Privacy Policy

Last updated: May 2, 2026

1. What We Collect

We collect the following information when you use Scrappy Startups:

  • Account data: your name, email address, and hashed password when you register
  • Listing data: product information, revenue figures, and Stripe API keys you provide
  • Usage data: pages visited, upvotes cast (stored against your account)
  • Stripe data: if you connect Stripe, we access charges, subscriptions, and balance transactions in read-only mode to calculate revenue

2. How We Use Your Data

  • To operate and display your listing on the leaderboard
  • To verify revenue data via Stripe
  • To send you transactional emails (account registration, sponsorship confirmations)
  • To detect and prevent spam and fraudulent submissions
  • To improve the Service based on aggregate usage patterns

3. Stripe API Keys

Stripe restricted API keys are stored encrypted in our database. We use them exclusively to fetch revenue data for your listing page. We never use these keys to initiate charges or access customer payment details. You can revoke our access at any time by deleting the key from your Stripe dashboard or removing it from your listing settings.

4. Data Sharing

We do not sell your personal data. We share data only with:

  • Stripe: to verify revenue (you control this connection)
  • Infrastructure providers: Railway (hosting), Supabase (database) — subject to their own privacy policies
  • Legal requirements: if required by law or to protect our rights

5. Public Information

Product listings, including your product name, tagline, revenue figures, and founder name, are publicly visible. Your email address is never shown publicly. If you include a Twitter handle, it will be displayed on your listing page.

6. Cookies & Sessions

We use a single session cookie to keep you logged in (via NextAuth.js). We do not use advertising cookies or third-party tracking pixels.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will remove your personal information within 30 days, except where we are required to retain it for legal reasons. Product listing data may be retained in anonymised form for analytics.

8. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a machine-readable format

To exercise these rights, email hello@scrappystartups.com

9. Security

We use industry-standard security practices: bcrypt password hashing, encrypted database connections, and HTTPS. However, no system is 100% secure. If you discover a security vulnerability, please email us privately before public disclosure.

10. Children

The Service is not directed at children under 13. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes by posting a notice on the site. Continued use of the Service after changes constitutes acceptance.

12. Contact

Questions or concerns? Email hello@scrappystartups.com