STAGEXERO PRIVACY POLICY
Last Updated: January 11, 2026
Effective Date: January 15, 2026
Upturn Consultancy LLC, operating as StageXero ("StageXero", "we", "us", or "our"), is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you access or use our website at https://www.stagexero.com (the "Platform") and related services (collectively, the "Services").
BY USING THE SERVICES, YOU CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL DATA AS DESCRIBED IN THIS PRIVACY POLICY.
1. INTRODUCTION
1.1 Purpose
This Privacy Policy informs you about:
- What personal data we collect
- How we collect your personal data
- Why we collect and use your personal data
- Who we share your personal data with
- How we protect your personal data
- Your rights regarding your personal data
- How to contact us with privacy questions
1.2 Scope
This Privacy Policy applies to all Users of the Services, including:
- Website visitors
- Free plan members
- Premium and Insider plan subscribers
- Community participants
- Newsletter subscribers
1.3 Related Documents
This Privacy Policy should be read together with:
- Terms of Service
- Terms of Use
- Cookie Policy
1.4 GDPR Compliance
For Users located in the European Economic Area (EEA), United Kingdom, or Switzerland, additional provisions in Section 9 apply to ensure compliance with the General Data Protection Regulation (GDPR) and equivalent data protection laws.
2. DATA CONTROLLER INFORMATION
2.1 Identity
The data controller responsible for your personal data is:
Upturn Consultancy LLC
Sharjah, United Arab Emirates
Email: support@stagexero.com
Website: https://www.stagexero.com
2.2 EU Representative
For Users in the EEA, UK, or Switzerland, we will appoint an EU Representative as required by GDPR Article 27. Contact information will be updated once appointed.
2.3 Contact for Privacy Matters
For all privacy-related inquiries, data subject requests, or complaints, please contact:
Email: support@stagexero.com
Subject Line: "Privacy Request"
We commit to responding to privacy inquiries within 7 business days.
3. PERSONAL DATA WE COLLECT
3.1 Information You Provide Directly
When you register, use the Services, or interact with us, you may provide:
Account Information:
- Full name
- Email address
- Password (encrypted)
- Username
- Profile picture
Membership and Billing Information:
- Payment card information (processed by Stripe; we do not store full card details)
- Billing address
- Transaction history
- Subscription tier and status
Profile Information:
- Company name
- Job title / role
- Industry sector
- Company stage (pre-seed, seed, etc.)
- Location (country, city)
- LinkedIn profile URL
- Twitter/X handle
- Website URL
- Phone number (optional)
Business Information:
- Funding amount (optional)
- Valuation (optional)
- Team size
- Business description
- Pitch deck (if uploaded)
- Cap table information (optional)
User-Generated Content:
- Deal reviews and ratings
- Votes on deals
- Comments and forum posts
- Survey responses
- Support tickets and communications
Communications:
- Emails, messages, and other correspondence with us
- Feedback and suggestions
- Customer support inquiries
3.2 Information We Collect Automatically
When you access the Services, we automatically collect:
Device and Technical Information:
- IP address
- Browser type and version
- Operating system
- Device type (mobile, desktop, tablet)
- Screen resolution
- Device identifiers (e.g., advertising ID)
Usage Information:
- Pages visited and time spent
- Clickstream data
- Referral source (how you found us)
- Search queries within the Platform
- Features used and actions taken
- Deal views and redemption attempts
- Session duration and frequency
Location Information:
- Approximate geographic location based on IP address
- GPS location (only if you grant permission via mobile app)
Cookies and Tracking Technologies:
See Section 10 and our Cookie Policy for details
3.3 Information from Third Parties
We may receive information about you from:
Payment Processors (Stripe):
- Payment confirmation
- Transaction status
- Fraud detection signals
Analytics Providers (Google Analytics, Mixpanel):
- Aggregated usage statistics
- User behavior insights
Marketing Platforms (Intercom, Mailchimp):
- Email engagement metrics (opens, clicks)
- Campaign performance data
Social Media (if you connect accounts):
- Public profile information
- Email address
- Profile picture
Partners (if you redeem deals):
- Redemption confirmation
- Usage of Partner services (anonymized where possible)
Data Enrichment Services:
- Company information
- Industry classification
- Publicly available business data
3.4 Sensitive Personal Data
We may collect the following sensitive information:
- Funding amounts and valuations
- Financial status and revenue data
- Business plans and strategies
Special Note: We do NOT intentionally collect special category data under GDPR (e.g., race, health, religion, sexual orientation) unless you voluntarily provide it in free-text fields. If you include such data, you explicitly consent to our processing it in accordance with this Privacy Policy.
