Privacy Policy

Last updated: March 9, 2026

This Privacy Policy describes how staas.fund ("we", "us", "our") collects, uses, and protects your information. This policy applies to all visitors, including those in the European Economic Area (EEA) and United Kingdom (UK), and is designed to comply with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

1. Data Controller

The data controller for staas.fund is Peter Saddington, operating through StaaS Fund LP LLC, based in Atlanta, Georgia, United States. For privacy inquiries, contact us via LinkedIn or the feedback form on staas.fund.

2. What We Collect

Data	Purpose	Legal Basis (GDPR)
Chat messages you type into pRAG	To generate AI responses	Legitimate interest
Feedback form submissions	To improve the service	Consent
Basic analytics (page views, country)	To understand usage patterns	Legitimate interest
YouTube OAuth tokens (your account only)	To upload Saarvis Intel videos	Consent

3. What We Do NOT Collect

We do not collect names, email addresses, or payment information through the website
We do not use cookies for advertising or cross-site tracking
We do not sell or share personal data with third parties for marketing
We do not store chat conversations beyond the active browser session

4. Third-Party Services

The Service uses the following third-party services that may process data independently:

Cloudflare — hosting and CDN (may collect IP addresses for security)
Google/YouTube API — video uploads and analytics (governed by Google's Privacy Policy)
Supabase — backend database for site content (no personal user data stored)
AI Providers (Gemini, Groq, Cerebras) — process chat queries to generate responses
Cloudflare Web Analytics — privacy-first analytics with no cookies or personal data collection

5. Data Retention

Chat messages: not stored server-side; exist only in your browser session
Feedback submissions: retained indefinitely to improve the service
Analytics data: aggregated and anonymized; retained per Cloudflare's policies
YouTube OAuth credentials: stored locally on our server; refreshed periodically

6. Your Rights (GDPR / UK GDPR)

If you are in the EEA or UK, you have the right to:

Access — request a copy of any personal data we hold about you
Rectification — request correction of inaccurate data
Erasure — request deletion of your data ("right to be forgotten")
Restriction — request we limit processing of your data
Portability — request your data in a machine-readable format
Object — object to processing based on legitimate interest

To exercise these rights, contact us via the feedback form or LinkedIn. We will respond within 30 days.

7. International Data Transfers

Our servers and services are located in the United States. If you access the Service from the EEA or UK, your data may be transferred to the US. We rely on Cloudflare's infrastructure and standard contractual clauses where applicable to ensure adequate data protection.

8. Children's Privacy

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Security

We use industry-standard measures to protect data, including HTTPS encryption, secure credential storage, and regular security audits. However, no method of electronic transmission or storage is 100% secure.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. We encourage you to review this page periodically.

11. Contact

For privacy-related questions or to exercise your rights, contact Peter Saddington via LinkedIn or the feedback form on staas.fund.