Privacy Policy

Fundex, Inc. (“Fundex,” “we,” “us,” or “our”) operates the Fundex investor CRM platform at usefundex.comand its associated services (the “Service”). This Privacy Policy explains what information we collect, why we collect it, how we use and protect it, and your choices.

Fundex is a business-to-business (B2B) software platform. Our customers are fund managers, startups, and early-stage companies (“Customers”) who use our tools to manage investor relationships and fundraising pipelines. When our Customers store investor contact records in Fundex, they are the data controller for that contact data and we act as a data processor on their behalf.

Account & Subscription Data

When you create a Fundex account or start a trial, we collect:

• Full name, work email address, and password (hashed)
• Company name, size, and industry
• Billing address and payment method (processed by Stripe; we do not store raw card numbers)
• Role, permissions, and team membership within your organization

CRM & Pipeline Data

When Customers use the platform to manage their fundraising pipeline, they may enter or import:

• Investor names, email addresses, phone numbers, titles, and LinkedIn URLs
• Fund names, AUM, investment thesis, and portfolio data
• Meeting notes, call logs, email correspondence, and custom activity records
• Pipeline stage, deal terms, and relationship health signals
• Tags, lists, and custom fields defined by the Customer

Email & Calendar Integration Data

If you connect your email inbox or calendar (via our Nylas integration), we collect:

• OAuth access tokens (encrypted at rest; scoped to send-on-behalf)
• Sent message metadata: recipient, subject, timestamp, and thread ID
• Email open and click tracking pixels and link redirects (only for outreach sequences you initiate)
• Calendar event metadata: title, attendees, and time (for meeting logging)

Usage & Technical Data

• IP address, browser type, operating system, and device identifiers
• Pages viewed, features used, and session duration
• API call logs and error reports
• Cookies and similar tracking technologies (see Cookies)

We use collected information for the following purposes:

Fundex is a data processor for investor contact data that Customers store in the platform. Our Customers—fund managers, startups, and advisors—are the data controllers for their investor records.

Data Processing Addendum (DPA)

Enterprise and growth plan Customers may request a Data Processing Addendum covering sub-processor obligations, Standard Contractual Clauses (SCCs) for international transfers, and audit rights. Contact privacy@usefundex.com to request a DPA.

Tenant Isolation

Each Customer organization operates in a logically isolated tenant. Investor records, pipeline data, and communications of one Customer are never accessible to another Customer. All database queries are scoped by tenant_id at the application layer.

Central Investor Pool

Fundex maintains a read-only central pool of publicly available investor profiles (name, fund, and publicly listed contact information) sourced from publicly accessible databases. Customers may import these profiles into their private tenant. The central pool is never shared between Customer tenants.

Fundex enables Customers to send personalized outreach emails to investors via their own connected mailboxes (Gmail, Outlook / Microsoft 365). We integrate with Nylas to authenticate and send email on behalf of the connected account.

What we track

• Open tracking: A 1×1 pixel image is embedded in outreach emails. When the recipient opens the email and images load, we record the open event and approximate time.
• Click tracking: Links in outreach sequence emails may be rewritten to route through our tracking domain before redirecting to the target URL, recording the click event.
• Reply detection: We detect replies using email thread metadata to automatically update pipeline stages and halt follow-up sequences.
• Bounce & unsubscribe handling: Hard bounces and unsubscribe requests are automatically honoured and the contact is suppressed from future outreach.

Mailbox permissions

Connecting your email account grants Fundex OAuth permissions scoped to sending email and reading thread metadata for sent messages only. We do not read your inbox, access received emails, or store email body content beyond what you explicitly compose in Fundex.

We do not sell your personal information. We share data only in the following circumstances:

Sub-processors

We engage the following categories of sub-processors to operate the Service:

Legal disclosures

We may disclose information if required by law, court order, or lawful government request, or when necessary to protect the safety, rights, or property of Fundex, our Customers, or others.

Business transfers

In the event of a merger, acquisition, or sale of assets, customer data may be transferred to the acquiring entity. We will provide notice before personal data becomes subject to a materially different privacy policy.

We retain your data for as long as your account is active or as needed to provide the Service. Specific retention periods:

• Account data: Retained while your subscription is active plus 90 days after cancellation to allow account reinstatement.
• CRM and pipeline data: Available for export at any time; purged within 30 days of account termination upon written request.
• Email tracking events: Retained for 36 months from the event date, then automatically deleted.
• Billing and transaction records: Retained for 7 years for tax and legal compliance.
• Security and audit logs: Retained for 12 months.
• Backups: Point-in-time database backups are retained for 35 days and then overwritten.

You may request deletion of your data at any time by contacting privacy@usefundex.com. We will respond within 30 days.

Fundex implements technical and organizational measures appropriate to the risk of processing personal data. These include:

No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security. Please report security vulnerabilities to security@usefundex.com.

Depending on your location, you may have the following rights regarding your personal data:

To exercise any of these rights, email us at privacy@usefundex.com. We will respond within 30 days (GDPR) or 45 days (CCPA). We may need to verify your identity before processing your request.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) or equivalent UK/CH legislation applies to our processing of your personal data.

Legal bases for processing

• Contract performance: Processing necessary to deliver the Service you have subscribed to.
• Legitimate interests: Security monitoring, fraud prevention, product analytics, and improving the Service — balanced against your rights.
• Consent: Marketing communications and certain cookie categories (you may withdraw at any time).
• Legal obligation: Tax and accounting records.

International data transfers

Fundex is based in the United States. When we transfer personal data from the EEA/UK to the US, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. Enterprise Customers may request SCCs as part of a Data Processing Addendum.

Data Protection Officer

For GDPR-specific inquiries, contact our privacy team at privacy@usefundex.com. You also have the right to lodge a complaint with your local supervisory authority.

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you additional rights:

• Right to Know: Request information about the categories and specific pieces of personal information we have collected about you.
• Right to Delete: Request deletion of your personal information (subject to exemptions).
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt Out of Sale / Sharing: We do not sell or share personal information for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information beyond what is necessary for the Service.
• Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a verified consumer request, email privacy@usefundex.com or use the Do Not Sell or Share My Personal Information link in the footer. We will respond within 45 calendar days.

We use cookies and similar technologies on our website and application. Categories:

You can control cookies through your browser settings or our consent banner. Disabling strictly necessary cookies may prevent the application from functioning.

The Fundex Service is not directed at children under the age of 18. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, please contact privacy@usefundex.com and we will promptly delete it.

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of the page. For material changes, we will provide prominent notice via email or an in-app notification at least 30 days before the change takes effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

We encourage you to review this page periodically. Previous versions of this policy are available upon request.

If you have questions about this Privacy Policy, want to exercise your rights, or have a privacy concern, please reach out:

For security vulnerabilities, please email security@usefundex.com — do not file public issues.