4. HOW WE USE YOUR PERSONAL DATA
4.1 Purposes of Processing
We use your personal data for the following purposes:
Account and Service Provision:
- Creating and managing your Account
- Providing access to Deals based on your membership tier
- Processing payments and subscriptions
- Authenticating your identity and preventing fraud
- Verifying eligibility for specific Deals
- Facilitating Deal redemption with Partners
Communication:
- Sending transactional emails (registration, password reset, payment confirmations)
- Providing customer support
- Responding to your inquiries
- Sending service announcements and updates
Marketing (with consent where required):
- Sending promotional emails about new Deals, features, and services
- Delivering personalized Deal recommendations
- Notifying you about relevant Partners and offers
- Sending newsletters and community updates
- Push notifications (mobile, with your permission)
Analytics and Improvement:
- Analyzing usage patterns and trends
- Understanding which Deals are most popular
- Improving Platform features and user experience
- Conducting user research and surveys
- Testing new features
Personalization:
- Customizing Deal recommendations based on your profile and behavior
- Personalizing content and communications
- Tailoring the Platform experience to your interests
AI and Machine Learning:
- Training AI/ML models for Deal recommendations
- Analyzing user behavior patterns
- Improving search and discovery features
- Detecting fraudulent or suspicious activity
- Optimizing Platform performance
Legal and Compliance:
- Complying with legal obligations and regulatory requirements
- Enforcing our Terms of Service
- Protecting our rights, property, and safety
- Preventing fraud, abuse, and security threats
- Responding to legal requests and court orders
Partner Relationships:
- Sharing anonymized or aggregated data with Partners to demonstrate value
- Facilitating Deal redemption
- Improving Partner offerings
5. LEGAL BASIS FOR PROCESSING
5.1 General Users
For Users outside the EEA, UK, and Switzerland, we process your personal data based on:
- Consent: You have given clear consent for specific processing activities (e.g., marketing emails).
- Contract Performance: Processing is necessary to fulfill our contract with you (i.e., providing the Services).
- Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., analytics, fraud prevention, improving Services), provided these interests do not override your rights.
- Legal Obligation: Processing is required to comply with applicable laws.
5.2 EEA, UK, and Switzerland Users (GDPR)
For Users in these regions, we rely on the following legal bases under GDPR Article 6:
(a) Contract (Article 6(1)(b)): Processing necessary for:
- Account creation and management
- Membership provision
- Payment processing
- Deal redemption facilitation
(b) Legitimate Interests (Article 6(1)(f)): Processing necessary for:
- Fraud prevention and security
- Platform analytics and improvements
- Network and information security
- Business development
Balancing test conducted to ensure our interests do not override your rights and freedoms.
(c) Consent (Article 6(1)(a)): For:
- Marketing communications
- Non-essential cookies and tracking
- Sharing data with Partners for marketing purposes
You may withdraw consent at any time without affecting lawfulness of prior processing.
(d) Legal Obligation (Article 6(1)(c)): For:
- Tax and accounting compliance
- Responding to legal requests
- Regulatory reporting
(e) Special Category Data (Article 9(2)(a)): If you provide sensitive business information, we rely on your explicit consent.
