Pgrus ("we," "us," or "our") operates the website pgrus.com (the "Platform"), a startup discovery and investment platform connecting builders with investors. This policy explains what data we collect, why we collect it, how we protect it, and your rights.
By creating an account or using the Platform, you agree to the collection and use of information as described in this policy.
Information We Collect
Information You Provide
Account Information: When you register, we collect your full name, username, email address, password (hashed, never stored in plain text), and selected role (builder or investor).
Profile Information: You may optionally add a bio, job title, years of experience, skills, location, profile photo, banner image, and linked accounts (Twitter/X, LinkedIn, GitHub).
Project Information: If you submit a project as a builder, we collect the project name, description, website URL, equity offering details, traction metrics, funding goals, and any documents uploaded to your deal room.
Investment Information: If you express interest in a project as an investor, we collect your interest signals, investment commitment amounts, and any communications within deal rooms.
Verification Data: For KYC verification, we may collect government-issued ID details, date of birth, country of residence, and proof of funds documentation. See Section 4 for how we handle this data.
Communications: Messages sent through the Platform's messaging system, comments on projects, and posts in the community feed.
Information Collected Automatically
Usage Data: Pages visited, projects viewed, features used (upvotes, interest signals, valuation tool queries), timestamps, and session duration.
Device & Browser Data: IP address, browser type and version, operating system, device type, and screen resolution.
Cloudflare Data: As our DNS and CDN provider, Cloudflare may collect IP addresses and request metadata for security purposes including bot detection and DDoS mitigation. This data is governed by Cloudflare's privacy policy.
Cookies: We use essential cookies for authentication and session management. See our Cookie Policy for full details.
How We Use Your Information
We use the information we collect to:
Operate and maintain the Platform, including authentication, project listings, deal rooms, messaging, and the investor directory
Verify your identity and, where applicable, your accredited investor status
Match builders with relevant investors based on project category, stage, and investment preferences
Power the AI valuation tool (project website data and publicly available information are analyzed; your personal data is not sent to AI models)
Send transactional notifications about activity on your account, projects you follow, messages received, and investment round updates
Enforce our Terms of Service and protect against fraud, abuse, spam, and unauthorized access
Analyze aggregated, anonymized usage patterns to improve Platform features and performance
Comply with applicable legal obligations including anti-money laundering (AML) requirements
We do not use your data for behavioral advertising. We do not sell your data. We do not share your data with advertisers.
AI Valuation Tool
The Platform offers an AI-powered valuation tool that analyzes publicly available information about submitted projects (website content, publicly visible traction data). When you use this tool:
Your personal account data is not included in AI analysis requests
Project website content is scraped and analyzed to generate valuation estimates
Valuation results are stored in our database and associated with the project, not with individual users
The AI valuation is an estimate only and does not constitute financial advice or a professional appraisal
Valuation usage is rate-limited (1 anonymous query, 3 per month for signed-in users)
Verification Data & KYC
Identity verification is handled in stages. We take extra care with this data:
Stage 1 (Email Verification)
We verify your email address through a confirmation link. No documents required.
Stage 2 (Identity Verification)
We may collect a government-issued ID and date of birth to verify your identity.
Stage 3 (Proof of Funds)
For investors participating in certain investment rounds, we may collect proof of funds or accredited investor documentation.
How we protect verification data
All KYC documents are encrypted in transit (TLS) and at rest (AES-256)
Documents are accessible only to authorized administrators for review purposes
Verification documents are deleted within 30 days after review is complete
We never share your identity documents or financial records with other users, builders, investors, or third parties unless required by law
Only your verification status (verified/unverified) is visible to other users — never the underlying documents
Data Sharing
We do not sell your personal data. We share information only in the following circumstances:
Service Providers
We use third-party services to operate the Platform. Each processes data only as necessary to provide their service to us:
Supabase
Database hosting and authentication
Vercel
Web hosting and deployment
Cloudflare
DNS, CDN, and security
Resend
Transactional email delivery
Anthropic
AI valuation analysis (project content only)
Other Users
Information you choose to make public — your profile, submitted projects, comments, posts, and upvotes — is visible to other Platform users. Your email address is never publicly displayed unless you choose to include it in your bio.
Legal Requirements
We may disclose your information if required to do so by law, court order, or regulatory request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
Data Storage & Security
Your data is stored on Supabase (PostgreSQL) infrastructure. We implement the following security measures:
TLS encryption for all data in transit
AES-256 encryption for sensitive data at rest
Row-level security (RLS) policies on all database tables ensuring users can only access their own data
Hashed passwords (never stored in plain text)
DMARC email authentication to prevent spoofing
Security headers on all pages (Content-Security-Policy, X-Frame-Options, etc.)
Rate limiting on authentication endpoints, API routes, and the valuation tool
Regular security audits
No system is 100% secure. We strongly recommend using a unique, strong password (12+ characters with uppercase, numbers, and symbols) and enabling any additional security features as they become available.
Data Retention
Account data — retained for as long as your account is active.
Project data — retained for as long as the project listing is active on the Platform.
Messages — retained for as long as both participants have active accounts, unless individually deleted.
KYC documents — deleted within 30 days of verification review completion.
Usage and analytics data — retained in aggregated, anonymized form indefinitely.
If you delete your account, we will delete your personal data within 30 days, except where we are legally required to retain it (for example, investment commitment records may need to be retained for regulatory compliance).
Your Rights
All Users
Regardless of your location, you can:
Access your account data through your profile and settings pages
Update or correct your information at any time through your settings
Delete your account through Settings > Delete Account, which removes your personal data within 30 days
Download your data by emailing privacy@pgrus.com
EU/UK Users (GDPR)
Access — request a full copy of the personal data we hold about you
Rectification — request correction of inaccurate or incomplete data
Erasure — request deletion of your personal data ("right to be forgotten")
Portability — receive your data in a structured, machine-readable format
Object — object to processing of your data for specific purposes
Restrict Processing — request that we limit how we use your data in certain circumstances
California Users (CCPA)
Know what personal information we collect and how we use it
Request deletion of your personal information
Opt out of the sale of personal information (we do not sell your data)
Non-discrimination for exercising your privacy rights
To exercise any of these rights, email privacy@pgrus.com. We will respond within 30 days.
Children
Pgrus is not intended for users under the age of 18. We do not knowingly collect personal data from minors. If you believe someone under 18 has created an account, please contact us immediately at privacy@pgrus.com and we will delete the account and associated data.
International Data Transfers
The Platform is hosted on infrastructure located in the United States. If you access the Platform from outside the United States, your data will be transferred to and processed in the United States. By using the Platform, you consent to this transfer. We ensure that appropriate safeguards are in place to protect your data in accordance with this policy.
Third-Party Links
The Platform may contain links to third-party websites, including project websites submitted by builders. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party site you visit.
Changes to This Policy
We may update this policy from time to time. If we make material changes, we will notify you by email or through a prominent notice on the Platform at least 14 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was last revised. Continued use of the Platform after changes take effect constitutes acceptance of the updated policy.
Contact Us
If you have questions about this privacy policy or how we handle your data:
Mailing address: Pgrus, Miami, FL, United States