Skip to main content
MyBiz.DIY Logo

Privacy Policy

Last Updated: 4/5/2026

1. Introduction

MyBiz.DIY ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered business feasibility analysis platform that provides multi-AI validation from Claude Sonnet 4, GPT-4, and Gemini Pro with government API integration.

Key Privacy Highlights: We prioritize your privacy with a no-permanent-storage approach for business analysis data, offer 3 free analyses daily without registration, and maintain full transparency about our data practices.

We comply with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws. Your privacy rights are important to us, and we are committed to transparency in our data practices.

2. Information We Collect

2.1 Personal Information (Optional Registration)

  • Account Information (Optional): Name, email address (only if you choose to create an account for Pro features)
  • Business Analysis Input: Business ideas, descriptions, target locations, and analysis parameters (temporarily processed, not permanently stored)
  • Payment Information (Pro users only): Billing details processed securely by Stripe (we do not store payment information)
  • Communication Data: Support requests, feedback, and voluntary correspondence
  • Usage Analytics: Analysis count, feature usage (for free tier limits and platform improvement)

2.2 Technical Information

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages visited, features used, time spent, click patterns
  • Performance Data: Load times, errors, system performance metrics
  • Location Data: General geographic location based on IP address

2.3 Cookies and Tracking Technologies

We use essential cookies for platform functionality, analytics cookies to improve our services, and preference cookies to remember your settings. You can control cookie preferences through our cookie consent banner and browser settings.

3. How We Use Your Information

3.1 Legitimate Business Purposes

  • Service Provision: Provide AI business advisory, regulatory compliance information, and platform features
  • Account Management: Create and manage your account, authenticate users, provide customer support
  • AI Analysis: Generate personalized business insights, market research, and strategic recommendations
  • Communication: Send service updates, important notices, and respond to inquiries
  • Platform Improvement: Analyze usage patterns to enhance features and user experience
  • Legal Compliance: Meet regulatory requirements and legal obligations

3.2 Marketing (With Consent)

  • Send promotional emails about new features and services (only with explicit consent)
  • Provide relevant business insights and industry updates
  • Invite participation in surveys and feedback collection

4. Legal Basis for Processing (GDPR)

  • Contract Performance: Processing necessary to provide our services
  • Legitimate Interest: Platform improvement, security, and business operations
  • Consent: Marketing communications and non-essential cookies
  • Legal Obligation: Compliance with applicable laws and regulations

5. Information Sharing and Disclosure

5.1 Third-Party Service Providers

We may share information with trusted service providers who assist us in:

  • AI Services: Anthropic (Claude Sonnet 4), OpenAI (GPT-4), Google (Gemini Pro) for multi-AI business analysis
  • Authentication: Clerk for optional user authentication and account management (Pro users only)
  • Government APIs: Various government data sources for regulatory and compliance information
  • Payment Processing: Stripe for secure payment processing (Pro subscriptions only)
  • Analytics: Google Analytics, Microsoft Clarity for usage analysis
  • Payment Processing: Stripe, PayPal for secure payment processing
  • Cloud Infrastructure: Vercel, AWS for hosting and data storage
  • Email Services: SendGrid, Mailgun for transactional emails

5.2 Legal Requirements

We may disclose information when required by law, court order, or government request.

5.3 Business Transfers

In the event of a merger, acquisition, or sale, user information may be transferred as part of the business assets.

6. Data Security and Protection

  • Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Access Controls: Role-based access with multi-factor authentication
  • Regular Audits: Security assessments and vulnerability testing
  • Data Minimization: Collect only necessary information for specified purposes
  • Secure Infrastructure: SOC 2 compliant cloud providers and security monitoring
  • Incident Response: Established procedures for data breach notification and response

7. Your Privacy Rights

7.1 GDPR Rights (EU Residents)

  • Right to Access: Request copies of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data (“right to be forgotten”)
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for processing at any time

7.2 CCPA Rights (California Residents)

  • Right to Know: Information about data collection and use
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt-out of sale of personal information (we do not sell data)
  • Right to Non-Discrimination: Equal service regardless of privacy choices

7.3 How to Exercise Your Rights

To exercise your privacy rights, contact us at:
Email: privacy@mybiz.diy
Or use our Data Subject Access Request form in your account settings.

8. Data Retention

  • Account Data: Retained while your account is active and for 3 years after closure
  • Business Profiles: Retained for the duration of your subscription plus 1 year
  • AI Interactions: Anonymized after 6 months, deleted after 2 years
  • Support Communications: Retained for 5 years for quality assurance
  • Payment Records: Retained for 7 years for tax and accounting purposes
  • Marketing Data: Deleted immediately upon withdrawal of consent

9. International Data Transfers

We operate globally and may transfer data to countries outside your residence. For EU data subjects, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for transfers to countries with adequate protection
  • Binding Corporate Rules for intra-group transfers
  • Certification schemes and codes of conduct where applicable

10. Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will delete it promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Material changes will be communicated through email or prominent notice on our platform. Continued use of our services after changes constitutes acceptance of the updated policy.

12. Contact Information

Data Protection Officer

Email: dpo@mybiz.diy

Privacy Team: privacy@mybiz.diy

Mailing Address

MyBiz.DIY Data Protection

123 Business Plaza, Suite 100

San Francisco, CA 94107

United States

EU Representative

MyBiz.DIY EU Data Protection

GDPR Representative Services

Dublin, Ireland

Email: eu-privacy@mybiz.diy

13. Regulatory Authorities

If you have concerns about our data practices that we cannot resolve, you have the right to file a complaint with your local data protection authority:

  • EU: Your local Data Protection Authority
  • UK: Information Commissioner's Office (ICO)
  • California: California Attorney General's Office
  • Canada: Office of the Privacy Commissioner of Canada