Privacy
Policy.
How we collect, use, and protect your personal data on the VentureSuite platform. We are committed to transparency, data minimisation, and your right to control your information.
Overview & Scope
This Privacy Policy describes how Venture Biz Care LLC ("VentureSuite," "we," "us," or "our") collects, uses, shares, and protects personal information when you use the VentureSuite platform, including all web applications, APIs, and related services (collectively, the "Platform").
VentureSuite operates as a governed capital marketplace connecting pre-vetted startup founders with verified investors across India, the GCC, and Southeast Asia. Our platform handles sensitive commercial and financial information, and we treat data protection as a foundational obligation — not an afterthought.
Who this applies to: This Policy applies to founders, investors, accelerator partners, team members of registered entities, and visitors to our website and platform. By accessing or using VentureSuite, you agree to the practices described in this Policy.
We are committed to compliance with the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and the emerging Digital Personal Data Protection Act, 2023 ("DPDPA") framework.
Information We Collect
- Account registration: Full name, email address, mobile number, LinkedIn profile URL, company name, designation, and account type (founder / investor).
- Founder campaign data: Startup details, pitch information, financial metrics, team information, fundraising target, product description, traction data, and supporting documents uploaded to the data room.
- Investor application data: Investment thesis, sector preferences, ticket size range, portfolio details, fund name, LinkedIn profile, and verified identity documents.
- Payment information: Subscription billing details processed via our payment processor (Razorpay / Stripe). We do not store full card numbers — only masked tokens.
- Communications: Messages sent through the Platform, support tickets, feedback submissions, and email correspondence.
- Usage data: Pages visited, features used, time spent on platform, click patterns, search queries, and feature interaction logs.
- Device & technical data: IP address, browser type and version, operating system, device identifiers, screen resolution, and referral URL.
- Data room access logs: Timestamp, IP address, document viewed, investor identifier, and duration — for every data room access event.
- Cookies and tracking technologies: Session cookies, preference cookies, and analytics identifiers. See our Cookie Policy for full details.
- LinkedIn profile data (if you choose to connect your account).
- Payment verification data from our payment processor.
- Accelerator or partner-referred introductions where you have consented to data sharing.
Sensitive Personal Data: VentureSuite may collect financial information (revenue, funding history), which qualifies as sensitive personal data under the SPDI Rules. This data is encrypted, access-controlled, and never shared without your explicit consent or as required by applicable law.
How We Use Your Data
We use personal information only for the purposes disclosed at the time of collection and as described in this Policy. The following table summarises our primary data uses:
| Purpose | Data Used | Applies To |
|---|---|---|
| Create and manage your account | Name, email, phone, company | All users |
| Operate the matching engine | Thesis preferences, sector, stage, ticket size | Investors |
| Score and evaluate startup campaigns | Campaign data, financial metrics, team info | Founders |
| Facilitate investor introductions | Investor identity, investment rationale | Both |
| Provide data room access | Documents uploaded, access permissions | Both |
| Process subscription payments | Billing info, subscription tier | Paid users |
| Platform analytics & improvement | Usage patterns, feature interactions | All users |
| Security & fraud prevention | IP, device data, access logs | All users |
| Legal compliance & audits | Transaction records, communications | As required |
| Customer support | Support tickets, account history | All users |
We do not use your data for: selling to third-party advertisers, building profiles for external marketing networks, training AI models on your confidential pitch or financial data, or any purpose not disclosed in this Policy.
Legal Basis for Processing
Under applicable Indian privacy law and in alignment with international best practice, we process personal data on the following legal bases:
Sharing & Disclosure
VentureSuite does not sell your personal data. We do not monetise user data through advertising. We share data only in the specific, limited circumstances described below.
- Investor feeds: Founder campaign data (score, sector, stage, raise size) is shown to matched investors. Founder identity and contact details are never disclosed until an intro is formally accepted.
- Intro requests: When an investor requests an intro, their name, firm, LinkedIn, and investment rationale are shared with the founder. Founder contact details are then released to the investor only upon mutual acceptance.
- Data room access: Founders control which investors can access their data room. Every access is logged and visible to the founder.
- Admin layer: Our internal operations team has access to platform data for quality review, fraud prevention, and dispute resolution, subject to strict internal confidentiality obligations.
