Privacy Policy

Privacy Policy

Who we are

Our website address is: We operate our website using WordPress. We are a membership-based online incubator and accelerator. It’s a Delaware-based corporation in NY  led by its founder and CEO, Carl Potak.

WordPress Policies


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it.

The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website. Any media that’s shared by you that is not yours must be legally shareable and all laws must be followed regarding your use of third party media. An example can be providing proper image attribution and linking to the image source for images that are royalty free but may require attribution.


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

We do not specifically share your data with any parties and we will never sell your personal data. If you request a password reset, your IP address will be included in the reset email.

However, we use interconnected third party services to provide capabilities, such as payment processing, which includes your personally identifiable data.

How long we retain your data

For users that register on our website (if any), we also store the personal information they provide in their user profile.

All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information but will only use that information for our company’s internal decision-making.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

You can also request that we erase any personal data we hold about yourself or your user behavior.

You can request data deletion by sending us an email to [email protected].

Why we collect your data

We collect your data to enable us to perform critical business functions such as membership processing, payment processing, for communication with you, and for tracking user sessions on our website so we can make informed business decisions on overall user behavior to provide you with the best experience.

StartupDevKit will never sell personally identifiable data to anyone.

Where we send your data

The data we collect is secured on our server. However, there is other data that is collected and processed through third party applications. They are responsible for keeping your data safe on our behalf, as a user of their service.

This is a list of services we use to enable us to run our business. It’s collected via forms, cookies, and user behavior. You can see how we use your data in the sections below within this privacy policy.

Lowest Level Data

Non-personally identifiable data is collected through:

  1. WordPress – Our site is operated through the WordPress CMS
  2. Google Analytics
  3. Segment
  4. Visitor comments may be checked through an automated spam detection service called Akismet that uses IP addresses to identify if you’re allowed to comment or a bot.

Mid-Level Data

Personally identifiable data is collected and processed through:

  1. Stripe
  2. WP Fusion
  3. ActiveCampaign
  4. Our membership system using Paid Memberships Pro (they do not recieve any of your data whatsoever).
  5. Gamipress
  6. LearnDash

User Data

The terms “user” and “users” represent any individual that visits for any purpose.

StartupDevKit may retain certain personal data that’s voluntarily provided by users, however, that data will never be sold to any outside party.

“Personal data” is referred to data with identifying information such as a user’s first and/or last name, address, email address, and IP address.

Consent must be provided by a user and given to StartupDevKit in order for StartupDevKit to use their personal data.

This data may contain the account holder’s name, the account holder’s activity using StartupDevKit, a user’s company name, their phone number, address, and an email address depending on what information the user provides to StartupDevKit.

StartupDevKit uses cookies which track usage data of users but does not include personal identifiers such as a user’s name or email address. However, only users from the European Union need to provide consent.

Data Collected to Manage Your Membership via Paid Memberships Pro

At checkout, we will collect your name, email address, username, and password. This information is used to setup your account for our site. If you are redirected to an offsite payment gateway to complete your payment, we may store this information in a temporary session variable to setup your account when you return to our site.

At checkout, we may also collect your billing address and phone number. This information is used to confirm your credit card. The billing address and phone number are saved by our site to prepopulate the checkout form for future purchases and so we can get in touch with you if needed to discuss your order.

At checkout, we may also collect your credit card number, expiration date, and security code. This information is passed to our payment gateway to process your purchase. The last 4 digits of your credit card number and the expiration date are saved by our site to use for reference and to send you an email if your credit card will expire before the next recurring payment.

When logged in, we use cookies to track some of your activity on our site including logins, visits, and page views.

LearnDash LMS

We collect information about you relating to your course progression and quiz performance.

What we collect and store

We store information about you for as long as your account exists.

We store course progress, including completion status, quiz scores, assignments and/or essay submissions (if applicable).

We will also store comments on courses, lessons, topics, assignments, and essays if you choose to leave them.

