Privacy Policy

Account Information. When you register as an operator or investor, we collect your name, email address, password (hashed), and company name. Operators may also provide billing information processed by our payment processor, Stripe.

Deal and Pipeline Data. Operators create deal listings, investor pipeline records, soft-commit entries, and related documents through the Service. This data is stored on your behalf and is under your control.

Investor KYC Documents. Investors may upload identity and accreditation documents through the investor portal. These files are stored securely and accessible only to the relevant operator and to Mownt for support purposes.

Usage and Log Data. We automatically collect standard log data including IP addresses, browser type, pages visited, referring URLs, and timestamps. We also collect anonymized deal-page view counts for analytics purposes.

Communications. If you contact us for support, we retain the content of those communications to assist you and improve the Service.

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process transactions and send billing-related communications via Stripe
• Enforce Regulation D 506(b) compliance rules (30-day relationship gate, non-accredited investor caps) on your behalf
• Send transactional emails, deal notifications, and system alerts
• Respond to support requests and troubleshoot issues
• Monitor and analyze usage to improve the platform
• Prevent fraudulent, unauthorized, or illegal activity
• Comply with legal obligations

We do not sell your personal data to third parties. We do not use your data for behavioral advertising.

We work with the following sub-processors who access data only as necessary to perform services on our behalf:

• Supabase — database hosting, authentication, and file storage
• Stripe — payment processing and subscription management
• Vercel — application hosting and deployment
• GoHighLevel (GHL) — CRM and investor communication workflows
• n8n — workflow automation for investor onboarding and notifications
• Calendly — strategy call scheduling (if connected by operator)
• Google / Apple — calendar integration (if connected by operator)

Each provider is bound by its own privacy policy and data processing agreements where applicable.

We retain your account data for as long as your account is active. Operators may delete their account at any time, upon which we will delete or anonymize associated data within 30 days, except where retention is required by law.

Investor KYC documents and soft-commit records may be retained for up to 7 years for regulatory compliance purposes related to Regulation D offerings.

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, role-based access controls, and secure HTTP-only session cookies. Apple Calendar credentials are encrypted using AES-256-CBC before storage.

No system is completely secure. We cannot guarantee absolute security of your data, but we are committed to maintaining appropriate safeguards and notifying affected users in the event of a confirmed breach as required by applicable law.

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you
• Correction — request correction of inaccurate data
• Deletion — request deletion of your personal data (subject to legal retention obligations)
• Portability — request export of your data in a machine-readable format
• Objection — object to certain processing activities

To exercise any of these rights, email us at privacy@mownt.com. We will respond within 30 days.

We use essential cookies to maintain your authenticated session. We do not use third-party tracking cookies or advertising cookies. You may disable cookies in your browser settings, but doing so may prevent you from using authenticated features of the Service.

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected such data, we will delete it promptly.

We may update this Privacy Policy periodically. When we do, we will revise the effective date at the top of this page and, for material changes, notify operators via email or in-app notification. Continued use of the Service after changes constitutes acceptance of the updated policy.

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: