Get investor-grade pitch deck feedback in under 30 seconds — free, no credit card required. Analyze my deck →

Privacy Policy

Last updated: March 21, 2026

1. Introduction

PitchVault is operated by 3P Ventures, incorporated in Washington, USA. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use PitchVault ("Service"). By using the Service, you agree to the collection and use of information as described in this policy. If you have questions, contact us at support@pitchvault.ai.

2. Information We Collect

We collect the following categories of information: Account information — your email address, hashed password (via Supabase Auth), and display name or company name if provided. Payment information — payment method details are collected and stored directly by Stripe. We store only a record of your plan, subscription status, credit balance, and transaction history. We never store your full card number or CVV. Pitch deck content — the text extracted from your pitch deck, the original uploaded file (PDF or PPTX), and slide images rendered from that file. These are stored in private, access-controlled storage. Analysis outputs — VaultScore™ breakdown, VaultRisk™ profile, VaultMoat™ score, VaultOps™ score, section-level feedback, action items, and investor archetype match generated from your deck. Founder company page and profile data — any company description, website, sector, stage, or other information you choose to publish on your company page. Investor profile data — for investors, your firm name, stage focus, sector focus, and any other information you provide in your investor profile. Usage data — analyses run, tabs viewed, features accessed, plan type, and credit consumption. Technical data — IP address, browser type, operating system, and device identifiers, collected for security, rate limiting, and abuse prevention. Analytics data — page views, session duration, and feature interaction events collected via PostHog, our product analytics provider (see Section 8). Email engagement data — whether you opened or clicked links in emails we send, collected by Resend, our email delivery provider.

3. How We Use Your Information

We use the information we collect to: provide, operate, and improve the Service; process your pitch deck and generate AI-powered analysis reports; display your analysis history, scores, and reports in your dashboard; manage your subscription, process payments, and track credit usage; operate the investor leaderboard and founder discovery features if you opt in; send you transactional emails (analysis complete, investor intro requests, billing receipts) and, with your consent, product update and engagement emails; enforce rate limits and prevent fraudulent or abusive use; monitor and improve platform reliability and performance; and comply with applicable legal obligations.

4. Pitch Deck Content and File Storage

Your pitch deck content is treated as strictly confidential. We store three forms of your deck: (a) extracted deck text, used to generate your analysis; (b) your original uploaded file (PDF or PPTX), stored in a private Supabase storage bucket; and (c) slide images rendered from your deck on your device and uploaded to a separate private storage bucket for display in your report. None of these files are publicly accessible without your explicit action. We send extracted deck text to Anthropic's API to generate your analysis. Anthropic does not use this content to train their models under our API agreement. We do not share your deck content with any other third party.

5. Leaderboard, Investor Opt-In, and Company Pages

Leaderboard — if you opt in to the public leaderboard, your VaultScore™ and other dimension scores, funding stage, and company name (or "Anonymous" if you choose) will be visible to approved investors browsing the platform. Leaderboard participation is entirely optional. You may opt out at any time through your dashboard settings. Investor contact opt-in — separately, you may opt in to allow approved investors to submit an introduction request in connection with a specific analysis report. Enabling this opt-in means the investor can see a contact form associated with your report. Disabling it removes this access going forward. Share links — if you enable a public share link for a report, anyone with that link can view the full report content. You control share link activation and can disable it at any time. Company pages — if you publish a company page, the information you choose to include (company description, website, sector, etc.) will be publicly visible on the platform. You can edit or remove this content through your dashboard. We do not display your uploaded deck files or slide images on the leaderboard or company page.

6. Data Sharing

We do not sell your personal data. We share data only with the following service providers, each bound by their own data processing agreements: Anthropic — receives extracted deck text solely to generate your analysis via their Claude API. Supabase — provides our database, authentication, and file storage infrastructure. All data is stored on Supabase-managed infrastructure. Stripe — processes and stores payment information. We share only what is necessary to complete transactions and manage subscriptions. Resend — our email delivery provider. Receives your email address and the content of emails we send you (transactional and, with consent, marketing emails). Upstash — provides Redis-based rate limiting for free-tier usage. Receives anonymised request identifiers to enforce per-user rate limits. No pitch deck content is shared with Upstash. PostHog — our product analytics provider. Receives anonymised usage events and page interaction data to help us understand how the Service is used and improve it. PostHog does not receive your pitch deck content or payment information. Vercel — our hosting and deployment platform. Serves the application and processes web requests. We may also disclose information if required to do so by law, regulation, or valid legal process.

7. Data Retention

We retain your account data for as long as your account is active. Analysis reports and associated files (deck text, slide images, original files) are retained for the life of your account. Free-tier shareable report links expire after 30 days; the underlying report data is retained in your account. You may request deletion of your account and all associated data at any time by emailing support@pitchvault.ai. We will process deletion requests within 30 days. Upon account deletion, we permanently erase your profile, uploaded deck files, slide images, payment history, and all personally identifiable information. AI-generated analysis outputs (scores, section breakdowns, verdict, and improvement recommendations) may be retained in fully anonymised, de-identified form — with no link to your account, email, or uploaded content — to improve the accuracy of future analyses. This anonymised data cannot be used to re-identify you.

8. Analytics and Cookies

We use PostHog, a product analytics platform, to understand how users interact with the Service. PostHog collects anonymised usage events (page views, feature clicks, session data) on the client side. PostHog may set cookies or use local storage to track sessions. This analytics data does not include your pitch deck content or payment information. Beyond PostHog, we use only essential cookies required for authentication and session management via Supabase Auth. We do not use third-party advertising cookies or cross-site tracking. You can disable cookies in your browser settings, but doing so may prevent you from logging in to the Service. We do not use your data for targeted advertising on any platform.

9. Email Communications

We use Resend to deliver emails. We send the following types of emails: Transactional — account registration confirmation, analysis complete notifications, investor introduction requests, billing receipts, and password reset. These are required for the Service to function and cannot be opted out of while your account is active. Engagement — reminders to iterate on your score, notifications when investors view your profile, and weekly or monthly digests for investors of new founder activity. You may opt out of these at any time by clicking the unsubscribe link in any such email or by contacting support@pitchvault.ai. Product updates — occasional announcements about new features or changes to the Service. You may opt out at any time. We do not sell your email address or share it with third parties for their marketing purposes.

10. Security

We implement industry-standard security measures including: encrypted data transmission (HTTPS/TLS); hashed passwords via Supabase Auth (bcrypt); row-level security policies on our database; private, access-controlled storage buckets for deck files and slide images; and role-based access controls for administrative functions. No method of transmission over the internet is 100% secure. We cannot guarantee absolute security but take all reasonable precautions to protect your data.

11. Your Rights

Depending on your location, you may have the following rights regarding your personal data: the right to access the personal data we hold about you; the right to correct inaccurate data; the right to request deletion of your data; the right to object to or restrict certain processing; and the right to data portability. To exercise any of these rights, contact us at support@pitchvault.ai. We will respond within 30 days. We do not discriminate against users who exercise their privacy rights. If you are located in the European Economic Area, the UK, or California, additional rights may apply under GDPR, UK GDPR, or CCPA respectively. We process personal data on the legal basis of contract performance (to provide the Service), legitimate interests (product improvement, security), and consent (marketing emails, analytics).

12. Children's Privacy

The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately at support@pitchvault.ai and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on the Service at least 14 days before the changes take effect, where practicable. Continued use of the Service after the effective date constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.

14. Contact

For privacy-related questions, data access requests, or deletion requests, contact us at: support@pitchvault.ai — 3P Ventures, Washington, USA.