Privacy Policy
Effective date: [Effective date]
This Privacy Policy explains how [Legal Entity Name] (“Giolinko”) collects, uses, and shares personal information when you use Giolinko (the “Service”). By using the Service you agree to this Policy.
1. Information we collect
- Account information — your email address, and name if you provide it (e.g. via Google sign-in).
- Membership & billing — your subscription status and billing period. Payment card details are collected and processed by Stripe; we do not store full card numbers.
- Business / application information — if you list a business: company name, website, category, location, phone, stage, pitch, deck link, traction, use of funds, and expectations. This profile is shown to members when your business is up for a vote.
- Payout / KYC information — if you are a grant recipient, identity and payout details are collected and verified by Stripe Connect to meet legal (KYC/AML) requirements. Giolinko receives only limited status information (e.g. whether payouts are enabled).
- Activity — votes you cast, contributions, and grants, recorded to operate cycles and the fund.
- Technical data — a session cookie for authentication, plus standard log/device data (IP, browser, timestamps).
2. How we use information
- To create and manage your account and membership, and process payments (via Stripe).
- To run weekly cycles: displaying business profiles, recording votes, selecting recipients, and paying grants.
- To communicate with you — sign-in links, receipts, cycle and award notifications, and support (email is delivered via [startupAid’s email service]).
- To maintain the public fund ledger (money in, platform fee, and grants out).
- For security, fraud/abuse prevention, integrity of voting, and to comply with legal obligations.
3. Legal bases (where applicable, e.g. GDPR/UK GDPR)
We process personal data to perform our contract with you (providing the Service), for our legitimate interests (security, integrity, improving the Service), to comply with legal obligations (tax, KYC/AML), and with your consent where required. You may withdraw consent where processing is based on it.
4. How we share information
- Stripe — payment processing (Billing) and recipient verification & payouts (Connect).
- Email provider — [startupAid] to deliver transactional email.
- Service providers — hosting, database, and infrastructure vendors acting on our behalf.
- Members — your business profile (if you list one) is visible to members for voting.
- Legal / safety — where required by law, to enforce our Terms, or to protect rights and safety.
- Business transfers — in a merger, acquisition, or sale of assets, subject to this Policy.
We do not sell your personal information.
5. Public ledger & transparency
Fund activity — contributions, the platform fee, and each grant — is published on a public ledger to support transparency. Amounts and timing are public; the ledger is not intended to publish your name or contact details.
6. Cookies
We use a strictly necessary, HTTP-only session cookie to keep you signed in. [Describe any analytics or optional cookies and how to control them, if used.]
7. Data retention
We keep personal data for as long as your account is active and as needed to provide the Service, then for the period required to meet legal, tax, accounting, and fraud-prevention obligations, after which we delete or anonymize it. Ledger and grant records may be retained for audit and legal compliance.
8. Your rights
Depending on where you live, you may have the right to access, correct, delete, or port your data, to object to or restrict certain processing, and to lodge a complaint with a data protection authority. To exercise these rights, contact [privacy@giolinko.com]. We may need to verify your identity first.
9. Security
We use administrative, technical, and organizational measures to protect personal data (including HTTP-only session cookies and delegating card/KYC data handling to Stripe). No method of transmission or storage is 100% secure.
10. International transfers
Your information may be processed in countries other than yours, including by Stripe and our providers. Where required, we use appropriate safeguards for such transfers.
11. Children
The Service is not directed to, and may not be used by, anyone under 18. We do not knowingly collect data from children.
12. Changes
We may update this Policy and will post the new version with an updated effective date, notifying you where required.
13. Contact
Privacy questions or requests: [privacy@giolinko.com]. Data controller: [Legal Entity Name], [registered address]. [Appoint an EU/UK representative or DPO if required.]
