Privacy Policy - How Needle Protects Your Data

Last updated: May 17, 2026

1. Introduction

Needle ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Search and analytics over public conversations. This policy describes our practices; where the law requires separate consent (for example optional analytics cookies or marketing communications), we collect it through the flows referenced in our Cookie Policy and your account settings.

Important Notice: This service is provided for informational purposes only. We do not guarantee the accuracy, completeness, or reliability of any information obtained through our service. Users are responsible for verifying any information before relying on it.

2. Information We Collect

We collect the following types of information:

  • Authentication information: email and, when you sign in with Google, display name and profile photo from your Google account; when you sign in with email link, your email address (accounts are linked to either Google sign-in or email link sign-in)
  • Search queries and preferences (keywords and selected platforms are encrypted before storage)
  • Search history and results (stored securely)
  • Usage data and analytics
  • Device and browser information
  • User settings and preferences
  • Plan information and usage limits
  • Contact and support: when you email us or use contact or feedback forms, we collect what you send (for example name, email address, message content, and optional phone number if you provide it)
  • Technical and security data: IP address, approximate location derived from IP where logged, browser user agent, device or session identifiers, and similar data our hosting and security tools collect to operate and protect the service
  • ChatGPT and conversational integration: when you use Needle through ChatGPT or similar OpenAI surfaces, we may receive prompts, parameters, and related request data as described in Section 4.5

Note: We only collect and process publicly available data from supported platforms. We do not collect or store private or protected content.

3. How We Use Your Information

We use the collected information to:

  • Provide and maintain our service
  • Process your search requests
  • Save your search history
  • Improve our search algorithms
  • Analyze usage patterns
  • Enhance user experience

Disclaimer: Our analysis is based on publicly available data and may not be complete or accurate. Users should exercise their own judgment when interpreting results.

4. Data Collection and Analysis

Our service analyzes public social media posts to identify startup opportunities and trending problems. We only collect and analyze publicly available data from supported platforms (Reddit, Hacker News, Stack Overflow, and 6+ more). We do not:

  • Bypass a third party's access controls or collect information you are not authorized to view on that platform
  • Sell your personal information as a standalone product; we use vetted service providers strictly under contract as described in this policy
  • Use your account data for purposes unrelated to operating and improving Needle without the consent or lawful basis described in this policy
  • Make any claims about the accuracy of our analysis

Public posts and profiles from third-party platforms may incidentally include personal information that authors chose to make public. We process such content only to provide search and analysis results to you, consistent with this policy and the retention and security practices in Section 5.5.

Important: Our analysis is based on publicly available data and may not reflect the complete context or intent of the original posts. Users should verify any information before taking action.

4.5. Needle ChatGPT App, OpenAI, and conversational data

Needle may be available inside ChatGPT, ChatGPT Enterprise, or other OpenAI products as an app, connector, or similar integration (the "ChatGPT integration"). That experience is a separate surface from our website and mobile apps. This section supplements the rest of this Privacy Policy when you interact with Needle through OpenAI's services.

  • OpenAI's role: OpenAI operates the ChatGPT environment, account, and product terms. Processing of conversations and account data by OpenAI is governed by OpenAI's Privacy Policy and Terms of Use. We do not control how OpenAI processes general ChatGPT usage outside what is transmitted to Needle for your requests.
  • What Needle receives: To perform searches and actions you request, we may receive text you submit in connection with Needle (for example queries, instructions, or parameters), technical data needed to authenticate or route requests (for example tokens or identifiers OpenAI provides to our API), and payloads required for tool or function calls our service exposes in the integration.
  • How we use it: We use this information to provide the Needle features you invoked, to maintain security and prevent abuse, and to operate and troubleshoot the integration. We do not sell conversational content to third parties for their own marketing.
  • Storage and retention: Content and results may be stored under the same categories as similar activity on our main service (for example search history), subject to the retention periods in Section 5.5. Operational and security logs for API and integration traffic may be retained for a limited period (Typically up to 90 days for API/security and troubleshooting logs (longer if required by law or security incident)).
  • Sharing: We use subprocessors listed in Section 7 as needed to run Needle. OpenAI processes data as part of delivering ChatGPT; your relationship with OpenAI is separate from your relationship with us.

Note: Features, logging, and data flows for the ChatGPT integration can depend on your OpenAI product, workspace settings, and how the integration is configured. Review OpenAI's terms and settings alongside this policy.

