HexagonHEXAGON
← Home
Legal

Privacy Policy

Hexagon AI Designer — hexagonstartup.com
Effective date June 19, 2026Last updated June 19, 2026

This Privacy Policy explains how Hexagon AI, Inc. (“Hexagon,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information when you use Hexagon AI Designer and our related websites, applications, and services (collectively, the “Services”). We are committed to handling your information transparently and in compliance with the EU/UK General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”), and other applicable privacy laws.

Contents
01Who We Are and Scope02Information We Collect03How We Use Your Information04Legal Bases for Processing (GDPR)05AI Providers and How Your Content Is Processed06How We Share Your Information07International Data Transfers08Data Retention09Cookies and Tracking Technologies10Security11Your Privacy Rights12Children's Privacy13Third-Party Links14Changes to This Policy15Contact Us
Plain-language summary
We collect the information you give us (account, content, payments) and some technical data automatically. We use it to run the Services, including sending your content to AI providers that generate outputs for you. We do not sell your personal information. We share data only with the service providers listed below and, where you choose to interact, with mentors and investors on our platform. You have rights to access, correct, and delete your data.
01

Who We Are and Scope

The Services are operated by Hexagon AI, Inc., a company established in the United States with operations addressed at 444 N Michigan Ave, Chicago, Illinois 60611, United States. Hexagon AI Designer is an AI-powered platform that helps founders plan, build, and grow startups through AI agents (including an AI Coach and specialized assistants), document and pitch generation, a structured knowledge profile, a mentor marketplace, and an investor marketplace.

This Policy applies to all users of the Services worldwide, including users in the United States, the European Economic Area (“EEA”), the United Kingdom, and the Western Balkans. Where we act as a “controller” we determine how and why your personal data is processed. Where we process content you upload on your behalf, we may act as a “processor” for that content.

If you do not agree with this Policy, please do not use the Services.

02

Information We Collect

2.1 Information you provide to us

CategoryExamples
Account & profile dataName, email address, password (hashed), company/startup name, role, country, language preference, profile photo.
Startup & content dataBusiness ideas, knowledge profile entries, brand kit, uploaded documents, generated business plans, pitch decks, financial inputs, and prompts you submit to AI agents.
Marketplace dataMentor or investor applications, verification details, areas of expertise or investment interest, messages exchanged on the platform, and booking/scheduling information.
Payment dataBilling name, billing address, subscription tier, and transaction history. Card numbers are processed by Stripe; we do not store full card numbers.
Support & communicationsMessages, feedback, and correspondence you send to us.

2.2 Information we collect automatically

  • Usage data — features used, pages viewed, actions taken, AI generations requested, session timestamps, and progress through the product roadmap.
  • Device & technical data — IP address, browser type, device type, operating system, and general (city/region-level) location inferred from IP.
  • Cookies & similar technologies — authentication and session cookies, and (subject to consent where required) analytics identifiers. See Section 9.

2.3 Information from third parties

If you sign in or connect through a third-party provider (for example, an OAuth identity provider) or make a payment, we receive limited account and transaction information from that provider. Mentors and investors may receive information you choose to share with them through the platform.

Biometrics & BIPA
We do not knowingly collect biometric identifiers. The Services may use synthetic (AI-generated) voice for certain features (for example, an AI investor voice agent). We do not collect, store, or use your voiceprint, faceprint, or other biometric identifiers as defined under the Illinois Biometric Information Privacy Act (“BIPA”) unless we obtain your separate, explicit written consent first.
03

How We Use Your Information

We use personal information for the following purposes:

  • Provide, operate, and maintain the Services, including creating and managing your account.
  • Generate AI outputs you request — we transmit your prompts, knowledge profile, and relevant content to third-party AI providers (see Section 5) so they can return generated documents, pitch decks, coaching responses, research, and other outputs to you.
  • Operate the mentor and investor marketplaces, including matching, verification, scheduling, messaging, and payouts.
  • Process subscriptions, payments, and (for mentors) payouts, and prevent fraud.
  • Communicate with you about the Services, including service announcements, security alerts, and support.
  • Personalize your experience and improve, test, and develop new features.
  • Maintain security, enforce our Terms, and comply with legal obligations.
  • Send marketing communications where permitted, from which you may opt out at any time.
04

Legal Bases for Processing (GDPR)

If you are in the EEA or UK, we rely on the following legal bases under the GDPR:

PurposeLegal basis
Providing the Services and your accountPerformance of a contract (Art. 6(1)(b))
Processing payments and managing subscriptionsPerformance of a contract; legal obligation (Art. 6(1)(b),(c))
Sending content to AI providers to generate your outputsPerformance of a contract (Art. 6(1)(b))
Security, fraud prevention, and product improvementLegitimate interests (Art. 6(1)(f))
Marketing communications and non-essential cookiesConsent (Art. 6(1)(a)), which you may withdraw
Compliance with legal and accounting obligationsLegal obligation (Art. 6(1)(c))

Where we rely on legitimate interests, we have balanced those interests against your rights. You may object to such processing at any time (see Section 11).

