CatalystCatalyst3
Sign upLog in
© 2025 CatalystTermsPrivacy

Last updated: February 17, 2026

Privacy Policy

This Privacy Policy explains how Catalyst (“we,” “us,” or “our”) collects, uses, shares, and protects your personal information when you use the Catalyst platform (the “Platform”).

1. Information We Collect

1.1 Account Information

When you create an account, we collect your email address and password (which is stored in hashed form using bcrypt). You also select a role: Startup or Investor. We require email verification to activate your account.

1.2 Startup Profile Data

If you register as a startup, we collect information you provide, including:

  • Founder name, LinkedIn, and Twitter profile
  • Company name, website, one-liner description, and logo
  • Company stage, vertical, geography, headquarters, and market
  • Fundraising details: instrument type, amount raising, current round, ticket size range, FDV
  • Team size, co-founders count, revenue, and user metrics
  • Tokenomics data: chain, vesting schedules, expected TGE date
  • Incorporation details: country, month, and year
  • Social media links and Telegram handle
  • Outreach templates: email subject lines and message content
  • Investor meeting link

1.3 Investor Profile Data

If you register as an investor, we collect information you provide, including:

  • Name, type (VC or Angel), and description
  • Website, Twitter, LinkedIn, and Telegram
  • Investment thesis, founded year, portfolio size, and geography
  • Investment criteria: preferred instruments, ticket size range, target verticals, FDV range, target rounds, and chain preferences
  • Contact preference (email, Telegram, or LinkedIn)
  • Logo and email address

1.4 Pitch Deck Content

When you upload a pitch deck, we collect the file itself (name, size, format) and extract text from it for AI analysis. We also store the AI-generated analysis results, including scores across categories such as team, market, traction, competition, and technology, as well as highlights and risk assessments.

1.5 CRM and Outreach Data

We collect data related to your fundraising pipeline, including intro requests, CRM notes, follow-up dates, pipeline stages, and outreach campaign data. For email campaigns sent through the Platform, we track delivery status, opens, clicks, and replies via email tracking mechanisms.

1.6 Usage and Analytics Data

We automatically collect usage data when you interact with the Platform, including pages viewed, features used, actions taken, API calls made, errors encountered, and session information. This data is collected through our internal analytics system and is used to improve the Platform.

1.7 Device and Browser Information

We may collect technical information such as your browser type, operating system, device type, IP address, and referring URL to ensure the Platform functions correctly and to detect and prevent abuse.

2. How We Use Your Information

We use the information we collect to:

  • Provide Platform services — create and manage your account, process pitch deck uploads, generate AI analysis, match startups with investors, facilitate introductions, and manage outreach campaigns
  • AI-powered features — analyze pitch decks, score startups, generate competitor intelligence, curate deal flow, and provide automated insights using artificial intelligence and machine learning
  • Billing and payments — process subscription payments, manage credits, and handle billing inquiries through our payment processor Stripe
  • Communications — send account verification emails, service notifications, outreach campaign emails on your behalf, and respond to support inquiries
  • Platform improvement — analyze usage patterns, debug issues, optimize performance, and develop new features
  • Security and fraud prevention — detect unauthorized access, prevent abuse, enforce our Terms of Service, and protect the integrity of the Platform
  • Legal compliance — comply with applicable laws, regulations, and legal processes

3. Information Sharing and Third Parties

We do not sell your personal information. We share data with third parties only as necessary to provide the Platform services and as described below:

Service ProviderPurpose
SupabaseDatabase hosting (PostgreSQL). All user data is stored on Supabase infrastructure.
OpenAIAI processing for pitch deck analysis, competitor research, and content generation. Pitch deck text and relevant profile data may be sent to OpenAI for processing.
PitchScanSpecialized pitch deck scoring and analysis. Pitch deck content is shared for evaluation.
StripePayment processing for subscriptions. Stripe collects payment card details directly; we store only Stripe customer and subscription identifiers.
ResendEmail delivery for verification emails, service notifications, and outreach campaigns. Email addresses and message content are shared with Resend for delivery.
RapidAPITwitter/X data retrieval for the Early Signals feature. Publicly available social data is processed.
Jina AIWeb content extraction for competitor intelligence and data enrichment.
Legal NodesThird-party legal services referral. Information you provide through the incorporation flow may be shared with Legal Nodes if you choose to use their services.