5. Data Storage and Security

We use Firebase for secure data storage and authentication. Sensitive search data, specifically your search keywords and selected platforms, are encrypted before being stored in our database. Your data is protected by:

  • Industry-standard encryption
  • Secure cloud infrastructure
  • Regular security audits
  • Access controls and authentication

Disclaimer: While we implement reasonable security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5.5. Data Retention and Automatic Deletion

We implement automatic data retention policies to manage your data lifecycle and ensure we don't retain data longer than necessary:

  • Search activity and saved discovery results: Material from public sources that you materialize in Needle (including posts shown in your runs) is kept on a rolling schedule - by default about three months- unless your subscription includes a longer retention window we advertise for comparable data, in which case we apply that longer period. Automated cleanup runs on a regular schedule.
  • Brand and automation settings: Configuration you save for brands, alerts, and schedules stays with your account while it remains active unless you delete it; run history and stored posts tied to those features follow the same rolling schedule as search activity above.
  • Account Data: Retained until account deletion or 3 years of inactivity (user profiles, authentication data, plan information).
  • Account deletion records: After you delete your account, we retain a minimal record that may include your email address and any optional deletion reason you provided for up to seven (7) years for fraud prevention, security, legal compliance, and dispute resolution. This record does not include your search history, brand profiles, or other application content.
  • Trending Data: Aggregated trending problems and statistics retained for 6 months for trend analysis purposes.
  • ChatGPT / integration API logs: Typically up to 90 days for API/security and troubleshooting logs (longer if required by law or security incident)

Automatic deletion: We purge outdated search material on a recurring basis so it does not linger longer than needed for the product. If we materially change these windows, we will update this policy and the "Last updated" date at the top of this page.

Export Your Data: If you need to preserve your data before automatic deletion, you can export your search history and analysis results from your account settings. We recommend exporting important data periodically.

6. Your Rights

You have comprehensive rights regarding your personal data. These rights are protected under GDPR (for EU users) and DPDPA (for Indian users). You can exercise these rights directly in your Settings:

Right of Access (Article 15 GDPR, Section 11(1)(a) DPDPA)

Access all your personal data and processing information.

View My Data →

Right to Rectification (Article 16 GDPR, Section 11(1)(b) DPDPA)

Correct inaccurate or incomplete personal data.

Update Profile →

Right to Erasure (Article 17 GDPR, Section 11(1)(c) DPDPA)

Delete your account and all associated data permanently.

Delete Account →

Right to Data Portability (Article 20 GDPR, Section 11(1)(d) DPDPA)

Export your data in machine-readable formats (JSON, CSV).

Export My Data →

Right to Withdraw Consent (Article 7(3) GDPR, Section 6 DPDPA)

Withdraw consent for analytics tracking and marketing at any time.

Manage Consent →

How to Exercise Your Rights: All rights can be exercised directly in your Settings under "Privacy & Data Rights". For detailed information about GDPR compliance, please see our GDPR page.

7. Third-Party Data Processors

We use the following third-party services to process your data. All processors comply with GDPR and DPDPA requirements:

Database Provider

  • Services: Database storage, User authentication, Analytics
  • Location: US (with EU data centers available)
  • Data Transfers: US (via Standard Contractual Clauses)
  • Purpose: Store your data and provide authentication services

Cache Provider

  • Services: Performance caching, Usage counters
  • Location: Global (EU/US regions available)
  • Data Transfers: Global
  • Purpose: Improve service performance and track usage

Email Provider

  • Services: Email delivery
  • Location: EU
  • Data Transfers: EU (no cross-border transfer)
  • Purpose: Send service-related and marketing emails

NLP Provider

  • Services: Natural language processing, Text analysis
  • Location: EU/US
  • Data Transfers: EU/US
  • Purpose: Process and analyze text content

AI Service Provider

  • Services: AI analysis, Keyword extraction, Embeddings
  • Location: US
  • Data Transfers: US (via Standard Contractual Clauses)
  • Purpose: Provide AI-powered analysis features

Embedding Provider

  • Services: Text embeddings, Semantic search
  • Location: US
  • Data Transfers: US (via Standard Contractual Clauses)
  • Purpose: Enable advanced search and filtering features

AI Model Provider

  • Services: AI models, Keyword generation
  • Location: US
  • Data Transfers: US (via Standard Contractual Clauses)
  • Purpose: Generate keywords and provide AI capabilities

OpenAI (ChatGPT and related services)

  • Services: ChatGPT client environment when you use Needle inside ChatGPT, Conversation routing per OpenAI product terms
  • Location: US and other regions (per OpenAI)
  • Data Transfers: Per OpenAI data processing and SCCs where applicable
  • Purpose: When you use Needle through ChatGPT, OpenAI operates the host environment; Needle receives only what is necessary to perform the actions you request. See OpenAI Privacy Policy and Terms of Use.

Data Transfer Safeguards: All data transfers outside the EU/India are protected by Standard Contractual Clauses (SCCs) or equivalent safeguards as required by GDPR and DPDPA.

