Fundraise Copilot logoFundraise Copilot
Join Waitlist

x42 Apps Privacy & AI Use Policy

Effective Date: 19 October 2025 · Last Revised: 19 October 2025

Published by x42 Venture Studio, the holding company behind Fundraise Copilot.

1. Overview of Covered Apps

References to the "Apps" include each application listed below and any successor or companion experiences released by x42 Venture Studio. Package identifiers are provided for transparency; future apps will follow the app.x42.* namespace.

  • Founders Journal

    app.x42.fj

    Daily founder operating journal with guided prompts, habit tracking, and portfolio analytics.

  • Fundraise Copilot

    app.x42.fundraisecopilot

    Fundraising guidance, investor CRM, Ava AI-driven outreach, diligence prep assistant, and task management.

  • Calmist

    app.x42.calmist

    Astrology-guided wellbeing coaching with tarot insights, palmistry interpretations, and business-oriented forecasts.

2. Information We Collect

The data we collect depends on how you use the Apps, the features you enable, and the permissions you grant. We minimise collection and apply the same safeguards across all future x42 releases.

Personal data you provide

  • Account information such as name, email, organisation, phone number, and authentication credentials.
  • Profile and preference information including role, venture focus areas, and notification settings.
  • Content generated inside the Apps (for example journal entries, fundraising notes, AI chat prompts, uploaded files, voice notes, and survey responses).
  • Support requests and feedback you submit through in-app forms, email, or our help desk.

Data collected automatically

  • Device and log data: IP address, device identifiers, operating system, app version, language, crash diagnostics, and performance metrics.
  • Usage analytics: feature interactions, session duration, referral source, and aggregated engagement metrics used to improve the Apps.
  • Approximate location derived from IP address for fraud prevention, localisation, and legal compliance.

Third-party data sources

  • If you connect external services (for example Google Calendar, Notion, data rooms, or CRM systems), we access the minimum information required to deliver the requested integration.
  • For app marketplace distribution we receive purchase history, attribution data, crash diagnostics, and compliance reports as permitted by the respective platform.
  • Where permitted by law, we may enrich business profiles with publicly available information to validate companies and investors.

3. How We Use Information

  • Deliver core functionality, personalise coaching, and keep experiences synced across devices.
  • Operate, analyse, and improve the Apps, including troubleshooting, analytics, A/B testing, and roadmap decisions.
  • Provide customer support, security monitoring, fraud prevention, and regulatory compliance.
  • Communicate updates, feature announcements, and research opportunities consistent with your notification settings.
  • Generate aggregated, de-identified insights for benchmarking and product performance.

4. Artificial Intelligence Disclosures

AI-assisted features are foundational to x42 products. We design them with transparency, proportionality, and human oversight.

Why we use AI

  • Provide personalised coaching, journaling prompts, and strategic fundraising recommendations.
  • Summarise user-provided content, generate draft documents, and surface insights from venture data.
  • Automate repetitive workflows such as meeting transcription, fundraising checklist management, and wellbeing plan generation.

How AI handles your information

  • We route prompts and relevant context to industry-standard AI infrastructure (including models hosted by x42 and trusted providers) using encrypted transport.
  • Unless you explicitly opt into model improvement programmes, the content you submit to our AI features is not used to train third-party foundation models.
  • Outputs are reviewed through human-in-the-loop safeguards and automated filters to prevent unsafe or biased recommendations.

Your choices

  • You can disable AI-assisted features within each App's settings; core functionality remains available.
  • You may request deletion of specific AI conversations or generated artefacts at any time by emailing privacy@x42.in.
  • We surface explainability notes, source references, and confidence ranges so you can make informed decisions before acting on AI-generated guidance.

5. When We Share Information

Service providers

We work with vetted vendors for hosting, analytics, customer support, payment processing, and AI infrastructure. Each provider signs data processing agreements requiring confidentiality, security, and lawfulness of processing.

Workspace administrators

If you access the Apps through an organisation account, authorised admins may view usage insights and manage your workspace subject to our customer contract.

Legal and compliance

We may disclose information if required by law, valid legal process, governmental request, or to protect the rights, property, or safety of x42, our users, or the public.

Business transfers

If we reorganise, merge, or spin out an App into a new entity, we will maintain equivalent privacy protections and notify affected users before any material change.

We do not sell personal data. We only share information as described above or with your consent. If we launch co-branded or white-label versions of an App, we will disclose the relevant data sharing arrangement within that experience.

6. Data Retention

Operational workspaces

Active tenant data (journals, deal rooms, wellbeing logs) is retained for the life of your subscription. When a workspace is closed, we transition the data to a restricted state for up to 180 days to support account migration, audits, and dispute resolution.

User-controlled deletion

Most artefacts can be deleted in-App. Deleted records move to a 30-day soft-delete queue where administrators can restore them. After this window, entries are purged from production systems and scheduled for destruction from encrypted backups within 90 days.

