Privacy Policy - How Needle Protects Your Data

Last updated: April 9, 2026

1. Introduction

Needle ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our startup social media search service. By using our service, you consent to the data practices described in this policy.

Important Notice: This service is provided for informational purposes only. We do not guarantee the accuracy, completeness, or reliability of any information obtained through our service. Users are responsible for verifying any information before relying on it.

2. Information We Collect

We collect the following types of information:

  • Authentication information: email and, when you sign in with Google, display name and profile photo from your Google account; when you sign in with email link, your email address (accounts are linked to either Google sign-in or email link sign-in)
  • Search queries and preferences (keywords and selected platforms are encrypted before storage)
  • Search history and results (stored securely)
  • Usage data and analytics
  • Device and browser information
  • User settings and preferences
  • Plan information and usage limits
  • Contact and support: when you email us or use contact or feedback forms, we collect what you send (for example name, email address, message content, and optional phone number if you provide it)
  • Technical and security data: IP address, approximate location derived from IP where logged, browser user agent, device or session identifiers, and similar data our hosting and security tools collect to operate and protect the service
  • ChatGPT and conversational integration: when you use Needle through ChatGPT or similar OpenAI surfaces, we may receive prompts, parameters, and related request data as described in Section 4.5

Note: We only collect and process publicly available data from supported platforms. We do not collect or store private or protected content.

3. How We Use Your Information

We use the collected information to:

  • Provide and maintain our service
  • Process your search requests
  • Save your search history
  • Improve our search algorithms
  • Analyze usage patterns
  • Enhance user experience

Disclaimer: Our analysis is based on publicly available data and may not be complete or accurate. Users should exercise their own judgment when interpreting results.

4. Data Collection and Analysis

Our service analyzes public social media posts to identify startup opportunities and trending problems. We only collect and analyze publicly available data from supported platforms (Reddit, Hacker News, Stack Overflow, and 6+ more). We do not:

  • Access private or protected content
  • Store the full content of analyzed posts
  • Share individual user data with third parties
  • Use data for purposes other than providing our service
  • Make any claims about the accuracy of our analysis

Public posts and profiles from third-party platforms may incidentally include personal information that authors chose to make public. We process such content only to provide search and analysis results to you, consistent with this policy and our limitations on storage of full post content.

Important: Our analysis is based on publicly available data and may not reflect the complete context or intent of the original posts. Users should verify any information before taking action.

4.5. Needle ChatGPT App, OpenAI, and conversational data

Needle may be available inside ChatGPT, ChatGPT Enterprise, or other OpenAI products as an app, connector, or similar integration (the "ChatGPT integration"). That experience is a separate surface from our website and mobile apps. This section supplements the rest of this Privacy Policy when you interact with Needle through OpenAI's services.

  • OpenAI's role: OpenAI operates the ChatGPT environment, account, and product terms. Processing of conversations and account data by OpenAI is governed by OpenAI's Privacy Policy and Terms of Use. We do not control how OpenAI processes general ChatGPT usage outside what is transmitted to Needle for your requests.
  • What Needle receives: To perform searches and actions you request, we may receive text you submit in connection with Needle (for example queries, instructions, or parameters), technical data needed to authenticate or route requests (for example tokens or identifiers OpenAI provides to our API), and payloads required for tool or function calls our service exposes in the integration.
  • How we use it: We use this information to provide the Needle features you invoked, to maintain security and prevent abuse, and to operate and troubleshoot the integration. We do not sell conversational content to third parties for their own marketing.
  • Storage and retention: Content and results may be stored under the same categories as similar activity on our main service (for example search history), subject to the retention periods in Section 5.5. Operational and security logs for API and integration traffic may be retained for a limited period (Typically up to 90 days for API/security and troubleshooting logs (longer if required by law or security incident)).
  • Sharing: We use subprocessors listed in Section 7 as needed to run Needle. OpenAI processes data as part of delivering ChatGPT; your relationship with OpenAI is separate from your relationship with us.

Note: Features, logging, and data flows for the ChatGPT integration can depend on your OpenAI product, workspace settings, and how the integration is configured. Review OpenAI's terms and settings alongside this policy.

