Plain language.
Same model the engine uses.

When you submit a canvas we store the free-text answers you typed (your unique experience proposition plus the fifteen business-model blocks), plus the venture name, country, sector, and stage you selected. We do not collect IP addresses, browser fingerprints, or third-party tracking cookies.

When you claim an evaluation via magic link, we additionally store the email address you provided so you can return to it.

Submissions are tied to a session-scoped anonymous identifier until you claim them. Researchers see an aggregate view that filters to consenting, finalized submissions only — keyed by sector, country, and stage, never by email or session id. The view is implemented as a database view with row-level security: a non-consenting submission is not selectable by the researcher role, ever.

The intake form has a single checkbox: “I consent to my anonymized submission being included in the MBSC research dataset.” It defaults to off. If you leave it off, your submission is never visible to researchers, no matter how it finishes scoring.

You can revoke consent at any time from the dashboard — toggling the checkbox off removes the submission from the aggregate view immediately, on the next page render.

The Evaluator is built for the MENA market and is designed to comply with Saudi Arabia's Personal Data Protection Law (PDPL), the UAE's Federal Decree-Law 45/2021, Egypt's Law 151/2020, Tunisia's INPDP framework, and the EU GDPR for users in scope.

Lawful basis: consent for research processing, contract performance for the evaluation itself. You can erase your data yourself at any time from the dashboard — delete a single evaluation, or delete your whole account, with immediate effect. Other data-subject rights — access, portability, objection — are honoured via email to the address listed at the bottom of this page; we respond inside 30 days.

The link we email you is single-use and expires within an hour. It exchanges for a session cookie set on your browser; we don't store the token. If you forward the link to someone else they could claim the evaluation themselves — treat it like any other auth credential.

Submissions you have claimed: kept until you delete them or close the account. Anonymous (unclaimed) submissions: kept for 90 days, after which the row and all associated scores and rebuttals are hard-deleted via a scheduled job. Research-view exports take a snapshot at export time; the snapshot is not auto-purged but is access-controlled to the named researchers on the project.

[privacy.PrivacyPage.llmBody]

For data-subject requests or questions about this policy, the contact address is missing or malformed for this deployment. Set NEXT_PUBLIC_PRIVACY_CONTACT_EMAIL to a valid address in the hosting environment to surface it here.