AI prompts & telemetry

Chat transcripts, inference logs, and feature telemetry are retained for up to 12 months to evaluate model performance, bias, and safety guardrails. You may request earlier deletion of specific conversations, subject to security investigations in progress.

Regulatory & financial archives

Payment records, statutory registers, tax documentation, and compliance evidence may be retained for up to eight years or longer if mandated by applicable laws, RBI/NPCI circulars, or lawful orders.

Backups & resilience data

System backups are encrypted and segregated. They are cycled on rolling schedules not exceeding 180 days. When retention obligations lapse, we ensure secure erasure using industry-standard destruction practices.

7. Protection of Information

  • Encryption in transit and at rest across our primary infrastructure.
  • Granular access controls, role-based permissions, and hardware security keys for privileged accounts.
  • Independent security assessments, secure SDLC practices, and vulnerability disclosure channels.
  • Incident response playbooks with 72-hour notification commitments for materially impactful breaches.

8. International Transfers

x42 operates globally. We primarily store data in India and the European Union, with redundancy in geographically distributed regions. When we transfer personal data outside the country where it was collected, we implement contractual safeguards and jurisdiction-specific addenda to maintain equivalent protection.

9. Lawful Basis & Regulatory Compliance

Processing is grounded in your consent, contractual necessity, legitimate purposes permitted under Indian law, or other lawful bases outlined in the Digital Personal Data Protection Act, 2023.

  • We comply with the Digital Personal Data Protection Act, 2023 (India) and allied rules, including obligations for notice, consent, purpose limitation, and data principal rights.
  • We follow the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, including ISO/IEC 27001-aligned controls.
  • CERT-In directions on cybersecurity incident reporting and log retention are implemented across our infrastructure.
  • Where financial data is processed (e.g., subscription payments), we comply with Reserve Bank of India and NPCI guidelines for storage, tokenisation, and dispute resolution.
  • Cross-border transfers rely on contract clauses, intra-group agreements, and adequacy assessments to maintain equivalent protection.

10. Your Rights and Choices

Depending on your jurisdiction, you may exercise the rights below. We honour these rights for all users where technically feasible.

  • Right of access and portability: request confirmation of processing activities and obtain a copy of your personal data in a commonly used format (Digital Personal Data Protection Act, 2023 - Section 12).
  • Right to correction and updating: have inaccurate or incomplete data rectified without undue delay.
  • Right to erasure and restriction: request deletion of data that is no longer necessary for the stated purpose or where consent has been withdrawn, subject to lawful exemptions.
  • Right to withdraw consent and opt out: revoke consent for specific processing activities, including AI-driven personalisation or marketing communications, without affecting prior lawful processing.
  • Right to grievance redressal: lodge complaints with our Grievance Officer/DPO and escalate to the Data Protection Board of India if unsatisfied with our response.
  • Right to nominate: appoint an individual to exercise your data principal rights on your behalf in the event of incapacity.

Submit requests via in-app settings, email privacy@x42.in, or use the web form at https://x42.in/privacy. We verify identity before fulfilling requests and respond within 30 days.

11. Children's Privacy & Age Requirements

Our portfolio includes applications built for different age groups. Unless a specific App states otherwise, features are intended for professionals aged 18 and above. Where an App targets younger users, we clearly mark the age threshold, obtain verifiable parental consent when required, and offer guardian controls.

We do not knowingly collect personal data from children below the minimum age declared for the relevant App without appropriate consent. If we discover such data has been provided without the necessary permissions, we will delete it promptly, restrict access, and notify the guardian or institution involved.

Guardians, schools, or organisations using youth-focused Apps are responsible for safeguarding access credentials and explaining how data will be used. Requests for deletion or access relating to minors can be submitted via privacy@x42.in.

12. Changes to This Policy

We may update this policy to reflect product enhancements, legal requirements, or operational changes. When we make material updates, we will notify you via in-app messaging, email, or push notification at least 15 days before the new terms take effect. Continued use of the Apps after the effective date constitutes acceptance of the updated policy.

13. Governing Law & Dispute Resolution

This policy is governed by the laws of India. Any dispute, claim, or controversy shall be resolved through arbitration administered under the Arbitration and Conciliation Act, 1996. The seat and venue of arbitration will be Gurugram, Haryana, India, proceedings will be conducted in English, and the arbitral award will be final and binding. Courts at Gurugram (Haryana) shall have exclusive jurisdiction for interim relief and enforcement.

14. Contact & Grievance Redressal

x42 Venture Studio
C 807 Unitech Business Zone, Sector 50, Gurgaon, Haryana 122018, India

  • Email (general): contact@x42.in
  • Email (privacy & data requests): privacy@x42.in
  • Security response: security@x42.in
  • Grievance Officer & Data Protection Officer: privacy@x42.in
  • Telephone (India): +91 99583 24010