Privacy Policy
This Privacy Policy explains how Hexagon AI, Inc. (“Hexagon,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information when you use Hexagon AI Designer and our related websites, applications, and services (collectively, the “Services”). We are committed to handling your information transparently and in compliance with the EU/UK General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”), and other applicable privacy laws.
Who We Are and Scope
The Services are operated by Hexagon AI, Inc., a company established in the United States with operations addressed at 444 N Michigan Ave, Chicago, Illinois 60611, United States. Hexagon AI Designer is an AI-powered platform that helps founders plan, build, and grow startups through AI agents (including an AI Coach and specialized assistants), document and pitch generation, a structured knowledge profile, a mentor marketplace, and an investor marketplace.
This Policy applies to all users of the Services worldwide, including users in the United States, the European Economic Area (“EEA”), the United Kingdom, and the Western Balkans. Where we act as a “controller” we determine how and why your personal data is processed. Where we process content you upload on your behalf, we may act as a “processor” for that content.
If you do not agree with this Policy, please do not use the Services.
Information We Collect
2.1 Information you provide to us
| Category | Examples |
|---|---|
| Account & profile data | Name, email address, password (hashed), company/startup name, role, country, language preference, profile photo. |
| Startup & content data | Business ideas, knowledge profile entries, brand kit, uploaded documents, generated business plans, pitch decks, financial inputs, and prompts you submit to AI agents. |
| Marketplace data | Mentor or investor applications, verification details, areas of expertise or investment interest, messages exchanged on the platform, and booking/scheduling information. |
| Payment data | Billing name, billing address, subscription tier, and transaction history. Card numbers are processed by Stripe; we do not store full card numbers. |
| Support & communications | Messages, feedback, and correspondence you send to us. |
2.2 Information we collect automatically
- Usage data — features used, pages viewed, actions taken, AI generations requested, session timestamps, and progress through the product roadmap.
- Device & technical data — IP address, browser type, device type, operating system, and general (city/region-level) location inferred from IP.
- Cookies & similar technologies — authentication and session cookies, and (subject to consent where required) analytics identifiers. See Section 9.
2.3 Information from third parties
If you sign in or connect through a third-party provider (for example, an OAuth identity provider) or make a payment, we receive limited account and transaction information from that provider. Mentors and investors may receive information you choose to share with them through the platform.
How We Use Your Information
We use personal information for the following purposes:
- Provide, operate, and maintain the Services, including creating and managing your account.
- Generate AI outputs you request — we transmit your prompts, knowledge profile, and relevant content to third-party AI providers (see Section 5) so they can return generated documents, pitch decks, coaching responses, research, and other outputs to you.
- Operate the mentor and investor marketplaces, including matching, verification, scheduling, messaging, and payouts.
- Process subscriptions, payments, and (for mentors) payouts, and prevent fraud.
- Communicate with you about the Services, including service announcements, security alerts, and support.
- Personalize your experience and improve, test, and develop new features.
- Maintain security, enforce our Terms, and comply with legal obligations.
- Send marketing communications where permitted, from which you may opt out at any time.
Legal Bases for Processing (GDPR)
If you are in the EEA or UK, we rely on the following legal bases under the GDPR:
| Purpose | Legal basis |
|---|---|
| Providing the Services and your account | Performance of a contract (Art. 6(1)(b)) |
| Processing payments and managing subscriptions | Performance of a contract; legal obligation (Art. 6(1)(b),(c)) |
| Sending content to AI providers to generate your outputs | Performance of a contract (Art. 6(1)(b)) |
| Security, fraud prevention, and product improvement | Legitimate interests (Art. 6(1)(f)) |
| Marketing communications and non-essential cookies | Consent (Art. 6(1)(a)), which you may withdraw |
| Compliance with legal and accounting obligations | Legal obligation (Art. 6(1)(c)) |
Where we rely on legitimate interests, we have balanced those interests against your rights. You may object to such processing at any time (see Section 11).
AI Providers and How Your Content Is Processed
A core function of the Services is generating outputs using artificial intelligence. To do this, we send your prompts and relevant content (which may include your startup information and uploaded documents) to third-party AI model providers acting as our subprocessors. These providers process your content solely to return outputs to us and to you, and under our agreements with them they do not use your content to train their general models unless you have separately opted in.
AI outputs are generated by predictive models and may be inaccurate, incomplete, or out of date. We do not guarantee the accuracy of AI outputs, and you should independently verify them before relying on them. Please see the Terms & Conditions for important disclaimers regarding AI outputs and professional advice.
International Data Transfers
We are based in the United States and use subprocessors located in the United States and elsewhere. When we transfer personal data from the EEA, UK, or Western Balkans to countries that have not received an adequacy decision, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK Addendum), together with supplementary measures where required. You may request a copy of the relevant safeguards by contacting us.
Data Retention
We retain personal information for as long as your account is active and as needed to provide the Services. After account closure, we delete or anonymize personal data within a reasonable period, except where we must retain it to comply with legal, tax, or accounting obligations, resolve disputes, or enforce our agreements. Backup copies are deleted on a rolling schedule. Aggregated or de-identified data that cannot reasonably identify you may be retained and used indefinitely.
Cookies and Tracking Technologies
We use strictly necessary cookies to operate the Services (for example, to keep you signed in). Subject to your consent where required by law, we may use analytics cookies to understand product usage. You can control non-essential cookies through our cookie banner (where presented) and your browser settings. Blocking essential cookies may break core functionality.
Security
We implement technical and organizational measures designed to protect personal information, including encryption in transit, access controls, row-level security on our database, hashed passwords, and least-privilege access for staff. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. If we become aware of a personal data breach that affects you, we will notify you and the relevant authorities as required by law.
Your Privacy Rights
11.1 GDPR rights (EEA / UK / Western Balkans)
Subject to applicable law, you have the right to: access your data; rectify inaccurate data; erase your data (“right to be forgotten”); restrict or object to processing; data portability; and withdraw consent at any time. You also have the right to lodge a complaint with your local supervisory authority.
11.2 California rights (CCPA/CPRA)
California residents have the right to: know and access the categories and specific pieces of personal information we collect; delete personal information; correct inaccurate information; opt out of “sale” or “sharing” of personal information (we do not sell or share personal information as those terms are defined); and limit the use of sensitive personal information. We will not discriminate against you for exercising these rights.
Categories collected (CCPA): identifiers; customer records; commercial information; internet/network activity; geolocation (general); and professional or business information. We collect these for the business purposes described in Section 3. We do not sell or share personal information for cross-context behavioral advertising.
11.3 How to exercise your rights
To exercise any right, email us at privacy@hexagonstartup.com. We will verify your request and respond within the timeframes required by law (generally one month under GDPR and 45 days under the CCPA). You may use an authorized agent where permitted. Some account data can also be accessed or edited directly in your account settings.
Children's Privacy
The Services are intended for users who are 18 years of age or older and are not directed to children. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us personal information, contact us and we will delete it.
Third-Party Links
The Services may contain links to third-party websites and tools (including mentors' and investors' resources and external courses). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies.
Changes to This Policy
We may update this Policy from time to time. When we make material changes, we will update the “Last updated” date and, where appropriate, notify you by email or in-product notice. Your continued use of the Services after changes take effect constitutes acceptance of the updated Policy.
Contact Us
If you have questions or requests regarding this Policy or your personal information, contact us at: