Legal
Privacy Policy
Last updated: February 2026
1. Introduction
Welcome to Redbeard Validate ("we", "us", or "Redbeard"). We operate the service at validator.redbeard.co.il, which provides AI-powered market validation for startups.
This Privacy Policy explains what data we collect, why we collect it, how we process and store it, and what rights you have. We believe in being straightforward about this stuff — no walls of legalese.
By using our service, you agree to the collection and use of information as described here. If you do not agree, please do not use the service.
2. Data We Collect
2.1 Validation Form Data
When you submit a validation request, we collect the information you provide in the form:
- Website URL
- Business description ("essence")
- Current stage of your startup
- Specific target human (your ideal customer)
- Current alternative (what your customers use today)
- Trigger moment (what drives them to seek a solution)
- Industry
- Past marketing efforts
- Biggest assumption
- Roadmap
2.2 Email Address
We collect your email address for OTP (one-time password) verification and to deliver your validation report. Your email is also used for transactional communication related to your purchase.
2.3 OTP Verification Codes
Temporary verification codes are generated during the email verification step. These codes expire after 10 minutes and are not stored beyond that window.
2.4 Payment Information
Payments are processed via PayPal at $49.99 (one-time). We do not collect, store, or have access to your credit card or bank account details. PayPal handles all payment data under their own privacy policy.
2.5 Analytics Data
With your consent, we use Google Analytics 4 (via Google Tag Manager) to collect anonymized usage data such as page views, session duration, and general device/browser information. This data helps us improve the service. No analytics data is collected unless you grant consent through our cookie banner.
3. How We Use Your Data
We use the data we collect for these specific purposes:
| Data | Purpose | Legal Basis (GDPR) |
|---|---|---|
| Form data | Sent to our AI agents to generate your validation report | Contract performance |
| Email address | OTP verification, report delivery, transactional emails | Contract performance |
| OTP codes | Email ownership verification | Contract performance |
| Payment data | Processing your payment (handled by PayPal) | Contract performance |
| Analytics data | Understanding usage patterns and improving the service | Consent |
4. How We Process Your Data
Here is the step-by-step flow of how your data moves through our system:
- Form submission: Your validation form data is securely transmitted to our backend running on Google Cloud Functions.
- AI analysis: Your form data is sent to 3 specialized AI agents powered by Google Gemini. These agents analyze your market, assumptions, and go-to-market viability to produce your validation report.
- Report storage: The generated report is stored in Google Cloud Firestore, linked to your validation request.
- Email delivery: Report summaries and transactional emails are sent via Resend (a transactional email service).
- Payment: Payment is handled entirely by PayPal. We receive a confirmation of payment but never your card details.
5. Third-Party Services
We rely on the following third-party services to operate Redbeard Validate. Each processes data under their own privacy policies:
| Service | What It Does | Data Shared |
|---|---|---|
| Google Cloud Platform / Firebase | Hosting, database (Firestore), Cloud Functions | Form data, reports, email addresses |
| Google Gemini AI | AI-powered report generation | Form data (business details) |
| Google Tag Manager / GA4 | Analytics (with consent only) | Anonymized usage data |
| PayPal | Payment processing | Payment and billing data |
| Resend | Transactional email delivery | Email address, email content |
| Monday.com | Internal project tracking | Validation request metadata (no personal data shared externally) |
6. Cookies and Tracking
We use Google Tag Manager to manage analytics tags. By default, all tracking is disabled until you provide explicit consent through our cookie banner (Consent Mode v2).
When you accept analytics cookies, Google Analytics 4 may set cookies to:
- Distinguish unique visitors
- Track session information
- Understand how you navigate the site
You can change your cookie preferences at any time by clicking Cookie Settings in the footer of any page.
7. Data Retention
- Validation requests and reports: Stored indefinitely. This is necessary so we can re-deliver your report if you need it again.
- OTP verification codes: Automatically deleted after 10 minutes.
- Analytics data: Retained per Google Analytics default retention settings (which you can learn more about in Google's privacy documentation).
- Payment records: Retained by PayPal under their own data retention policy. We store only a transaction confirmation reference.
If you request deletion of your data (see Section 8), we will erase your validation data and reports from our systems within 30 days.
8. Your Rights Under GDPR
If you are located in the European Economic Area (EEA), the UK, or Israel, you have the following rights under data protection law. You can exercise any of these by emailing us at eytan@redbeard.co.il.
- Right to access (Article 15) — Request a copy of the personal data we hold about you.
- Right to rectification (Article 16) — Ask us to correct any inaccurate or incomplete data.
- Right to erasure (Article 17) — Ask us to delete your personal data ("right to be forgotten").
- Right to restrict processing (Article 18) — Ask us to limit how we use your data.
- Right to data portability (Article 20) — Request your data in a structured, machine-readable format.
- Right to object (Article 21) — Object to processing of your data for specific purposes.
- Right to withdraw consent (Article 7) — Withdraw consent at any time where we rely on consent as the legal basis (e.g., analytics cookies).
We will respond to your request within 30 days. If we need more time, we will let you know and explain why.
9. Data Security
We take reasonable measures to protect your data, including:
- All data is transmitted over HTTPS (TLS encryption in transit)
- Data is stored on Google Cloud Platform infrastructure with built-in encryption at rest
- Access to production systems is restricted to authorized personnel
- Payment data is handled exclusively by PayPal's PCI-DSS-compliant systems
- OTP codes are short-lived (10-minute TTL) and single-use
No system is 100% secure. While we do our best to protect your data, we cannot guarantee absolute security.
10. International Data Transfers
Your data may be processed outside your country of residence. Our infrastructure providers (Google Cloud, PayPal, Resend) operate globally. When data is transferred outside the EEA, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Provider-specific data protection frameworks
11. Children's Privacy
Redbeard Validate is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at eytan@redbeard.co.il and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we may also notify users via email.
We encourage you to review this page periodically.
13. Contact Us
If you have questions about this Privacy Policy, want to exercise your data rights, or have a concern about how we handle your information, reach out to us:
- Email: eytan@redbeard.co.il
- Company: Redbeard
- Website: validator.redbeard.co.il