Effective date: April 7, 2026
This Privacy Policy explains how SPEEDER.AI, operated by Reflective Investments L.L.C-FZ, a limited liability company registered in Meydan Free Zone, Dubai, United Arab Emirates (License No. 2418796.01) ("Speeder", "we", "us"), collects, uses, stores, and shares personal information when you use our website, product, and related services. For the purposes of applicable data protection law (including the EU General Data Protection Regulation, "GDPR", and the UK GDPR), we are the data controller responsible for your personal data.
Account information: email, name, profile fields, timezone, and authentication metadata provided through Supabase Auth.
Usage information: product actions, task history, agent activity logs, performance/diagnostic events, pages visited (including idea template browsing), search queries, and feature interactions.
Communication data: support messages, inbound/outbound emails processed by agents, and related metadata.
Integration data: API tokens and metadata for connected third-party services you authorize (Stripe, X/Twitter, LinkedIn, Meta, Google Ads, and others configured in your company settings).
Device/network data: IP address, user agent, browser type and version, operating system, referral URLs, and session/cookie identifiers.
Advertising data: campaign performance metrics, ad creative metadata, targeting parameters, and conversion events sent to advertising platforms via their respective APIs.
Billing data: saved payment method identifiers (stored by Stripe; we do not store full card numbers), transaction records, and subscription status.
Customer payment data: transaction records, invoice status, and payment link metadata for payments your customers make through the Service (processed by Stripe using your own Stripe account).
Infrastructure credentials: GitHub tokens, deployment configuration, and API keys for provisioned cloud resources, stored encrypted.
AI generation data: prompts sent to AI models, generated content (text, code, images), agent outputs, and associated metadata.
Company data: business information you provide including company name, vision, category, and any data collected by your AI agents on your behalf (leads, customer information, revenue data).
Marketplace data: if you list or purchase a company through our marketplace, we collect listing details, asking price, transaction history, buyer/seller communications, and due diligence information.
Idea template data: when you browse, select, or build from our startup idea templates, we collect your browsing patterns, selected ideas, and build configurations.
Provide and secure the service, including authentication and account management.
Execute autonomous and user-triggered agent workflows using your settings and connected tools.
Create, manage, and optimize advertising campaigns on your behalf, including transmitting conversion events to advertising platforms for campaign optimization.
Send outbound communications on your behalf or at your direction (cold outreach emails, support replies, social media posts).
Provision and manage cloud infrastructure resources (GitHub repositories, deployment services), including storing and using credentials for infrastructure services.
Generate AI content (text, code, images, ad creatives) using third-party AI model providers.
Commit code to GitHub repositories and trigger deployments on your behalf.
Process billing, subscriptions, and customer payments through connected payment providers.
Display company activity on dashboards and subdomain sites where visibility is enabled.
Monitor quality, evaluate agent output, prevent abuse, investigate incidents, and improve reliability.
Send service notices, morning summary emails, and product communications.
Conduct market research and competitive analysis using web search tools on your behalf.
We process personal data where needed to:
Perform our contract with you (service delivery, agent execution, ad campaign management, infrastructure provisioning, and support).
Comply with legal obligations.
Pursue legitimate business interests such as security, fraud prevention, and product improvement.
We share data with service providers that help us operate the product. We may also disclose data when required by law, to enforce terms, or to protect rights and safety.
Specific data sharing includes:
AI model providers (Anthropic). Prompts, tool context, and associated metadata are shared with Anthropic to execute agent tasks and generate content via the Claude API.
Image generation (Anthropic Claude). Image generation prompts and parameters are shared with Anthropic to create ad creatives and logos.
Infrastructure providers (GitHub, Railway). Project configuration and code are shared to create and manage repositories and deployments provisioned on your behalf.
Email delivery (Resend). Outbound email content and recipient addresses are shared for email delivery.
Web search (Brave). Search queries are shared with Brave Search API for research agent functionality.
Payment processing (Stripe). Payment information is processed by Stripe. We do not store card numbers.
Authentication (Supabase Auth). Authentication data is processed by Supabase for user identity management.
Database (Supabase). All company and operational data is stored in Supabase PostgreSQL.
Advertising platforms. When you connect advertising accounts (Meta, Google Ads), campaign data and targeting parameters are shared with those platforms via their APIs.
Social media platforms. When you connect social accounts (X/Twitter, LinkedIn, Instagram, Threads), post content is shared with those platforms for publishing.
Public dashboards. If your company's public visibility is enabled, certain business activity data (execution logs, metrics) may be publicly accessible on the live feed.
We use cookies and similar technologies for session security, product functionality, and analytics. Specifically:
Essential cookies: Supabase Auth session cookies required for authentication and account security.
Analytics: We use Google Analytics (GA4) to collect anonymized usage statistics including page views, session duration, and feature interactions. Google may set cookies on your device. See Google's privacy policy for details.
Advertising measurement: We use the Meta (Facebook) Pixel to measure the effectiveness of our advertising campaigns and to understand how visitors interact with our website. The Meta Pixel may collect data such as pages visited, actions taken, and device information, which may be shared with Meta for advertising optimization. You can opt out via Meta's ad preferences or your browser settings.
