StartCaaS is an AI-powered company operating system that gives solo founders 9 AI agents to handle email, legal, finance, marketing, customer support, and more.

How much does StartCaaS cost?

StartCaaS offers a free Starter plan. Pro is $49/month and Enterprise is $349/month with advanced features.

What AI agents are included?

9 agents: Email, Legal, Finance, Marketing, Sales, Support, HR, Operations, and Strategy.

StartCaaS — AI Company Operating System for Solo Founders

StartCaaS Privacy Policy

Last updated: March 14, 2026

This Privacy Policy describes how StartCaaS ("we", "us", or "our") collects, uses, and protects your information when you use our SaaS AI agent platform. By using the Service, you agree to the practices described below.

1. Data We Collect

1.1 Account Information

When you register, we collect your email address, full name, and company information (name, size, industry). This data is required to create and manage your account.

1.2 Usage Data

We collect data about how you interact with the platform: pages visited, features used, agent tasks created and executed, API calls made, and session duration. This helps us improve the Service and diagnose issues.

1.3 Agent Inputs and Outputs

To deliver AI agent functionality, we process and store the instructions you provide to agents and the outputs they produce. This includes emails drafted, research summaries, code generated, and any other agent-generated content.

1.4 Telemetry

For security and analytics we collect a one-way hash of your IP address (not the raw IP), your browser user agent string, and request timestamps. Raw IP addresses are never stored.

2. How We Use Your Data

Service delivery — to authenticate you, run AI agents, store results, and provide support
Analytics — to understand usage patterns, measure feature adoption, and improve reliability
Platform improvement — aggregated, anonymized usage data is used to train and refine our internal models and workflows
Communication — to send transactional emails (account events, billing receipts) and, with your consent, product updates
Security — to detect and prevent abuse, fraud, and unauthorized access

We do not sell your personal data to third parties.

3. Third-Party Processors

We share data with the following sub-processors only to the extent necessary to provide the Service:

Processor	Purpose	Data Shared
Stripe	Billing & payments	Name, email, billing address, payment method
OpenRouter	AI processing (LLM routing)	Agent prompts and context
Anthropic	AI processing (Claude models)	Agent prompts and context
OpenAI	AI processing (GPT models)	Agent prompts and context
Cloudflare	CDN, DDoS protection, security	Request metadata (IP, headers) — subject to Cloudflare's privacy policy
Gmail / Google	Transactional email delivery	Recipient email, email content

All LLM providers process data under their respective data processing agreements. Agent prompts may include content from your account. We recommend avoiding inclusion of sensitive personal data (e.g., SSNs, passwords) in agent instructions.

4. Data Storage

Your data is stored in a PostgreSQL database hosted on our self-managed infrastructure. Data at rest is encrypted using AES-256 via HashiCorp Vault. Database backups are taken daily and retained for 30 days; backups are also encrypted at rest.

5. Data Retention

Active accounts — data is retained for as long as your account is active
Cancelled accounts — data is retained for 30 days after cancellation, then permanently deleted
System and audit logs — retained for 90 days, then automatically purged
Billing records — retained for 7 years as required by financial regulations

You may request immediate deletion at any time (see Section 6). Legal hold obligations may delay deletion in limited circumstances.

6. Your Rights (GDPR & Privacy Rights)

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

Access — request a copy of the personal data we hold about you
Rectification — request correction of inaccurate or incomplete data
Erasure ("right to be forgotten") — request deletion of your personal data
Portability — receive your data in a machine-readable format (JSON/CSV)
Restriction — request that we limit processing of your data
Objection — object to processing based on legitimate interest or for direct marketing
Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing

7. How to Exercise Your Rights

You can exercise your rights in two ways:

Self-service — visit your Compliance dashboard to request data export, deletion, or restriction directly from the platform
Email — send a request to [email protected] with subject line "Privacy Rights Request"

We will respond within 30 days. We may require identity verification before fulfilling a request.

8. Cookies & Tracking

We use a minimal set of cookies and browser storage:

Session cookies (essential) — used to keep you authenticated during your session. These are strictly necessary and cannot be disabled without breaking the Service.
Dark mode preference (localStorage) — stores your UI theme preference locally in your browser. No data is sent to our servers.
Cookie consent (localStorage) — records whether you have acknowledged this banner. No data is sent to our servers.
Analytics telemetry — we record a one-way hash of your IP address and your browser's user agent to understand platform traffic patterns. This data is anonymized and cannot be used to re-identify you.

We do not use third-party advertising cookies or cross-site tracking technologies.

9. International Data Transfers

Our infrastructure and primary data storage is located in the United States. If you are accessing the Service from the European Economic Area (EEA), United Kingdom, or other jurisdictions, your data will be transferred to and processed in the USA. Such transfers are conducted under appropriate safeguards including standard contractual clauses where required.

10. Children's Privacy

The Service is intended for business use and is not directed at individuals under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected such data, please contact us immediately at [email protected].

11. Security Measures

We implement industry-standard technical and organizational security controls:

HTTPS / TLS — all data in transit is encrypted using TLS 1.2+
AES-256 encryption at rest — managed via HashiCorp Vault
Content filtering — agent outputs are screened for harmful or policy-violating content
Audit logging — all sensitive operations (data access, exports, deletions) are logged with tamper-evident records
Access controls — internal access to production data is role-based and requires multi-factor authentication

No system is completely secure. We cannot guarantee the absolute security of your data, but we commit to notifying you promptly in the event of a breach that affects your personal information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you by email at least 30 days before the changes take effect. The updated policy will always be available at startcaas.com/privacy with the "Last updated" date at the top.

13. Contact Us

For any privacy-related questions, requests, or concerns:

Email: [email protected]
Self-service: /compliance dashboard inside your account