7.5. Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal bases:

Contract (Article 6(1)(b))

We process this data to provide you with our service

Applies to: Service delivery, search history, Auto Search and alerts, account management

Consent (Article 6(1)(a))

We process this data based on your explicit consent

Applies to: Analytics tracking (metadata only), marketing emails

Legitimate Interest (Article 6(1)(f))

We process this data for our legitimate business interests (service improvement, security)

Applies to: Security, fraud prevention, service improvement (aggregated analytics)

7.6. GDPR Compliance (For EU Users)

If you are located in the European Union (EU), the General Data Protection Regulation (GDPR) applies to your personal data. Needle is fully committed to GDPR compliance.

Your GDPR Rights

As an EU resident, you have the following rights under GDPR:

  • Right of Access (Article 15): Access all your personal data and processing metadata
  • Right to Rectification (Article 16): Correct inaccurate data
  • Right to Erasure (Article 17): Delete your account and all data
  • Right to Restrict Processing (Article 18): Limit how we process your data
  • Right to Data Portability (Article 20): Export your data in machine-readable formats
  • Right to Object (Article 21): Object to certain types of processing
  • Right to Withdraw Consent (Article 7(3)): Withdraw consent at any time

How to Exercise: All rights can be exercised in your Settings. For detailed information, see our GDPR page.

Data Retention (GDPR)

  • Search History: Rolling deletion, typically about three months by default; certain paid plans may use a longer advertised window for comparable data
  • Account Data: Until account deletion or 3 years of inactivity
  • Analytics: 2 years (analytics provider default)

Data Protection Officer (DPO)

For GDPR-related inquiries, contact our Data Protection Officer: support@useneedle.net

EU Representative: If EU law requires a representative, we will publish contact details here. Until then, reach the operator via support@useneedle.net.

7.7. DPDPA Compliance (For Indian Users)

If you are located in India, the Digital Personal Data Protection Act, 2023 (DPDPA) applies to your personal data. Needle is fully committed to DPDPA compliance.

Your DPDPA Rights (Section 11)

As an Indian resident, you have the following rights under DPDPA:

  • Right to Access Information (Section 11(1)(a)): Access all your personal data
  • Right to Correction and Erasure (Section 11(1)(b), (c)): Correct inaccurate data or request deletion
  • Right to Grievance Redressal (Section 11(1)(e)): File grievances regarding data processing
  • Right to Nominate (Section 11(1)(f)): Nominate someone to exercise your rights after your death

How to Exercise: All rights can be exercised in your Settings. For grievances, contact support@useneedle.net.

Consent preferences (DPDPA Section 6)

Under DPDPA, consent must be:

  • Free, specific, informed, and unambiguous
  • Given for a specific purpose
  • Withdrawable at any time
  • Recorded with timestamp and privacy policy version

You can update analytics cookies via Manage cookies in the footer or the cookie banner, and other preferences (such as email toggles) in Account settings.

Data Protection Officer (DPO)

For DPDPA-related inquiries and grievances, contact our Data Protection Officer: support@useneedle.net

7.8. CCPA/CPRA Compliance (For California Users)

If you are located in California, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) apply to your personal information. Needle is fully committed to CCPA/CPRA compliance.

Your CCPA/CPRA Rights

As a California resident, you have the following rights under CCPA/CPRA:

  • Right to Know: Know what personal information is collected, used, shared, or sold
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of the sale or sharing of your personal information
  • Right to Non-Discrimination: Not be discriminated against for exercising your privacy rights
  • Right to Correct (CPRA): Correct inaccurate personal information
  • Right to Limit Use (CPRA): Limit the use and disclosure of sensitive personal information

How to Exercise: All rights can be exercised in your Settings. For detailed information, see our CCPA page.

Sale of Personal Information

We do not sell your personal information. Needle does not engage in the sale of personal information as defined under CCPA/CPRA. We use third-party service providers (such as analytics services) only with your explicit consent, and they only receive metadata (not personal information) for service improvement purposes.

7.9. US State Privacy Laws (For US Users)

If you are located in the United States, various state privacy laws may apply to your personal information, including:

  • Virginia Consumer Data Protection Act (VCDPA)
  • Colorado Privacy Act (CPA)
  • Connecticut Data Privacy Act (CTDPA)
  • Texas Data Privacy and Security Act (TDPSA)
  • Oregon Consumer Privacy Act (OCPA)
  • And other state privacy laws

These laws provide similar rights to CCPA/CPRA, including the right to access, correct, delete, and opt-out of certain data processing activities. You can exercise these rights in the same way as CCPA rights through your Settings.

7.10. PIPEDA Compliance (For Canadian Users)

If you are located in Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) applies to your personal information. Needle is fully committed to PIPEDA compliance.

Your PIPEDA Rights

As a Canadian resident, you have the following rights under PIPEDA:

  • Right to Access: Access your personal information
  • Right to Correction: Correct inaccurate personal information
  • Right to Withdraw Consent: Withdraw consent for data processing
  • Right to File a Complaint: File a complaint with the Privacy Commissioner of Canada

How to Exercise: All rights can be exercised in your Settings. For complaints, contact the Privacy Commissioner of Canada.