Who on our team has access

Members of our team have access to the information you provide us. For example, both Administrators and Group Leaders can access:

–Order information such as your enrolled courses, course progress and username / email address.

Any additional information added in your WordPress User Profile can also be visible to the administrator(s).

Only individuals with the authority to view your data within our organization will be allowed to access all of your data. Basic data such as name and email addresses are only accessible internally if you have provided consent to use your data. The CDO, or Chief Data Officer, Carl Potak.

What we collect and store

  • Your email address and name if provided.
  • We store information about you for as long as your account exists.
  • We store course progress, including completion status, quiz scores, assignments and/or essay submissions (if applicable).
  • We collect data on your website and email behavior through cookies.
  • We collect individual data that you share during the signup process, such as your: company name, startup stage, industry sector, how large your team size is, where your location is, your phone number, and how you found us.
  • We will also store comments on courses, lessons, topics, assignments, and essays if you choose to leave them.

What we share with others

We share information with third parties who help us provide our orders and store services to you.

Third Party Platforms

Google Analytics

This site uses Google Analytics – it helps us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.

We also use this information to further improve the website technically, such as optimizing the site for mobile devices. From time to time we test new features and make subtle changes to the way that the site is delivered. When we are still testing new features these cookies may be used to ensure that you receive a consistent experience, whilst ensuring we understand which optimizations our users appreciate the most.

As we provide course information online, it’s important for us to understand statistics about how many of the visitors to our site actually make an enquiry or apply, and this is the kind of data that these cookies will track. We do not store your personal details using cookies if you proceed to make an enquiry or apply to a course. This means that we can accurately make business predictions that allow us to monitor our advertising and costs to ensure the best possible reach to potential customers or students.

Opt-out of Analytics

Google provides an add-on (also known as an extension) for the most popular web browsers which provides an opt-out of Google Analytics instruction to your web browser.
Visit Google’s download page to install the add-on.

If you do not wish to install this add-on, you may wish to disable JavaScript. However, disabling JavaScript is not recommended as many websites rely on this technology to function.

Google Ads

Google Advertising Services uses a DoubleClick cookie to serve more relevant ads across the web and limit the number of times that a given ad is shown to you. StartupDevKit subscribes to Google Advertising Services to promote our products and services to those who we think would benefit from them. The behavioral advertising cookies used by this site are designed to ensure that our advertising service provider (Google) provides you with the most relevant adverts where possible by anonymously tracking your interests and presenting similar things that may be of interest. This may include information or content you access elsewhere on the World Wide Web.


Segment is a data analytics company we use to help improve user experience. Segment may collect non-personal identifying information that allows us to better understand user behavior.

Sitewide Sales

What we collect and store

Administrators of our site have access to view sale reports. These reports include aggregate data that is non-personalized, including conversion rates, number of banner or landing page views, and total sale revenue data.

While a sale is active, we will track:

  • Sale Banners you view: We store a numeric value in a cookie. This data is used to report on sale performance.
  • Landing pages you visit: We store a numeric value in a cookie. This data is used to report on sale performance.
  • Purchases you complete through a sale: We store a numeric value in a cookie. This data is used to link the purchase to the sale for reporting.
Who has access to sale information

Administrators of our site have access to view sale reports. These reports include aggregate data that is non-personalized, including conversion rates, number of banner or landing page views, and total sale revenue data.


We use Sumo as a lead form generator to collect emails from users who have voluntarily submitted their email address, name, and IP address that is notated. We do not sell your information to Sumo, but the aforementioned information is stored in their servers through our account with them.

Activity Log

If you are a registered user, we save your content activity like create/update/delete posts and comments.


We collect information about visitors who comment on Sites that use our Akismet anti-spam service. The information we collect depends on how the User sets up Akismet for the Site, but typically includes the commenter’s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address, and the comment itself).