5. Data Storage and Security

We use Firebase for secure data storage and authentication. Sensitive search data, specifically your search keywords and selected platforms, are encrypted before being stored in our database. Your data is protected by:

  • Industry-standard encryption
  • Secure cloud infrastructure
  • Regular security audits
  • Access controls and authentication

Disclaimer: While we implement reasonable security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5.5. Data Retention and Automatic Deletion

We implement automatic data retention policies to manage your data lifecycle and ensure we don't retain data longer than necessary:

  • Social Media Search History: Automatically deleted after 3 months (default). Includes your search queries, results, and search metadata.
  • Competitive Intelligence Data: Automatically deleted after 3 months (default). Includes competitor discovery records and detailed analysis results.
  • GPT Analysis History: Automatically deleted after 3 months (default). Includes brand analysis, website analysis, and related insights.
  • Keyword Monitoring Data: Automatically deleted after 3 months (default). Includes keyword monitors, match history, and notification records.
  • Account Data: Retained until account deletion or 3 years of inactivity (user profiles, authentication data, plan information).
  • Trending Data: Aggregated trending problems and statistics retained for 6 months for trend analysis purposes.
  • ChatGPT / integration API logs: Typically up to 90 days for API/security and troubleshooting logs (longer if required by law or security incident)

Automatic Deletion Process: Our system automatically deletes old user data daily based on configured retention periods. This ensures your data is not retained longer than necessary while maintaining service functionality. Retention periods are configurable per data type and may be adjusted by administrators. You will be notified if retention policies change significantly.

Export Your Data: If you need to preserve your data before automatic deletion, you can export your search history and analysis results from your account settings. We recommend exporting important data periodically.

6. Your Rights

You have comprehensive rights regarding your personal data. These rights are protected under GDPR (for EU users) and DPDPA (for Indian users). You can exercise these rights directly in your Settings:

Right of Access (Article 15 GDPR, Section 11(1)(a) DPDPA)

Access all your personal data and processing information.

View My Data →

Right to Rectification (Article 16 GDPR, Section 11(1)(b) DPDPA)

Correct inaccurate or incomplete personal data.

Update Profile →

Right to Erasure (Article 17 GDPR, Section 11(1)(c) DPDPA)

Delete your account and all associated data permanently.

Delete Account →

Right to Data Portability (Article 20 GDPR, Section 11(1)(d) DPDPA)

Export your data in machine-readable formats (JSON, CSV).

Export My Data →

Right to Withdraw Consent (Article 7(3) GDPR, Section 6 DPDPA)

Withdraw consent for analytics tracking and marketing at any time.

Manage Consent →

How to Exercise Your Rights: All rights can be exercised directly in your Settings under "Privacy & Data Rights". For detailed information about GDPR compliance, please see our GDPR page.

7. Third-Party Data Processors

We use the following third-party services to process your data. All processors comply with GDPR and DPDPA requirements:

Database Provider

  • Services: Database storage, User authentication, Analytics
  • Location: US (with EU data centers available)
  • Data Transfers: US (via Standard Contractual Clauses)
  • Purpose: Store your data and provide authentication services

Cache Provider

  • Services: Performance caching, Usage counters
  • Location: Global (EU/US regions available)
  • Data Transfers: Global
  • Purpose: Improve service performance and track usage

Email Provider

  • Services: Email delivery
  • Location: EU
  • Data Transfers: EU (no cross-border transfer)
  • Purpose: Send service-related and marketing emails

NLP Provider

  • Services: Natural language processing, Text analysis
  • Location: EU/US
  • Data Transfers: EU/US
  • Purpose: Process and analyze text content

AI Service Provider

  • Services: AI analysis, Keyword extraction, Embeddings
  • Location: US
  • Data Transfers: US (via Standard Contractual Clauses)
  • Purpose: Provide AI-powered analysis features

Embedding Provider

  • Services: Text embeddings, Semantic search
  • Location: US
  • Data Transfers: US (via Standard Contractual Clauses)
  • Purpose: Enable advanced search and filtering features

AI Model Provider

  • Services: AI models, Keyword generation
  • Location: US
  • Data Transfers: US (via Standard Contractual Clauses)
  • Purpose: Generate keywords and provide AI capabilities

OpenAI (ChatGPT and related services)

  • Services: ChatGPT client environment when you use Needle inside ChatGPT, Conversation routing per OpenAI product terms
  • Location: US and other regions (per OpenAI)
  • Data Transfers: Per OpenAI data processing and SCCs where applicable
  • Purpose: When you use Needle through ChatGPT, OpenAI operates the host environment; Needle receives only what is necessary to perform the actions you request. See OpenAI Privacy Policy and Terms of Use.

Data Transfer Safeguards: All data transfers outside the EU/India are protected by Standard Contractual Clauses (SCCs) or equivalent safeguards as required by GDPR and DPDPA.

