Policies

Privacy Policy

Last updated May 17, 2026

This Privacy Policy explains what personal data we collect when you use creditforstartups.com (the "Site"), why we collect it, what we do with it, and the rights you have. It applies to everyone who visits the Site, including visitors in the European Economic Area (EEA), United Kingdom, and California.

1. Who we are

The Site is operated by [Legal Entity Name] ("Credit for Startups", "we", "us"), with a mailing address at [Business Mailing Address]. For privacy questions, email brady@creditforstartups.com. We are the data controller for personal data processed through the Site.

2. The data we collect

Information you give us

  • Newsletter email — your email address when you subscribe.
  • Correspondence — what you write to us (and your email address) when you contact us.

Information collected automatically

  • Usage data — pages viewed, time on page, referring URL, clicks on outbound links, search queries on the Site, and similar interaction events.
  • Device and connection data — IP address (truncated or anonymized by our analytics tools where possible), browser type and version, device type, operating system, language, and approximate location derived from your IP (city/region level).
  • Cookies and similar technologies — see the Cookie Policy for the full list and categories.

Information we don't collect

  • We do not require an account to use the Site.
  • We do not collect payment information, government IDs, or other sensitive personal data.
  • We do not knowingly collect personal data from children under 16 (see section 9).

3. Why we use your data, and our legal basis (EEA/UK)

Under the EU and UK GDPR we need a lawful basis for every use of your personal data:

  • To send you the newsletter you subscribed to. Legal basis: your consent (GDPR Art. 6(1)(a)). You can withdraw at any time via the unsubscribe link in every email.
  • To respond to your messages. Legal basis: our legitimate interest in answering you (Art. 6(1)(f)).
  • To operate and secure the Site (logging, anti-abuse, error monitoring). Legal basis: our legitimate interest in running a stable, safe service (Art. 6(1)(f)).
  • To analyze how the Site is used via cookies and similar technologies, so we can improve listings and content. Legal basis (EEA/UK): your consent via the cookie banner (Art. 6(1)(a)). Where consent is not legally required, we rely on legitimate interests.
  • To report aggregate, non-identifying traffic to partners whose programs we list. Legal basis: our legitimate interest in maintaining the directory commercially (Art. 6(1)(f)). We only share aggregate, de-identified data — never your individual profile.
  • To comply with legal obligations — for example, responding to lawful requests from authorities. Legal basis: legal obligation (Art. 6(1)(c)).

4. Automated decision-making and profiling

We do not use your personal data for automated decisions that produce legal or similarly significant effects, and we do not build behavioral profiles of you for advertising.

5. Who we share your data with

We never sell your personal data. We share limited data with:

  • Service providers acting on our behalf under written agreements (data processors): our hosting and CDN providers, email-delivery provider for the newsletter, error-monitoring, and the analytics tools listed in the Cookie Policy (Google Analytics, Plausible, Microsoft Clarity, Clutch Click).
  • Partners — only as aggregated, de-identified metrics (e.g., "X visitors clicked through to your program last month"). Outbound links may include UTM parameters identifying Credit for Startups as the source so partners can attribute the referral.
  • Legal authorities when required by law, court order, or to defend our rights, and successors in the event of a corporate transaction (merger, acquisition, or asset sale).

6. International data transfers

We are based in the United States, and several of our service providers are based in the US or other countries outside the EEA/UK. When we transfer personal data outside the EEA/UK, we rely on appropriate safeguards: the EU-US Data Privacy Framework where applicable, Standard Contractual Clauses approved by the European Commission and the UK ICO, or another lawful transfer mechanism. You can request a copy of the safeguards by emailing us.

7. How long we keep your data

  • Newsletter email — until you unsubscribe, plus up to 12 months for suppression-list purposes (so we don't accidentally re-add you).
  • Correspondence — up to 24 months after our last exchange, unless a longer period is required for legal or accounting reasons.
  • Analytics data — retained per each provider's default (Google Analytics: up to 14 months; Microsoft Clarity: up to 13 months; Plausible: aggregated, retained indefinitely with no personal identifiers; Clutch Click: 12 months).
  • Server logs — typically 30–90 days for security and debugging.

8. Security

We use reasonable administrative, technical, and organizational measures to protect personal data, including HTTPS, access controls, and reputable vendors. No system is perfectly secure, so we can't guarantee absolute security — but we will notify affected users and regulators if a breach occurs as required by law.

9. Children

The Site is intended for founders, operators, and adult professionals. We do not knowingly collect personal data from anyone under 16. If you believe we have collected data from a child, email us and we'll delete it.

10. Your rights

If you are in the EEA, UK, or Switzerland

You have the right to:

  • Access the personal data we hold about you.
  • Rectify data that is inaccurate or incomplete.
  • Erase your data ("right to be forgotten") in certain circumstances.
  • Restrict our processing in certain circumstances.
  • Object to processing based on legitimate interests.
  • Port your data — receive it in a structured, machine-readable format.
  • Withdraw consent at any time where we rely on consent (this does not affect processing before withdrawal).
  • Complain to your local data protection authority. A list of EU authorities is available here; for the UK, the regulator is the ICO.

If you are in California (CCPA / CPRA)

Under the California Consumer Privacy Act as amended by the California Privacy Rights Act, you have the right to:

  • Know what personal information we collect, the sources, purposes, and the categories of third parties we share it with.
  • Delete personal information we have collected from you, subject to exceptions.
  • Correct inaccurate personal information.
  • Opt out of "sale" and "sharing" of personal information. We do not sell personal information and we do not share it for cross-context behavioral advertising, as those terms are defined under California law. We also honor the Global Privacy Control (GPC) signal as an opt-out request.
  • Limit use of sensitive personal information. We do not collect sensitive personal information.
  • Non-discrimination — we will not deny service, charge a different price, or provide a lower quality of service because you exercised a privacy right.

You may also designate an authorized agent to make a request on your behalf. We will verify the request before responding.

How to exercise your rights

Email brady@creditforstartups.com from the address associated with your data, or with enough information for us to verify your identity. We will respond within the timeframe required by applicable law (typically 30 days under GDPR, 45 days under CCPA, with one extension where allowed).

11. Categories of personal information disclosed (CCPA notice at collection)

In the last 12 months, we have collected the following categories of personal information under California law: identifiers (email address, IP address, online identifiers); internet or other electronic network activity (browsing and interaction data); geolocation data (city/region level from IP); and inferences drawn from the above (e.g., which topics you appear interested in). We collect these from you directly and automatically through cookies and analytics tools as described above. We disclose these categories to the service providers listed in section 5 for the purposes described in section 3. We do not sell or share these categories for cross-context behavioral advertising.

12. Changes to this policy

We may update this policy from time to time. Material changes will be highlighted at the top of the page and, where required by law, communicated to you directly. The "Last updated" date at the top reflects the most recent revision.

13. Contact

Privacy questions, rights requests, or complaints — email brady@creditforstartups.com or write to us at [Business Mailing Address].

Questions about this page? Email brady@creditforstartups.com.