Breach Notification

Under PIPEDA, we are required to notify you and the Privacy Commissioner of Canada of any data breach that poses a real risk of significant harm. We have implemented breach detection and notification procedures to comply with this requirement.

7.11. UK GDPR Compliance (For UK Users)

If you are located in the United Kingdom, the UK GDPR (which applies post-Brexit) applies to your personal data. The UK GDPR is separate from EU GDPR but provides the same rights and protections. Needle is fully committed to UK GDPR compliance.

Your UK GDPR Rights

As a UK resident, you have the same rights as under EU GDPR:

  • Right of Access
  • Right to Rectification
  • Right to Erasure
  • Right to Restrict Processing
  • Right to Data Portability
  • Right to Object
  • Right to Withdraw Consent

How to Exercise: All rights can be exercised in your Settings. For detailed information, see our GDPR page.

7.12. LGPD Compliance (For Brazilian Users)

If you are located in Brazil, the Lei Geral de Proteção de Dados (LGPD) applies to your personal data. Needle is fully committed to LGPD compliance.

Your LGPD Rights

As a Brazilian resident, you have the following rights under LGPD:

  • Right of Access: Access your personal data
  • Right to Correction: Correct inaccurate data
  • Right to Deletion: Request deletion of your data
  • Right to Data Portability: Export your data
  • Right to Withdraw Consent: Withdraw consent at any time

How to Exercise: All rights can be exercised in your Settings.

7.13. Australia Privacy Act Compliance (For Australian Users)

If you are located in Australia, the Privacy Act 1988 (Australian Privacy Principles) may apply to your personal information. Needle is committed to complying with applicable Australian privacy laws.

Your Australian Privacy Rights

As an Australian resident, you have the following rights under the Australian Privacy Principles:

  • Right to Access: Access your personal information
  • Right to Correction: Correct inaccurate information
  • Right to Complain: File a complaint with the Office of the Australian Information Commissioner (OAIC)

How to Exercise: All rights can be exercised in your Settings. For complaints, contact the OAIC.

Breach Notification

Under the Australian Privacy Act, we are required to notify you and the OAIC of any eligible data breach that is likely to result in serious harm. We have implemented breach detection and notification procedures to comply with this requirement.

8. Legal Compliance & Indian IT Laws

We comply with applicable Indian data protection laws and regulations, including:

  • Information Technology Act, 2000 - Primary legislation governing electronic transactions and data protection
  • Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 - Data protection standards
  • Consumer Protection Act, 2019 - Consumer rights and protection
  • Consumer Protection (E-Commerce) Rules, 2020 - E-commerce specific regulations
  • Digital Personal Data Protection Act, 2023 - Comprehensive data protection framework
  • Relevant state data protection laws - State-specific regulations

Data Protection Officer (DPO)

As per Indian IT laws (DPDPA) and GDPR requirements, we have appointed a Data Protection Officer. For any data protection concerns, GDPR inquiries, or DPDPA grievances, contact: support@useneedle.net

Important Disclaimer: While we strive to comply with applicable laws, we make no representations or warranties about the legal compliance of our service in your specific jurisdiction. Users are responsible for ensuring their use of our service complies with local laws and regulations.

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of our service after such changes constitutes your acceptance of the new policy.

10. Refund Policy

For information about our refund policy, please refer to our dedicated Refund Policy page.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us at support@useneedle.net

12. Business Information & Founder Protection

Needle is operated by the business identified below. Details are published in good faith for transparency and support. If you believe any item is incorrect or out of date, email support@useneedle.net and we will correct this page after verification where appropriate.

Business Details

  • Business Name: VS NextGen Solutions
  • Parent Company: Needle is a product of VS NextGen Solutions (https://vsnextgensolutions.com/)
  • Business Structure: Sole Proprietorship
  • Registration: Udyam Registered (MSME) – Govt. of India
  • MSME Certificate Number: UDYAM-KR-03-0578420
  • MSME Registration Date: 05-08-2025
  • MSME Category: Micro Enterprise
  • Business Address: Bengaluru, Karnataka, India
  • Contact: support@useneedle.net

Founder & Business Protection

This service is operated by a duly registered sole proprietorship business in India. The proprietor and any employees are protected under Indian business law and are not personally liable for:

  • Service interruptions or technical issues
  • Accuracy of third-party data analysis
  • User decisions based on our service
  • Third-party platform changes or restrictions
  • Force majeure events beyond our control

13. Related Policies

For more information about our policies and practices, please review our other legal documents:

Service Terms

Data & Privacy

Business

14. No Legal Advice

This Privacy Policy is provided for informational purposes only and does not constitute legal advice. Users should consult with their own legal counsel for advice regarding their specific situation.