When you apply to or create an account on the CapitalCore Network, we collect information you provide directly to us, including your name, business email address, phone number, and details about your firm (name, website, headquarters, regulatory registration, assets under management range, investment focus, and similar professional information). When you use the FlowIQ platform, we also collect data you and your firm enter into the Service — investor records, deal pipeline entries, allocations, documents, and related operational data ("Firm Data"). We also collect technical and usage data automatically, including IP address, device and browser information, pages visited, actions taken within the Service, and timestamps. We collect this information to operate the Service, not to build a profile of you for advertising or resale.
We use the information we collect to (a) provide, operate, and maintain the Service, including authenticating you and displaying your firm's data, (b) send transactional emails such as verification messages, password resets, billing notices, and service announcements, (c) provide customer support and respond to your requests, (d) monitor, secure, and improve the Service, including detecting and preventing fraud and abuse, (e) produce aggregate and de-identified analytics that do not identify you or your firm, and (f) comply with our legal obligations. We do not use your personal information or Firm Data to train third-party machine learning models.
Firm Data is scoped to your firm at the database level using row-level security ("RLS") and related access controls. In plain terms: when a user from your firm signs in, the database only returns records that belong to your firm. Users from other firms cannot query, view, or export your firm's records, and our application enforces the same isolation at the API layer. Access by CapitalCore personnel is limited to what is necessary to operate, support, and secure the Service, and is logged.
We share information only with trusted service providers who help us deliver the Service, and only to the extent necessary for them to perform their function. These include: Supabase (our managed database and authentication infrastructure provider) and Resend (transactional email delivery). These providers are contractually bound to protect your information and to use it only for the services they provide to us. We may also disclose information if required by law, subpoena, or other valid legal process, or to protect the rights, property, or safety of CapitalCore, our users, or the public. We do not sell your personal information or Firm Data to third parties, and we do not share it with data brokers or ad networks.
We retain your account information and Firm Data for as long as your account is active and for a reasonable period thereafter to comply with legal, tax, regulatory, and audit obligations. You can export your Firm Data at any time while your account is active. If you wish to close your account or request deletion of your data, contact us at privacy@capitalcorenetwork.co. Upon verified request, we will delete or anonymize your personal information and Firm Data, except where retention is required by law or necessary to resolve disputes and enforce agreements.
We take the security of your information seriously. All data is encrypted in transit using industry-standard TLS. Access to production systems is restricted and audited. Data isolation between firms is enforced at the database level through row-level security. Administrative and sensitive actions within the Service are captured in an audit log. No system can be guaranteed to be completely secure; if you believe your account has been compromised, please contact us immediately at security@capitalcorenetwork.co.
Subject to applicable law, you have the right to (a) access the personal information we hold about you, (b) correct information that is inaccurate or incomplete, (c) export your account and firm data in a machine-readable format, (d) request deletion of your personal information and Firm Data, and (e) withdraw consent for optional processing. To exercise any of these rights, contact privacy@capitalcorenetwork.co from the email address associated with your account. We will respond within a reasonable timeframe and, where required by law, within the period specified by applicable regulation.
We use session cookies strictly to keep you signed in and to maintain basic functionality of the Service. We do not use advertising cookies, cross-site tracking cookies, or third-party ad network pixels. We do not share browsing data with advertising platforms. You can control cookies through your browser settings, though disabling session cookies will prevent the Service from functioning.
If you have questions, concerns, or requests regarding this Privacy Policy or our handling of your information, please contact us at privacy@capitalcorenetwork.co. CapitalCore Network LLC is headquartered in Chicago, Illinois.