Privacy Policy

1. Who We Are

Takeoff is a legal navigation platform that helps founders and early-stage businesses understand the legal landscape of starting and operating a company. For privacy-related questions, contact us at support@takeoff.legal.

This Privacy Policy explains what information we collect, how we use it, who we share it with, and what choices you have. We have tried to write it in plain English. If anything is unclear, we want to know.

2. Information We Collect

We collect the information you provide directly to us, information generated through your use of the platform, and limited technical information necessary to operate the service. We do not knowingly collect more than we need.

• Account information. When you create an account, we collect your name and email address. Your password is hashed before storage; we never see your plaintext password.
• Assessment answers. When you complete the Takeoff assessment, we collect your answers to questions about your business — for example, your business type, industry, state of operation, ownership structure, and any current arrangements you have in place. We use these to generate your action plan and surface relevant flags.
• Documents and tool inputs. When you use a Takeoff generator (operating agreement, founders agreement, contractor agreement, offer letter, service agreements, and others), we store the structured inputs you enter so you can return to edit, regenerate, and download. When you use a Takeoff tool (such as the cap table builder or the licensing lookup), we store your tool data so you can return to it. When you upload a document for analysis (such as a term sheet), we store the file securely.
• Agapius messages. When you message Agapius (our navigation assistant), we store the messages exchanged so you can return to your conversation history.
• Feedback. If you submit feedback through the platform, we store the content of your feedback along with metadata about your account.
• Usage data. We collect basic information about how you use Takeoff — pages visited, features used, generators run. This helps us understand which parts of the platform are working and which need improvement.
• Error and operational data. When the application encounters an error, our error monitoring system (Sentry) captures information about the error. IP addresses are scrubbed before transmission. We do not intentionally transmit assessment content, generator inputs, or message content in error reports.
• Agapius conversation logs. Separately from the messages themselves (which are stored with your account), we maintain conversation logs for operational monitoring. These logs use a hashed version of your user ID, so they cannot be directly linked back to your account. These logs are automatically deleted thirty days after creation.

3. How We Use Your Information

We use your information solely to operate and improve the Takeoff platform. Specifically:

• To generate your personalized assessment results, action plan, and recommended next steps.
• To power Agapius, our AI navigation assistant, so it can answer questions in the context of your business.
• To pre-fill information into generators and tools so you do not have to re-enter the same data multiple times.
• To monitor and improve the platform, fix bugs, and develop new features.
• To communicate with you about your account, send important service notifications, and respond to your support requests.
• To comply with legal obligations and respond to lawful requests from authorities.

We do not sell your information. We do not share your information with third parties for advertising or marketing purposes. We do not use your information to train artificial intelligence models.

4. AI Processing

Some parts of Takeoff are powered by artificial intelligence; others are not. We want you to understand which is which.

• Assessment processing is not AI-based. Your assessment answers are processed by rule-based logic running on our servers to detect issues and compute your action plan. No artificial intelligence or third-party AI service is involved in this processing.
• Document generation is not AI-based. When you generate a document through Takeoff, the document is assembled from structured templates using the inputs you provided. No artificial intelligence is involved in producing the document content.
• Agapius uses AI. When you message Agapius, relevant context from your assessment and your documents is assembled into a system prompt and sent to Anthropic's Claude API along with your message. Anthropic does not train on data sent through their API. You can review Anthropic's privacy practices at anthropic.com/privacy.

5. Service Providers

We use a small set of trusted service providers to operate Takeoff. Each provider processes your data only as needed to deliver their service to us:

• Anthropic — provides the AI infrastructure that powers Agapius. Anthropic does not train on data sent through their API.
• Resend — sends transactional emails (account verification, password reset, important service notifications).
• Sentry — captures application errors for monitoring and debugging. We scrub IP addresses and do not intentionally transmit user content.
• Railway — hosts our application servers and database. Encryption is used both in transit and at rest.
• Cloudflare R2 — stores uploaded files (such as term sheets you submit for analysis) and certain generated documents.
• Cloudflare — provides DNS, content delivery, and connection security between you and our servers.

We may add, change, or replace service providers as the platform evolves. Material changes that affect how your information is handled will be reflected in updates to this policy.

6. Data Security

We take reasonable steps to protect your information:

• Passwords are hashed using bcrypt with a work factor that we keep current with industry standards.
• All connections between your device and Takeoff use HTTPS (TLS).
• Database connections within our infrastructure are encrypted in transit.
• Data stored in the database and in our file storage is encrypted at rest.
• Session tokens and password reset tokens are short-lived and invalidated when you change your password.
• We perform automated cleanup of expired tokens, rate-limit records, and old operational logs.

No system is perfectly secure. We strongly recommend using a unique password for Takeoff that you do not use elsewhere. If you believe your account has been compromised, contact us immediately at support@takeoff.legal.

7. Data Retention

We retain different categories of information for different periods of time:

• Account, assessment, document, and tool data: retained for as long as your account exists. You can delete any of these directly from the platform at any time.
• Agapius messages: retained for as long as your account exists; deleted when you delete your account or delete your chat history.
• Agapius operational conversation logs (separate from messages): automatically deleted thirty days after creation.
• Authentication rate-limit records: retained for seven days, then automatically deleted.
• Password reset tokens: retained until used or until they expire, whichever comes first.
• Feedback: retained for as long as your account exists; deleted when you delete your account.
• Error reports: retained per our error monitoring system's standard retention.
• Administrative records of account deletions: a minimal audit log is retained for internal accountability. This log does not contain the deleted user's assessment content, documents, or messages.

8. Your Rights

You have the following rights regarding your information:

• Access and portability. You can export your data at any time. We provide a data export that returns your assessment answers, documents, tool data, and feedback in a structured format. Contact support@takeoff.legal for assistance.
• Correction. You can update your account information and assessment answers directly through the platform. If something is wrong and you cannot correct it yourself, contact us.
• Deletion. You can delete your account directly from your account settings at any time. When you do, we permanently delete your assessment, your documents, your uploaded files, your chat history, your tool data, and your feedback. A minimal audit log of the deletion is retained for accountability. You can also request deletion by emailing support@takeoff.legal; we will complete the deletion within thirty days, typically much sooner.
• Opt-out of communications. We send transactional emails (account verification, password reset, important service notifications). These are part of operating the service and cannot be turned off while your account is active. We do not currently send marketing emails. If we begin doing so, you will be able to opt out.

9. California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) give you additional rights:

• Right to know what personal information we collect, use, and share about you.
• Right to delete personal information we have collected about you, subject to limited exceptions.
• Right to correct inaccurate personal information.
• Right to opt out of the sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising.
• Right to non-discrimination — we will not deny you service, charge you a different price, or provide a lower quality of service because you exercised your rights.

To exercise any of these rights, contact us at support@takeoff.legal. You may also designate an authorized agent to make a request on your behalf. We will verify your identity before responding to any request that involves access, correction, or deletion of personal information.

10. International Users

Takeoff is operated from the United States, and our servers and service providers are located in the United States. If you access Takeoff from outside the United States, you understand that your information will be processed in the United States, which may have data protection laws different from those of your country.

11. Cookies and Similar Technologies

Takeoff uses cookies and similar technologies only for essential platform functionality: session management, authentication, and user preferences. We do not use cookies for advertising. We do not use third-party tracking cookies. Most browsers allow you to control cookies through their settings; disabling essential cookies may prevent the platform from functioning correctly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through an in-product notice before they take effect. If you do not accept the revised policy, you may delete your account at any time. Non-material changes — such as typo corrections, formatting improvements, or clarifications that do not change how your information is handled — may be made without prior notice.