6. DATA SHARING AND THIRD PARTIES
6.1 When We Share Data
We share your personal data with third parties only in the following circumstances:
6.2 Payment Processors
- Who: Stripe
- Why: To process membership payments and Service Fees
- Data Shared: Name, email, billing address, payment card information
- Location: United States and global data centers
- Safeguards: Stripe is PCI-DSS compliant; data transfers covered by Standard Contractual Clauses (SCCs)
6.3 Analytics and Marketing Tools
- Google Analytics: Usage statistics, page views, session data (anonymized IP)
- Mixpanel: Product analytics, feature usage, user behavior
- Intercom: Customer support, live chat, email campaigns
- Mailchimp: Email marketing and newsletters
- Facebook Pixel: Advertising attribution and retargeting
- Hotjar / Microsoft Clarity: Session recording and heatmaps (anonymized)
- Segment: Data routing and integration platform
Data Shared: Usage data, email address, device information
Purpose: Analytics, marketing optimization, user support
Location: Primarily United States
Safeguards: SCCs, Privacy Shield successor mechanisms, GDPR-compliant DPAs
6.4 Partners (Limited and Anonymized)
- What We Share: In some cases, we may share anonymized or aggregated data with Partners (e.g., "X users redeemed this deal," industry trends).
- Individual Identifiable Data: Only shared when you explicitly redeem a Deal that requires Partner verification (e.g., confirmed credit accounts). You will be notified before such sharing.
- Partner Privacy: Partners are independent data controllers responsible for their own privacy practices. Review their privacy policies.
6.5 Service Providers
We engage third-party service providers to support our operations:
- Hosting: Amazon Web Services (AWS) – Platform hosting and data storage
- Email Delivery: SendGrid, AWS SES – Transactional and promotional emails
- Customer Support: Zendesk, Intercom – Ticketing and live chat
- Security: Cloudflare – DDoS protection and CDN
Contractual Protections: All service providers are bound by data processing agreements (DPAs) requiring confidentiality and security.
6.6 Legal and Regulatory Requirements
We may disclose your personal data when required to:
- Comply with legal obligations, court orders, or subpoenas
- Respond to lawful requests from government authorities
- Enforce our Terms of Service and protect our rights
- Prevent fraud, security threats, or illegal activity
- Protect the safety of Users or the public
6.7 Business Transfers
In the event of a merger, acquisition, bankruptcy, or sale of assets, your personal data may be transferred to the acquiring entity. You will be notified via email and/or a prominent notice on the Platform.
6.8 With Your Consent
We may share your data with third parties when you explicitly consent (e.g., opt-in to Partner promotions, third-party integrations).
6.9 What We Do NOT Share
- We do NOT sell your personal data to third parties.
- We do NOT share your personal data with Partners for their independent marketing without your explicit consent.
7. INTERNATIONAL DATA TRANSFERS
7.1 Global Operations
StageXero operates globally and may transfer your personal data to countries outside your jurisdiction, including:
- United States (AWS, Stripe, Google, Mixpanel, Intercom, Mailchimp)
- European Union (AWS data centers)
- Other countries where our service providers operate
7.2 Safeguards for EEA/UK/Switzerland Users
When transferring personal data outside the EEA, UK, or Switzerland, we ensure adequate protection through:
(a) Standard Contractual Clauses (SCCs): EU-approved contractual terms that bind recipients to protect data
(b) EU-US Data Privacy Framework: For US-based processors certified under the Framework
(c) Adequacy Decisions: Transfers to countries deemed adequate by the European Commission
(d) Transfer Impact Assessments (TIAs): Conducted to evaluate risks and implement supplementary measures
7.3 Your Rights
You may request copies of safeguards (e.g., SCCs) by contacting support@stagexero.com.
8. DATA RETENTION
8.1 Retention Principles
We retain your personal data only as long as necessary for the purposes described in this Privacy Policy and as required by law.
8.2 Retention Periods
Active Accounts:
Retained for the duration of your Account plus 120 days after inactivity.
Deleted Accounts:
- Most personal data deleted within 90 days of Account deletion.