- Cloud hosting: AWS / GCP (servers located in India or Singapore).
- Payment processing: Razorpay / Stripe — subject to their respective privacy policies.
- Analytics: Anonymised, aggregated analytics via PostHog or equivalent (no PII shared).
- Email services: Transactional email via Postmark or Mailgun — limited to delivery metadata.
- Customer support: Intercom or equivalent — access limited to support team members.
We may disclose your information if required by applicable law, regulation, legal process, or enforceable government request. We will notify you of such disclosure to the extent permitted by law.
We will never: share your pitch deck, financial model, or data room contents with any investor without your explicit, logged consent. Your confidential materials are never accessible by default — every access requires your active permission.
Investor Data Room Access
The data room is one of the most sensitive elements of the VentureSuite platform. The following principles govern how data room access works:
Data room documents are stored encrypted (AES-256) at rest. Access logs are retained for 7 years as part of our audit trail obligations.
For investors: Data room access is a privileged action. Documents accessed through VentureSuite are for evaluation purposes only. Forwarding, copying, or distributing data room contents beyond your own diligence team without the founder's written consent constitutes a breach of our Terms of Service and may constitute a breach of applicable confidentiality law.
Data Retention
We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, plus any additional period required by law or legitimate business need.
| Data Category | Retention Period | Basis |
|---|---|---|
| Active account data | Duration of account + 90 days post-cancellation | Contractual |
| Founder campaign data | Duration of campaign + 2 years after close | Audit / dispute |
| Data room access logs | 7 years from access event | Legal obligation |
| Payment transaction records | 8 years (GST / income tax compliance) | Statutory |
| Communication records | 3 years from last interaction | Dispute resolution |
| Anonymised analytics | Indefinitely (no PII) | Legitimate interest |
| Deleted account data | 30 days in backup; purged within 90 days | Data minimisation |
| Security / fraud logs | 2 years | Security |
When data is no longer required for any of the above purposes, we securely delete or anonymise it. Secure deletion involves overwriting storage such that recovery is not possible.
Your Rights
Subject to applicable law, you have the following rights regarding your personal data. To exercise any of these rights, contact us at legal@theventuresuite.com or through your account settings.
We will respond to all verifiable data subject requests within 30 calendar days. Complex requests may be extended by an additional 30 days with notice.
Security Measures
We implement comprehensive technical and organisational security measures designed to protect your personal data against unauthorised access, accidental loss, alteration, or destruction.
Despite best efforts, no system is 100% secure. In the event of a personal data breach that affects your rights, we will notify you within 72 hours of becoming aware of the breach, as required under DPDPA guidelines.
International Transfers
VentureSuite operates primarily from India, with servers located in India and Singapore (AWS Asia Pacific). Some of our third-party service providers may process data in other jurisdictions.
- When data is transferred outside India, we ensure adequate protections through contractual clauses that require the recipient to provide at least equivalent protection to that afforded by Indian law.
- For GCC-based users: We comply with applicable UAE data protection regulations (Federal Decree-Law No. 45 of 2021) and the DIFC Data Protection Law where applicable.
- For Singapore-based users: We comply with the Personal Data Protection Act 2012 (PDPA) as applicable to our operations in that jurisdiction.
A list of countries where your data may be processed, and the safeguards in place, is available on request from legal@theventuresuite.com.
Contact & Complaints
If you have any questions about this Privacy Policy, wish to exercise your rights, or have a complaint about our data practices, please contact our Privacy Officer:
Privacy Officer — VentureSuite / Venture Biz Care LLC
Email: legal@theventuresuite.com
Response time: Within 72 hours for acknowledgement; 30 days for resolution
Escalation: legal@theventuresuite.com
If you are not satisfied with our response, you have the right to escalate your complaint to the Data Protection Board of India (DPBI) once it is constituted under the DPDPA, or to the Ministry of Electronics and Information Technology (MeitY).
We periodically review and update this Privacy Policy. When we make material changes, we will notify you via email or through a prominent notice on the Platform at least 30 days before the change takes effect.
Questions about
your privacy?
Our Privacy Officer is available to answer any questions about how we handle your personal data.