ActiveCampaign & WP Fusion

ActiveCampaign is an email marketing and customer relationship management platform. When you sign up for a StartupDevKit membership of any type, your name, email, IP address, and any additional information you provide, is automatically sent via API from PaidMembershipsPro to our account with WP Fusion, which is then sent to our ActiveCampaign account.

WP Fusion is sofware that connects apps together. WP Fusion allows us to connect Paid Memberships Pro and ActiveCampaign so your email campaign can be properly delivered to you. You can view their privacy policy here.

Social Media Platforms

We also use social media buttons and/or plugins on this site that allow you to connect with your social network in various ways. For these to work, the following social media sites may set cookies through our site which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies.

  • Facebook
  • Twitter
  • LinkedIn
  • Instagram
  • YouTube

If you would like to know more about how these platforms and services use cookies, you can visit the following resources:

Opt-out of using cookies

If you would like to opt-out of third-party cookies completely, you’ll need to examine your web browser settings.

Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of this site.

It is recommended that you leave your default cookie settings in your web browser if you are not sure whether you need them, in case they are used to provide a service that you use.

Instructions on how to disable cookies vary by your web browser software. Please consult your web browser’s support documentation for specific instructions.

User Generated Data: If you leave a comment or a forum post, the comment or forum post and its metadata are retained indefinitely unless you request for it to be removed or you delete the content you posted or if it is a duplicate. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue. If you post a topic in our forum, you cannot remove the topic, but you can remove a comment.


In this subsection you should list which third party payment processors you’re using to take payments on your store since these may handle customer data.


We accept payments through PayPal. When processing payments, some of your data will be passed to PayPal, including information required to process or support the payment, such as the purchase total and billing information.

Please see the PayPal Privacy Policy for more details.


We accept payments through Stripe. Stripe Checkout may require the use of cookies so that a payment transaction can be processed. You can find out more about the cookies set by Stripe for these purposes by visiting Stripe’s Cookies Policy.

Really Simple SSL

Really Simple SSL and Really Simple SSL add-ons do not process any personal identifiable information, so the GDPR does not apply to these plugins or usage of these plugins on your website. You can find our privacy policy here.

User Rights

A user has the right to correct inaccurate personal data, add to incomplete personal data, and have their personal data erased without undue delay if certain grounds apply, including if the personal data is no longer necessary for the purposes it was originally collected or processed.

Users may request their data be ported to another controller in a machine-readable format such as .csv.

Processing of Personal Data

Processing of personal data will only be undertaken if StartupDevKit has a lawful reason to do so.

This includes:

(1) processing necessary for the performance of or entry into a contract with a particular data subject;

(2) processing necessary for compliance with a legal obligation to which the controller is subject under EU or Member State law;

(3) processing necessary to protect the “vital interests” of the data subject or of another natural person;

(4) processing necessary for the performance of a task in the public interest or in the exercise of official authority vested in the controller; or

(5) processing necessary for the purposes of legitimate interests pursued by the controller or third party, “except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.”

When StartupDevKit cannot rely on any of the five legal bases set forth above, StartupDevKit will need to obtain the individual’s express consent.

To be valid, consent must be freely given, specific, informed and unambiguous.  Controllers intending to rely on consent will, therefore, need to make sure that they implement a mechanism that actually enables them to collect and monitor where consent is actually obtained (e.g., a clear banner or a box to be ticked specifically consenting to the purposes for processing).

When personal data are to be processed for a purpose other than the one for which the data have been collected initially, the controller must consider whether the new purpose is compatible with the original purpose of processing, and if not, the controller will need to ensure that it relies on one of the five legal bases described above.

Data Breach Notification: In the event of a data breach, StartupDevKit will notify the supervisory authority “without undue delay” and within 72 hours of discovering the breach, where feasible.  Any delay must be explained.  In practice, this 72-hour deadline may be difficult to meet given the nature of detecting data breaches and determining their extent.  Additionally, if the data breach is likely to result in a “high risk to the rights and freedoms of natural persons,” StartupDevKit will notify the affected data subjects without undue delay unless one of a number of exceptions is triggered.