05

AI Providers and How Your Content Is Processed

A core function of the Services is generating outputs using artificial intelligence. To do this, we send your prompts and relevant content (which may include your startup information and uploaded documents) to third-party AI model providers acting as our subprocessors. These providers process your content solely to return outputs to us and to you, and under our agreements with them they do not use your content to train their general models unless you have separately opted in.

AI outputs are generated by predictive models and may be inaccurate, incomplete, or out of date. We do not guarantee the accuracy of AI outputs, and you should independently verify them before relying on them. Please see the Terms & Conditions for important disclaimers regarding AI outputs and professional advice.

06

How We Share Your Information

We share personal information only as described below. We do not sell your personal information, and we have not done so in the preceding 12 months.

6.1 Service providers (subprocessors)

We share data with vendors that perform services for us under contract. Our principal subprocessors are:

SubprocessorFunctionData handled
SupabaseDatabase, authentication, file storageAccount, content, marketplace, and usage data
VercelApplication hosting and deliveryTechnical and usage data, request logs
Anthropic (Claude)AI model provider (text generation)Prompts and content you submit for generation
ElevenLabsAI voice generationText used to synthesize speech; voice agent interactions
TavilyWeb search for AI research featuresSearch queries derived from your requests
StripePayment processing and mentor payouts (Stripe Connect)Billing details, transaction and payout data
ResendTransactional and marketing emailEmail address, message content

6.2 Other users (mentors and investors)

When you choose to engage with a mentor or investor through the platform, we share the information necessary to facilitate that interaction (for example, your name, relevant startup details, messages, and booking information). Founder identity may be kept anonymous to investors until you choose to reveal it, consistent with the platform's matching design.

6.3 Legal, safety, and business transfers

  • We may disclose information to comply with law, legal process, or enforceable governmental requests, and to protect the rights, safety, and property of Hexagon, our users, and the public.
  • If we are involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction, subject to this Policy.
07

International Data Transfers

We are based in the United States and use subprocessors located in the United States and elsewhere. When we transfer personal data from the EEA, UK, or Western Balkans to countries that have not received an adequacy decision, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK Addendum), together with supplementary measures where required. You may request a copy of the relevant safeguards by contacting us.

08

Data Retention

We retain personal information for as long as your account is active and as needed to provide the Services. After account closure, we delete or anonymize personal data within a reasonable period, except where we must retain it to comply with legal, tax, or accounting obligations, resolve disputes, or enforce our agreements. Backup copies are deleted on a rolling schedule. Aggregated or de-identified data that cannot reasonably identify you may be retained and used indefinitely.

09

Cookies and Tracking Technologies

We use strictly necessary cookies to operate the Services (for example, to keep you signed in). Subject to your consent where required by law, we may use analytics cookies to understand product usage. You can control non-essential cookies through our cookie banner (where presented) and your browser settings. Blocking essential cookies may break core functionality.

10

Security

We implement technical and organizational measures designed to protect personal information, including encryption in transit, access controls, row-level security on our database, hashed passwords, and least-privilege access for staff. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. If we become aware of a personal data breach that affects you, we will notify you and the relevant authorities as required by law.

11

Your Privacy Rights

11.1 GDPR rights (EEA / UK / Western Balkans)

Subject to applicable law, you have the right to: access your data; rectify inaccurate data; erase your data (“right to be forgotten”); restrict or object to processing; data portability; and withdraw consent at any time. You also have the right to lodge a complaint with your local supervisory authority.

11.2 California rights (CCPA/CPRA)

California residents have the right to: know and access the categories and specific pieces of personal information we collect; delete personal information; correct inaccurate information; opt out of “sale” or “sharing” of personal information (we do not sell or share personal information as those terms are defined); and limit the use of sensitive personal information. We will not discriminate against you for exercising these rights.

Categories collected (CCPA): identifiers; customer records; commercial information; internet/network activity; geolocation (general); and professional or business information. We collect these for the business purposes described in Section 3. We do not sell or share personal information for cross-context behavioral advertising.

11.3 How to exercise your rights

To exercise any right, email us at privacy@hexagonstartup.com. We will verify your request and respond within the timeframes required by law (generally one month under GDPR and 45 days under the CCPA). You may use an authorized agent where permitted. Some account data can also be accessed or edited directly in your account settings.

12

Children's Privacy

The Services are intended for users who are 18 years of age or older and are not directed to children. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us personal information, contact us and we will delete it.

13

Third-Party Links

The Services may contain links to third-party websites and tools (including mentors' and investors' resources and external courses). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies.

14

Changes to This Policy

We may update this Policy from time to time. When we make material changes, we will update the “Last updated” date and, where appropriate, notify you by email or in-product notice. Your continued use of the Services after changes take effect constitutes acceptance of the updated Policy.

15

Contact Us

If you have questions or requests regarding this Policy or your personal information, contact us at:

Privacyprivacy@hexagonstartup.com
General / legallegal@hexagonstartup.com
MailHexagon AI, Inc., 444 N Michigan Ave, Chicago, Illinois 60611, United States
© 2026 Hexagon AI, Inc.
Terms & Conditionshexagonstartup.com