- Some data retained longer for legal, tax, or compliance purposes (see below).
Backup Systems:
Deleted data may remain in backups for up to 90 days before permanent deletion.
Transaction and Tax Records:
Invoices, payment records, and tax-related data retained for 7 years to comply with UAE tax laws and international accounting standards.
Legal and Dispute Records:
Data related to disputes, investigations, or legal proceedings retained until resolution plus applicable statute of limitations (typically 5-10 years).
Aggregated and Anonymized Data:
Data that can no longer identify you may be retained indefinitely for analytics and research.
Marketing Communications:
Email addresses retained until you unsubscribe or Account deletion.
8.3 Deletion Requests
Upon Account deletion or data deletion request, we will delete or anonymize your personal data within 90 days, except where retention is required by law.
9. YOUR RIGHTS
9.1 Rights for All Users
Regardless of location, you have the following rights:
Right to Access: Request a copy of the personal data we hold about you.
Right to Rectification: Correct inaccurate or incomplete personal data.
Right to Deletion: Request deletion of your personal data, subject to legal obligations.
Right to Withdraw Consent: Withdraw consent for marketing communications or optional processing.
Right to Object: Object to processing based on legitimate interests.
Right to Restrict Processing: Request temporary restriction on processing in certain circumstances.
9.2 Additional Rights for EEA, UK, and Switzerland Users (GDPR)
In addition to the above, you have:
Right to Data Portability:
- Receive your personal data in a structured, commonly used, machine-readable format (e.g., CSV, JSON).
- Transmit your data to another service provider where technically feasible.
Right to Object to Direct Marketing:
- Object to processing for direct marketing purposes at any time.
- We will cease marketing to you upon request.
Right Not to Be Subject to Automated Decision-Making:
- You have the right not to be subject to decisions based solely on automated processing (including profiling) that produce legal or similarly significant effects.
- Note: We may use AI/ML for Deal recommendations, but these do not produce legal effects. You can opt out by adjusting preferences in your Account settings.
Right to Lodge a Complaint:
You may lodge a complaint with your local data protection authority:
- EU: https://edpb.europa.eu/about-edpb/board/members_en
- UK: Information Commissioner's Office (ICO) – https://ico.org.uk/
- Switzerland: Federal Data Protection and Information Commissioner (FDPIC) – https://www.edoeb.admin.ch/
9.3 How to Exercise Your Rights
To exercise any of these rights, contact us at:
Email: support@stagexero.com
Subject Line: "Data Subject Request – [Your Right]"
Include:
- Your full name
- Account email address
- Specific right you wish to exercise
- Details to help us locate your data
Response Time:
- We will respond within 7 business days to acknowledge your request.
- We will fulfill verified requests within 30 days (extendable to 60 days for complex requests under GDPR).
Verification: We may request additional information to verify your identity before processing requests.
No Fee: Exercising your rights is free of charge unless requests are manifestly unfounded or excessive.
10. COOKIES AND TRACKING TECHNOLOGIES
10.1 What Are Cookies
Cookies are small text files stored on your device when you visit the Platform. They help us recognize you, remember your preferences, and improve your experience.
10.2 Types of Cookies We Use
We use the following categories of cookies:
(a) Strictly Necessary Cookies
- Purpose: Essential for the Platform to function (e.g., authentication, security, session management).
- Examples: Login tokens, CSRF protection, load balancing.
- Consent: Not required (implied consent based on necessity).
- Duration: Session or up to 1 year.
(b) Performance and Analytics Cookies
- Purpose: Understand how Users interact with the Platform, measure traffic, and improve performance.
- Examples: Google Analytics, Mixpanel.
- Consent: Implied consent (based on your inputs).
- Duration: Up to 2 years.
(c) Functionality Cookies
- Purpose: Remember your preferences and settings (e.g., language, timezone, display options).
- Examples: User preferences, notification settings.
- Consent: Implied consent.
- Duration: Up to 1 year.
(d) Targeting and Advertising Cookies
- Purpose: Deliver personalized ads, track ad performance, and retarget Users.