7.5. Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal bases:

Contract (Article 6(1)(b))

We process this data to provide you with our service

Applies to: Service delivery, search history, competitive intelligence, GPT analysis, account management

Consent (Article 6(1)(a))

We process this data based on your explicit consent

Applies to: Analytics tracking (metadata only), marketing emails

Legitimate Interest (Article 6(1)(f))

We process this data for our legitimate business interests (service improvement, security)

Applies to: Security, fraud prevention, service improvement (aggregated analytics)

7.6. GDPR Compliance (For EU Users)

If you are located in the European Union (EU), the General Data Protection Regulation (GDPR) applies to your personal data. Needle is fully committed to GDPR compliance.

Your GDPR Rights

As an EU resident, you have the following rights under GDPR:

  • Right of Access (Article 15): Access all your personal data and processing metadata
  • Right to Rectification (Article 16): Correct inaccurate data
  • Right to Erasure (Article 17): Delete your account and all data
  • Right to Restrict Processing (Article 18): Limit how we process your data
  • Right to Data Portability (Article 20): Export your data in machine-readable formats
  • Right to Object (Article 21): Object to certain types of processing
  • Right to Withdraw Consent (Article 7(3)): Withdraw consent at any time

How to Exercise: All rights can be exercised in your Settings. For detailed information, see our GDPR page.

Data Retention (GDPR)

  • Search History: 3 months (automatically deleted)
  • Competitive Intelligence: 3 months (automatically deleted)
  • GPT Analysis: 3 months (automatically deleted)
  • Keyword Monitoring: 3 months (automatically deleted)
  • Account Data: Until account deletion or 3 years of inactivity
  • Analytics: 2 years (analytics provider default)

Data Protection Officer (DPO)

For GDPR-related inquiries, contact our Data Protection Officer: support@useneedle.net

7.7. DPDPA Compliance (For Indian Users)

If you are located in India, the Digital Personal Data Protection Act, 2023 (DPDPA) applies to your personal data. Needle is fully committed to DPDPA compliance.

Your DPDPA Rights (Section 11)

As an Indian resident, you have the following rights under DPDPA:

  • Right to Access Information (Section 11(1)(a)): Access all your personal data
  • Right to Correction and Erasure (Section 11(1)(b), (c)): Correct inaccurate data or request deletion
  • Right to Grievance Redressal (Section 11(1)(e)): File grievances regarding data processing
  • Right to Nominate (Section 11(1)(f)): Nominate someone to exercise your rights after your death

How to Exercise: All rights can be exercised in your Settings. For grievances, contact support@useneedle.net.

Consent Management (DPDPA Section 6)

Under DPDPA, consent must be:

  • Free, specific, informed, and unambiguous
  • Given for a specific purpose
  • Withdrawable at any time
  • Recorded with timestamp and privacy policy version

You can manage your consent preferences in Settings.

Data Protection Officer (DPO)

For DPDPA-related inquiries and grievances, contact our Data Protection Officer: support@useneedle.net

7.8. CCPA/CPRA Compliance (For California Users)

If you are located in California, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) apply to your personal information. Needle is fully committed to CCPA/CPRA compliance.

Your CCPA/CPRA Rights

As a California resident, you have the following rights under CCPA/CPRA:

  • Right to Know: Know what personal information is collected, used, shared, or sold
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of the sale or sharing of your personal information
  • Right to Non-Discrimination: Not be discriminated against for exercising your privacy rights
  • Right to Correct (CPRA): Correct inaccurate personal information
  • Right to Limit Use (CPRA): Limit the use and disclosure of sensitive personal information

How to Exercise: All rights can be exercised in your Settings. For detailed information, see our CCPA page.

Sale of Personal Information

We do not sell your personal information. Needle does not engage in the sale of personal information as defined under CCPA/CPRA. We use third-party service providers (such as analytics services) only with your explicit consent, and they only receive metadata (not personal information) for service improvement purposes.

7.9. US State Privacy Laws (For US Users)

If you are located in the United States, various state privacy laws may apply to your personal information, including:

  • Virginia Consumer Data Protection Act (VCDPA)
  • Colorado Privacy Act (CPA)
  • Connecticut Data Privacy Act (CTDPA)
  • Texas Data Privacy and Security Act (TDPSA)
  • Oregon Consumer Privacy Act (OCPA)
  • And other state privacy laws

These laws provide similar rights to CCPA/CPRA, including the right to access, correct, delete, and opt-out of certain data processing activities. You can exercise these rights in the same way as CCPA rights through your Settings.

7.10. PIPEDA Compliance (For Canadian Users)

If you are located in Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) applies to your personal information. Needle is fully committed to PIPEDA compliance.

Your PIPEDA Rights

As a Canadian resident, you have the following rights under PIPEDA:

  • Right to Access: Access your personal information
  • Right to Correction: Correct inaccurate personal information
  • Right to Withdraw Consent: Withdraw consent for data processing
  • Right to File a Complaint: File a complaint with the Privacy Commissioner of Canada

How to Exercise: All rights can be exercised in your Settings. For complaints, contact the Privacy Commissioner of Canada.