We may also share information: (a) to comply with legal obligations, court orders, or government requests; (b) to protect the rights, property, or safety of Catalyst, our users, or the public; or (c) in connection with a merger, acquisition, or sale of all or a portion of our assets, in which case you would be notified of any change in ownership or use of your data.

4. AI and Automated Processing

Catalyst uses artificial intelligence and automated processing extensively throughout the Platform. This includes:

  • Pitch deck analysis — your uploaded documents are processed by AI models to extract text, evaluate content, and generate scores and feedback
  • Startup-investor matching — automated algorithms match startups with relevant investors based on investment criteria, stage, vertical, and other factors
  • Deal flow curation — AI scoring determines how startups are ranked and presented to investors
  • Competitor intelligence — automated systems monitor public sources for competitor activity and generate insights
  • Contact enrichment — automated tools supplement investor contact information from public sources

AI-generated outputs are provided for informational purposes only and may contain inaccuracies. No automated decisions are made that produce legal or similarly significant effects on you without human review.

5. Cookies and Tracking Technologies

We use the following cookies and client-side storage mechanisms:

5.1 Essential Cookies

  • Session cookie — an HTTP-only JWT cookie set by NextAuth.js to maintain your authenticated session. This cookie is strictly necessary for the Platform to function.
  • Admin session cookie — used for administrative access only.

5.2 Local Storage

  • Theme preference — stores your light/dark mode selection locally on your device.
  • Onboarding state — tracks whether you have completed the onboarding tour to avoid showing it repeatedly.

5.3 Session Storage

  • Analytics session ID — a temporary identifier generated per browser session to group usage analytics. This is cleared when you close the browser tab.

5.4 Email Tracking

Outreach emails sent through the Platform may include tracking mechanisms (such as tracking pixels and link redirects) to measure opens and clicks. This data is used to provide campaign analytics to the sender.

We do not currently use third-party advertising cookies or cross-site tracking. We do not participate in advertising networks or sell data for targeted advertising.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Platform services. After account deletion, we may retain certain data for a reasonable period to comply with legal obligations, resolve disputes, enforce our agreements, and for legitimate business purposes.

Pitch deck files and analysis results are retained for the lifetime of your account. Outreach campaign data, including email tracking metrics, is retained for up to 24 months after the campaign ends. Usage analytics data is retained in aggregate form indefinitely and may be retained in identifiable form for up to 12 months.

7. Data Security

We implement technical and organizational measures to protect your personal information, including:

  • Passwords are hashed using bcrypt with a cost factor of 12 and are never stored in plain text
  • All data is transmitted over HTTPS (TLS encryption in transit)
  • Database is hosted on Supabase with encryption at rest
  • Session tokens are stored in HTTP-only cookies to prevent client-side script access
  • Payment information is handled directly by Stripe and never touches our servers
  • Access to production systems is restricted to authorized personnel

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your information.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access — request a copy of the personal information we hold about you
  • Correction — request that we correct inaccurate or incomplete personal information
  • Deletion — request that we delete your personal information, subject to legal retention obligations
  • Data portability — request a machine-readable copy of your data
  • Restriction — request that we restrict processing of your personal information in certain circumstances
  • Objection — object to processing of your personal information for certain purposes, including automated processing and profiling
  • Withdrawal of consent — where processing is based on consent, withdraw that consent at any time

To exercise any of these rights, contact us at hello@catalyst.xyz. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

9. International Data Transfers

The Platform is operated globally, and your data may be processed in countries other than your country of residence. Our service providers, including Supabase, OpenAI, Stripe, and Resend, may process data in the United States and other jurisdictions.

Where data is transferred to countries that may not provide the same level of data protection as your home country, we rely on appropriate safeguards, such as standard contractual clauses, to ensure your data remains protected.

10. Children’s Privacy

The Platform is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at hello@catalyst.xyz.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify you by email or by posting a prominent notice on the Platform prior to the change becoming effective. The “Last updated” date at the top of this page indicates when the policy was last revised.

Your continued use of the Platform after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Catalyst

Email: hello@catalyst.xyz

Twitter: @catalystxyz

For data protection inquiries by residents of the European Economic Area, you also have the right to lodge a complaint with your local data protection authority.