Privacy Policy

Round Funded Privacy Policy

This Privacy Policy explains what data Round Funded ("we", "us") collects, how we use it, and the choices you have. By using the Service at https://www.roundfunded.com, you consent to the practices described here.

1. Data We Collect

We collect the following categories of personal data:

Account data — name, email address, password (hashed), authentication tokens, account preferences.

Payment data — handled entirely by our payment processor Stripe (https://stripe.com). We do not store credit card numbers. We receive a limited record of your purchase (plan, amount, status, customer ID).

Connected email accounts — if you connect your Gmail account, we store encrypted OAuth tokens and your Google Account email address so we can send outreach emails on your behalf from your own address. We request send-only access (the gmail.send scope). We do not read, store, or access the contents of your mailbox, and we never request scopes that would let us read your inbox. See Section 2 (Google User Data and Limited Use) for the full disclosure.

Outreach data — emails you send through the Service, recipient interactions (opens, clicks, replies), notes you add to your pipeline.

Usage data — pages visited, features used, IP address, browser, device type, language, country (derived from IP).

Cookies — see our Cookie Policy.

2. Google User Data and Limited Use

This section applies specifically to data Round Funded accesses from your Google Account when you connect Gmail. It governs in addition to the rest of this Policy, and in the event of any conflict, this section controls for Google user data.

What Google user data we access. When you connect your Gmail account, we request only two OAuth scopes:

  • https://www.googleapis.com/auth/userinfo.email — your Google Account email address, used to identify and label the connected inbox.
  • https://www.googleapis.com/auth/gmail.send — permission to send email on your behalf, from your own address.

We do not request, access, read, store, or process the contents of your Gmail mailbox, your received or draft messages, your labels, your contacts, or any other Google user data. We never request "read" or "modify" scopes.

How we use Google user data. We use the gmail.send permission solely to deliver the outreach emails that you compose, review, and send through Round Funded, from your connected address. We use your Google Account email address only to display which account is connected and to associate the messages you send with your account. We do not use Google user data for advertising, profiling, training models, or any purpose unrelated to providing this feature.

Email sending practices. Round Funded does not provide email warming, inbox warm-up, or send-rate ramping services for any account, including Google accounts. Outreach emails are sent as composed by you, only to the specific recipients you select, and every email includes a one-click unsubscribe link in its footer. Clicking that link immediately stops all further emails from your account to that recipient and cancels any scheduled follow-ups. We do not simulate inbox activity, rotate accounts, or take any action designed to artificially improve deliverability.

Storage and protection of sensitive data. OAuth tokens (access and refresh tokens) are encrypted at rest using AES-256-GCM before being stored, and are transmitted only over encrypted connections (HTTPS/TLS). Access to them is restricted to the server processes that send your email.

Retention and deletion. We retain your OAuth tokens only while your Gmail account is connected. When you disconnect the account in your Round Funded settings, or delete your Round Funded account, we delete the stored tokens and revoke our access with Google. You can also revoke Round Funded's access at any time from your Google Account at https://myaccount.google.com/permissions.

Sharing, transfer, and disclosure. We do not sell Google user data. We do not transfer or disclose Google user data to any third party, except as necessary to provide the feature you requested (for example, transmitting your message through Google's own Gmail API), to comply with applicable law or valid legal process, or in connection with a merger or acquisition, in which case we will provide notice. We do not transfer or use Google user data for any purpose other than providing or improving the Round Funded features you use.

Limited Use. Round Funded's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

3. Why We Collect It

  • Provide and operate the Service (search, outreach, CRM).
  • Authenticate you and secure your account.
  • Process payments through Stripe.
  • Improve the product (analytics on what users do).
  • Communicate with you about your account, billing, and product updates.
  • Comply with legal obligations.

We do not sell your personal data to third parties.

4. Third Parties That Process Your Data

We use the following processors to operate the Service:

  • Supabase — authentication, account database, application data storage.
  • Stripe — payment processing.
  • Resend — transactional email delivery (welcome emails, password resets, receipts).
  • PostHog — product analytics, session replay (input masking for passwords enabled).
  • Vercel — hosting, web analytics, and edge functions.
  • Google — if you connect your Gmail account, authentication and email sending happen through Google's Gmail API. We send email on your behalf; we do not read your mailbox. See Section 2 for the full Google user data disclosure.

Each processor has its own privacy practices. We use them under data processing agreements where required.

5. International Transfers

Round Funded is operated globally. Your data may be processed in the United States, the European Union, or other regions where our processors operate. We rely on standard contractual clauses and equivalent legal mechanisms where applicable.

6. Your Rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your data (subject to legal retention requirements).
  • Export your data in a portable format.
  • Object to or restrict certain processing.
  • Withdraw consent for processing based on consent.

To exercise any of these rights, email support@roundfunded.com from the address associated with your account.

7. Data Retention

  • Active accounts — we retain your data while your account is active.
  • Deleted accounts — personal data is removed within 30 days of account deletion. Backups are purged on the standard backup rotation (typically within 90 days).
  • Payment records — retained for the period required by applicable tax and accounting law (typically 7 years).
  • Aggregated analytics — retained indefinitely in non-identifiable form.

8. Security

We protect your data with industry-standard measures:

  • Encryption in transit (HTTPS/TLS) for all data.
  • Encryption at rest for sensitive fields including OAuth tokens.
  • Role-based access controls and audit logging.
  • Regular security reviews and dependency updates.

No system is 100% secure. If we become aware of a breach affecting your data, we will notify you and the relevant authorities as required by law.

9. Children

Round Funded is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided data to us, please email support@roundfunded.com and we will delete it.

10. Cookies and Tracking

See our Cookie Policy for details on cookies, analytics, and tracking.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The current version is always at https://www.roundfunded.com/legal/privacy-policy. Material changes will be communicated by email or in-product notice.

12. Contact

Questions about this Privacy Policy or your data? Email support@roundfunded.com.

Updated on June 27th, 2026