Breach Notification

Under PIPEDA, we are required to notify you and the Privacy Commissioner of Canada of any data breach that poses a real risk of significant harm. We have implemented breach detection and notification procedures to comply with this requirement.

7.11. UK GDPR Compliance (For UK Users)

If you are located in the United Kingdom, the UK GDPR (which applies post-Brexit) applies to your personal data. The UK GDPR is separate from EU GDPR but provides the same rights and protections. Needle is fully committed to UK GDPR compliance.

Your UK GDPR Rights

As a UK resident, you have the same rights as under EU GDPR:

  • Right of Access
  • Right to Rectification
  • Right to Erasure
  • Right to Restrict Processing
  • Right to Data Portability
  • Right to Object
  • Right to Withdraw Consent

How to Exercise: All rights can be exercised in your Settings. For detailed information, see our GDPR page.

7.12. LGPD Compliance (For Brazilian Users)

If you are located in Brazil, the Lei Geral de Proteção de Dados (LGPD) applies to your personal data. Needle is fully committed to LGPD compliance.

Your LGPD Rights

As a Brazilian resident, you have the following rights under LGPD:

  • Right of Access: Access your personal data
  • Right to Correction: Correct inaccurate data
  • Right to Deletion: Request deletion of your data
  • Right to Data Portability: Export your data
  • Right to Withdraw Consent: Withdraw consent at any time

How to Exercise: All rights can be exercised in your Settings.

7.13. Australia Privacy Act Compliance (For Australian Users)

If you are located in Australia, the Privacy Act 1988 (Australian Privacy Principles) may apply to your personal information. Needle is committed to complying with applicable Australian privacy laws.

Your Australian Privacy Rights

As an Australian resident, you have the following rights under the Australian Privacy Principles:

  • Right to Access: Access your personal information
  • Right to Correction: Correct inaccurate information
  • Right to Complain: File a complaint with the Office of the Australian Information Commissioner (OAIC)

How to Exercise: All rights can be exercised in your Settings. For complaints, contact the OAIC.

Breach Notification

Under the Australian Privacy Act, we are required to notify you and the OAIC of any eligible data breach that is likely to result in serious harm. We have implemented breach detection and notification procedures to comply with this requirement.

8. Legal Compliance & Indian IT Laws

We comply with applicable Indian data protection laws and regulations, including:

  • Information Technology Act, 2000 - Primary legislation governing electronic transactions and data protection
  • Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 - Data protection standards
  • Consumer Protection Act, 2019 - Consumer rights and protection
  • Consumer Protection (E-Commerce) Rules, 2020 - E-commerce specific regulations
  • Digital Personal Data Protection Act, 2023 - Comprehensive data protection framework
  • Relevant state data protection laws - State-specific regulations

Data Protection Officer (DPO)

As per Indian IT laws (DPDPA) and GDPR requirements, we have appointed a Data Protection Officer. For any data protection concerns, GDPR inquiries, or DPDPA grievances, contact: support@useneedle.net

Important Disclaimer: While we strive to comply with applicable laws, we make no representations or warranties about the legal compliance of our service in your specific jurisdiction. Users are responsible for ensuring their use of our service complies with local laws and regulations.

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of our service after such changes constitutes your acceptance of the new policy.

10. Refund Policy

For information about our refund policy, please refer to our dedicated Refund Policy page.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us at support@useneedle.net

12. Business Information & Founder Protection

Business Details

  • Business Name: VS NextGen Solutions
  • Parent Company: Needle is a product of VS NextGen Solutions (https://vsnextgensolutions.com/)
  • Business Structure: Sole Proprietorship
  • Registration: Udyam Registered (MSME) – Govt. of India
  • MSME Certificate Number: UDYAM-KR-03-0578420
  • MSME Registration Date: 05-08-2025
  • MSME Category: Micro Enterprise
  • Business Address: Bengaluru, Karnataka, India
  • Contact: support@useneedle.net

Founder & Business Protection

This service is operated by a duly registered sole proprietorship business in India. The proprietor and any employees are protected under Indian business law and are not personally liable for:

  • Service interruptions or technical issues
  • Accuracy of third-party data analysis
  • User decisions based on our service
  • Third-party platform changes or restrictions
  • Force majeure events beyond our control

13. Related Policies

For more information about our policies and practices, please review our other legal documents:

Service Terms

Data & Privacy

Business

14. No Legal Advice

This Privacy Policy is provided for informational purposes only and does not constitute legal advice. Users should consult with their own legal counsel for advice regarding their specific situation.