You can manage cookies through your browser settings. Disabling essential cookies may impact core product functionality. Where required by applicable law (such as the EU ePrivacy Directive), we will obtain your consent before setting non-essential cookies.
We keep account and operational records for as long as needed to provide the service.
If you delete your account, we apply a soft-delete period of up to 30 days before permanent deletion, unless longer retention is required by law or legitimate security/accounting needs.
Advertising data: campaign metrics and performance data are retained for the life of your account plus 12 months for reporting purposes.
AI-generated content: generated code, text, and images are retained until you delete them or your account is terminated, plus the soft-delete period.
Infrastructure credentials: encrypted credentials are deleted immediately upon company deletion or resource teardown.
Agent execution data: task outputs and activity logs are retained for the duration of your account and may be stored for up to 30 days after account deletion.
We may retain de-identified or aggregated data that does not identify you.
We use technical and organizational safeguards designed to protect personal data, including:
API tokens and service credentials stored with encryption.
Payment processing handled entirely by Stripe; we do not store card numbers.
Authentication managed by Supabase Auth with industry-standard security practices.
Row-level security enabled on all database tables.
Per-agent API keys for isolated access control.
No method of storage or transmission is perfectly secure, so absolute security is not guaranteed.
Access and update profile information in the dashboard settings.
Request account deletion from your settings page or by contacting us.
Disconnect any third-party integration at any time, immediately revoking agent access to those services.
Disable auto-run (nightly agent execution) for any company at any time.
Request deletion of company data including repositories and agent history.
Unsubscribe from non-essential emails using unsubscribe links.
To make a privacy request, contact privacy@speeder.ai from the email associated with your account.
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under the GDPR and UK GDPR:
Right of access: obtain a copy of the personal data we hold about you.
Right to rectification: request correction of inaccurate or incomplete personal data.
Right to erasure: request deletion of your personal data, subject to legal retention obligations.
Right to restriction: request that we restrict processing of your personal data in certain circumstances.
Right to data portability: receive your personal data in a structured, commonly used, machine-readable format.
Right to object: object to processing based on legitimate interests or for direct marketing purposes.
Right to withdraw consent: where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
Right to lodge a complaint: you have the right to lodge a complaint with a supervisory authority in your country of residence. A list of EU data protection authorities is available at edpb.europa.eu.
To exercise any of these rights, contact privacy@speeder.ai. We will respond within 30 days (or the period required by applicable law). We may request identity verification before fulfilling your request.
Speeder uses AI models and automated systems to execute workflows, generate content, and manage business operations on your behalf. These systems operate based on your configurations, instructions, and connected data.
Speeder does not make fully automated decisions that produce legal effects or similarly significant effects on you without human involvement. AI agents act as tools under your direction—you retain control over configurations, approvals, and whether to publish or deploy generated outputs.
If you believe an automated process has significantly affected you, you have the right to request human review by contacting privacy@speeder.ai.
We do not use your personal data, company data, generated content, or proprietary business information to train or fine-tune AI foundation models. Prompts and outputs processed through third-party AI providers (such as Anthropic) are subject to those providers' data processing terms. We select providers whose terms prohibit using customer data for model training via API.
We may use de-identified, aggregated usage data (such as feature engagement metrics, error rates, and system performance data) to improve the Speeder platform and agent infrastructure. This data does not identify you or your business.
If you are a resident of a US state with applicable privacy legislation (including California under the CCPA/CPRA, Colorado, Connecticut, Virginia, Texas, Oregon, Montana, or similar), you may have additional rights including:
The right to know what personal information we collect, use, and disclose.
The right to access, correct, or delete your personal information.
The right to opt out of the sale or sharing of personal information.
The right to non-discrimination for exercising your privacy rights.
We do not sell personal information. We do not use or share personal information for cross-context behavioral advertising. The Meta Pixel and Google Analytics data described in Section 5 are used solely for measuring and improving our own marketing efforts.
To exercise your rights, contact privacy@speeder.ai. We will respond within the timeframes required by applicable law (typically 45 days under CCPA/CPRA).
Speeder is operated from the United Arab Emirates. Our service providers (including Anthropic, Stripe, Supabase, GitHub, Railway, Google, Meta, and others listed in Section 4) may process data in the United States, the European Union, and other jurisdictions.
For transfers of personal data from the EEA, UK, or Switzerland to countries not deemed to provide an adequate level of protection, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, supplementary measures where necessary, and contractual commitments from our service providers.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify affected individuals without undue delay, as required by GDPR Article 34.
We maintain an internal breach response procedure and incident log. If you believe your data has been compromised, contact privacy@speeder.ai immediately.
Speeder is not intended for individuals under 18, and we do not knowingly collect data from children. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete that information promptly.
We may update this Privacy Policy. The effective date above indicates the current version. We will notify you of material changes by email or a prominent notice on the Service at least 14 days before the changes take effect. Continued use of the service after updates means the updated policy applies.
Reflective Investments L.L.C-FZ
Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E.
Privacy inquiries: privacy@speeder.ai
General support: support@speeder.ai
Policy version: 2026-04-07