privacy terms.
| Provider | Purpose | Data shared |
|---|---|---|
| Auth0 (Okta) | Authentication & identity | Account email, name, login metadata |
| Supabase | Managed PostgreSQL database hosting | All platform data you store |
| Brevo | Transactional email delivery (invitations, notifications) | Recipient email, name, message content |
| Instantly.ai | Outbound email campaign delivery (when you enable Outreach) | Contact emails, names, campaign content |
| Apollo.io | Contact & company data enrichment | Names, job titles, company domains |
| Crunchbase | Company & funding data enrichment | Company names |
| Snov.io | Email discovery & verification | Names, company domains, email addresses |
| OpenAI | AI processing (enrichment, drafting, summarization) | Content you submit for processing |
| Anthropic | AI processing (enrichment, drafting, summarization) | Content you submit for processing |
| Cloudflare R2 / S3-compatible storage | Document & data-room file storage | Files and documents you upload |
| Error monitoring & observability (Sentry/GlitchTip, OpenTelemetry) | Diagnostics, reliability, and performance monitoring | Error traces, request metadata (sensitive headers redacted) |
We may also disclose information when required by law, to protect our rights and the safety of users, or in connection with a merger, acquisition, or sale of assets (with notice where required).
5. Data Storage, Security & Isolation
Data is stored in managed PostgreSQL databases with organization-level isolation: every record is scoped to an organization identifier and queries are always restricted to the requesting user's organization. Within an organization, role-based access control and data-room grants govern who can see what; certain roles are scoped to specific companies.
Data is encrypted in transit (TLS). Third-party API keys and connected email tokens are encrypted at rest using AES-256-GCM. Authentication tokens are stored in httpOnly cookies and are never accessible to client-side JavaScript; all API calls are proxied server-side. Sensitive documents shared through data rooms can be gated behind NDA acceptance and watermarked with the viewer's identity and a timestamp, and all document access is recorded in tamper-evident audit logs.
6. Data Retention
We retain your data for as long as your account and organization are active. Security audit logs are retained according to your organization's configured retention window (by default 30 days, configurable between 7 and 90 days). Cached enrichment and operational data expire automatically on short schedules. When an organization is deleted, its users and associated data are removed, except where retention is required by law.
7. International Transfers
Our providers may process data in countries other than your own. Where required, such transfers are made under appropriate safeguards.
8. Cookies
We use strictly necessary cookies to keep you signed in and to protect against cross-site request forgery. These are httpOnly session cookies; we do not use advertising cookies. The public marketing site does not require cookies to browse.
9. Your Rights & Choices
You may request to access, correct, update, or delete your personal information, and may object to or ask us to restrict certain processing. Much of your information can be updated or deleted directly in your account settings. Where we process personal information based on your consent, you may withdraw that consent at any time. We do not sell your personal information.
To make a request, contact us using the details below. We will respond within a reasonable timeframe and may need to verify your identity before acting on a request. If you believe your data has been handled improperly, you may also contact the relevant data-protection authority in your location.
10. Children
The Service is intended for business use and is not directed to individuals under 16. We do not knowingly collect personal information from children.
11. Changes to This Policy
We may update this policy from time to time. We will revise the "Last updated" date above and, for material changes, provide notice through the Service or by email.
12. Contact
For privacy questions or to exercise your rights, email founder@futureventures.ca or reach us through our contact page.