- Examples: Facebook Pixel, Google Ads, LinkedIn Insight Tag.
- Consent: Implied consent (based on your inputs).
- Duration: Up to 1 year.
10.3 Third-Party Cookies
We use third-party services that may set their own cookies:
- Google Analytics: Analytics and reporting
- Facebook Pixel: Advertising and conversion tracking
- Intercom: Live chat and support
- Hotjar / Microsoft Clarity: Session recording and heatmaps
These third parties have their own privacy policies governing cookie use.
10.4 Managing Cookies
You can control and manage cookies through:
(a) Browser Settings:
- Most browsers allow you to block or delete cookies.
- Instructions vary by browser (Chrome, Firefox, Safari, Edge).
- Note: Disabling cookies may affect Platform functionality.
(b) Opt-Out Tools:
- Google Analytics Opt-Out: https://tools.google.com/dlpage/gaoptout
- Network Advertising Initiative: https://optout.networkadvertising.org/
- Digital Advertising Alliance: https://optout.aboutads.info/
(c) Platform Settings (Future):
We plan to implement a cookie consent management tool where you can adjust preferences.
10.5 Do Not Track
Our Platform does not currently respond to "Do Not Track" browser signals. We may implement this in the future.
10.6 Consent Duration
Your cookie consent (where applicable) is valid for 6 months, after which we may request renewed consent.
10.7 More Information
For detailed information, see our Cookie Policy.
11. SECURITY MEASURES
11.1 Our Commitment
We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction.
11.2 Security Measures Include
Technical Safeguards:
- Data encryption in transit (TLS/SSL) and at rest (AES-256)
- Secure password hashing (bcrypt)
- Multi-factor authentication (MFA) for staff
- Regular security audits and penetration testing
- Intrusion detection and prevention systems
- DDoS protection (Cloudflare)
Organizational Safeguards:
- Access controls and role-based permissions
- Employee training on data protection
- Confidentiality agreements with staff and contractors
- Data processing agreements (DPAs) with third parties
- Incident response plan for data breaches
11.3 Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms:
- Regulatory Notification: We will notify relevant data protection authorities within 72 hours (as required by GDPR).
- User Notification: We will notify affected Users without undue delay via email and/or Platform notification.
- Notification Contents: Nature of the breach, data affected, likely consequences, measures taken, and steps you should take.
11.4 Your Responsibility
You are responsible for:
- Keeping your Account password secure and confidential
- Logging out of shared or public devices
- Reporting suspected unauthorized access to support@stagexero.com
11.5 Limitations
While we strive to protect your personal data, no security system is impenetrable. We cannot guarantee absolute security. Use of the Services is at your own risk.
12. CHILDREN'S PRIVACY
12.1 Age Restriction
The Services are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16.
12.2 Parental Notice
If you are a parent or guardian and believe your child has provided personal data to us, please contact support@stagexero.com. We will promptly delete such data.
12.3 Age Verification
By using the Services, you represent and warrant that you are at least 16 years old.
13. CHANGES TO PRIVACY POLICY
13.1 Right to Modify
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Services.
13.2 Notification of Changes
Material Changes:
We will notify you at least 30 days before material changes take effect via:
- Email to your registered address
- Prominent banner on the Platform
- In-app notification
Minor Changes:
- The "Last Updated" date will be revised.
- Continued use of the Services constitutes acceptance of the updated Privacy Policy.
13.3 Review
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.
14. CONTACT US
14.1 Privacy Inquiries
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:
Email: support@stagexero.com
Subject Line: "Privacy Inquiry"
Postal Address: Upturn Consultancy LLC, Sharjah, United Arab Emirates
14.2 Data Protection Officer
For GDPR-related matters, you may contact our designated representative (information will be updated once appointed).
14.3 Response Time
We aim to respond to all privacy inquiries within 7 business days.
BY USING THE SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND AGREE TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL DATA AS DESCRIBED HEREIN.