EUACC
TermsHome
Legal — Last updated March 2026

Privacy Policy

We built EUACC to help European founders find funding — not to harvest data. Here's exactly what we collect and why.

1. Who we are

EUACC ("we", "us") is operated by Julian Caraulani, based in the European Union. Contact: julian@euacc.eu.

2. What we collect

Account data

When you sign up, we store your email address and a hashed password via Supabase Auth. We never see or store your password in plain text.

Company profile data

If you list a startup, you voluntarily provide: company name, description, location (country, city, coordinates), founder details, team members, business model, funding status, revenue metrics, website URL, social links, and uploaded images. All of this is public on your profile — you control what you share.

Revenue verification

If you connect Stripe for verified MRR, we access read-only revenue data through a restricted API key you provide. We display aggregated metrics only — we never access individual transactions, customer data, or payment methods.

Newsletter preferences

If you subscribe to the briefing, we store your email and selected topic preferences (e.g. "EU Grants", "VC Deals").

Payment data

Payments for AI application templates are processed by Stripe. We store only the Stripe session ID and payment intent ID for our records — we never see your card number, expiry, or CVV.

3. Cookies

We use minimal cookies:

  • AuthenticationSupabase session cookies (sb-*) — essential for keeping you logged in.
  • Languageeuacc_locale — remembers your preferred language across the 24 EU languages we support.
  • AnalyticsGoogle Analytics (_ga, _gid) — anonymous usage data to understand how people use the platform. No ad targeting, no cross-site tracking. You can reject these via our cookie banner.
  • Consenteuacc_cookie_consent — stored in localStorage to remember your cookie choice.

4. Third-party services

We use the following services to operate EUACC:

  • SupabaseDatabase and authentication (EU-hosted).
  • VercelHosting and deployment.
  • Google AnalyticsAnonymous usage analytics (can be rejected).
  • StripePayment processing for AI application templates.
  • MapboxMaps on startup profiles (no user tracking).
  • ResendTransactional and newsletter emails.
  • CrispLive chat support for logged-in users. Loads only after cookie consent. Crisp may store chat transcripts — see crisp.chat/en/privacy for their policy.
  • OpenRouterAI-powered features (grant matching, application assistance). We don't send personal data — only your query context.

5. How we use your data

We use your data to: operate your account, display your public startup profile, process payments, send emails you opted into, and improve the platform via anonymous analytics. That's it. We don't sell data, we don't run ads, and we don't build advertising profiles.

6. Your rights (GDPR)

You're in Europe, so you have strong rights:

  • AccessRequest a copy of all data we hold about you.
  • RectificationUpdate or correct your data anytime via your dashboard.
  • ErasureRequest deletion of your account and all associated data.
  • PortabilityRequest your data in a machine-readable format.
  • ObjectionOpt out of analytics via the cookie banner.

To exercise any right, email julian@euacc.eu. We'll respond within 30 days.

7. Data retention

Account data is kept as long as your account is active. Company profiles remain public until you unpublish or delete them. Payment records are kept for 7 years per EU accounting requirements. Analytics data is retained for 14 months by Google Analytics.

8. Security

Data is encrypted in transit (TLS) and at rest (Supabase encryption). Authentication uses secure HTTP-only cookies. We use Row Level Security in Supabase so users can only access their own data.

9. Changes

We may update this policy as we grow. Significant changes will be communicated via email. The "last updated" date at the top always reflects the current version.

Questions? julian@euacc.eu