Privacy Policy

Last Updated: March 5, 2026

This Privacy Policy (“Policy”) describes how MB Arrok, doing business as Unseen Founder (“we,” “us,” “our,” or the “Company”), collects, uses, stores, shares, and protects personal information when you access or use the website located at https://unseenfounder.com (the “Site” or “Website”), including all subdomains, mobile-optimized versions, and any associated services, features, applications, widgets, or online interactions operated by us.

This Policy applies to all visitors, users, and others who access or interact with the Site, regardless of how or where they access it (collectively, “you” or “User”). By accessing or using the Site, you acknowledge that you have read and understand this Privacy Policy. If you do not agree with the practices described in this Policy, please do not use the Site.

This Privacy Policy is intended to comply with applicable privacy and data protection laws and regulations, including but not limited to:

The General Data Protection Regulation (EU) 2016/679 (“GDPR”) and its UK equivalent, the UK GDPR
The California Consumer Privacy Act of 2018 (Cal. Civ. Code § 1798.100 et seq.) as amended by the California Privacy Rights Act of 2020 (“CCPA/CPRA”)
The Children’s Online Privacy Protection Act (15 U.S.C. §§ 6501–6506) and the COPPA Rule (16 CFR Part 312) (“COPPA”)
The ePrivacy Directive 2002/58/EC (as amended by Directive 2009/136/EC)
The CAN-SPAM Act (15 U.S.C. § 7701 et seq.)
The Virginia Consumer Data Protection Act (“VCDPA”), Colorado Privacy Act (“CPA”), Connecticut Data Privacy Act (“CTDPA”), Utah Consumer Privacy Act (“UCPA”), and other applicable US state privacy laws
Brazil’s Lei Geral de Proteção de Dados (“LGPD”)
Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”)
Any other applicable federal, state, or international privacy and data protection laws

In the event of any conflict between this Policy and applicable law, the requirements of applicable law shall prevail.

2. Definitions

For the purposes of this Policy, the following terms have the meanings set out below:

“Personal Information” or “Personal Data”: Any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. This includes but is not limited to names, email addresses, IP addresses, device identifiers, cookie identifiers, browsing history, and geolocation data.

“Sensitive Personal Information”: Personal information that reveals a consumer’s social security number, driver’s license number, passport number, financial account information, precise geolocation, racial or ethnic origin, religious beliefs, health data, biometric data, contents of private communications, genetic data, or information concerning a consumer’s sex life or sexual orientation.

“Processing”: Any operation or set of operations performed on personal data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, making available, alignment, combination, restriction, erasure, or destruction.

“Data Controller” (GDPR) / “Business” (CCPA): MB Arrok, the entity that determines the purposes and means of processing personal data through the Site.

“Data Processor” (GDPR) / “Service Provider” (CCPA): Any third party that processes personal data on behalf of the Data Controller/Business.

“Data Subject” (GDPR) / “Consumer” (CCPA): An identified or identifiable natural person whose personal data is processed.

“Child”: An individual under the age of 13 (for COPPA purposes), or under the age of 16 (for GDPR and CCPA/CPRA purposes where applicable).

“Cookies”: Small text files placed on your device by a website that you visit. They are widely used to make websites work more efficiently, as well as to provide reporting information.

“Sell” or “Sale” (CCPA): Selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information to a third party for monetary or other valuable consideration.

“Share” or “Sharing” (CCPA/CPRA): Sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information to a third party for cross-context behavioral advertising purposes.

3. Data Controller / Operator Information

The data controller responsible for the processing of your personal data through this Site is:

Entity Name: MB Arrok
Website: https://unseenfounder.com
Contact: https://unseenfounder.com/contact/

If you have any questions about how your personal data is processed or wish to exercise any of your data protection rights, please contact us using the information provided in Section 27 of this Policy.

4. Information We Collect

We may collect and process the following categories of personal information about you:

4.1 Information You Provide Directly

Contact information such as your name and email address, provided when you submit a contact form, comment on a post, sign up for our newsletter, or submit a founder story
Account registration information, including username, email address, and password, if you create an account on the Site
User-generated content, including comments, founder stories, interviews, photographs, biographical information, company details, and any other content you submit through the Site or through associated channels such as email or forms
Communication data, including the content of messages you send to us through the contact form, email, or other communication channels
Survey and feedback responses, if you choose to participate in surveys or provide feedback

4.2 Information Collected Automatically

Technical data, including your Internet Protocol (IP) address, browser type and version, browser user agent string, operating system, device type, screen resolution, and referring/exit URLs
Usage data, including pages visited, date and time of visits, time spent on pages, click data, scroll depth, and navigation patterns
Cookie data and similar tracking technology data, including session identifiers, preferences, and behavioral data (see Section 8 for full details)
Log data, collected automatically by our web servers, including access times, pages viewed, IP address, and the page that referred you to our Site

4.3 Information from Third-Party Sources

Analytics data from third-party services such as Google Analytics or similar platforms
Social media data if you interact with our content on social media platforms (Facebook, Instagram, LinkedIn, YouTube, Medium)
Gravatar data: an anonymized hash of your email address may be sent to the Gravatar service to retrieve your profile picture. The Gravatar privacy policy is available at https://automattic.com/privacy/
Embedded content data from third-party services embedded on the Site (see Section 9)

4.4 Categories of Personal Information Under CCPA

For purposes of the CCPA/CPRA, we have collected the following categories of personal information within the preceding twelve (12) months:

Identifiers: name, email address, IP address, unique personal identifier, online identifier, account name
Internet or Other Electronic Network Activity Information: browsing history, search history, information regarding your interaction with the Site
Geolocation Data: approximate location derived from IP address
Inferences: preferences, characteristics, and behavior patterns drawn from the above categories

We do not collect Sensitive Personal Information as defined under the CCPA/CPRA. We do not collect Social Security numbers, financial account information, precise geolocation, biometric data, health data, or information about sex life or sexual orientation.

5. How We Collect Information

We collect personal information through the following methods:

Directly from you when you provide it voluntarily (e.g., filling out forms, leaving comments, submitting stories, subscribing to our newsletter, contacting us)
Automatically through cookies and similar tracking technologies as you navigate the Site
From third-party service providers who assist us in operating the Site, processing analytics, preventing spam, and delivering content
From publicly available sources to the extent permitted by applicable law

6. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, we process your personal data only when we have a valid legal basis to do so under the GDPR. The legal bases we rely on include:

6.1 Consent (Article 6(1)(a) GDPR)

Where you have given us clear, affirmative consent to process your personal data for specific purposes. This includes consent to receive marketing communications (such as our email newsletter), consent to the use of non-essential cookies and tracking technologies, and consent given when submitting content such as founder stories. You may withdraw your consent at any time without affecting the lawfulness of processing carried out before the withdrawal.

6.2 Legitimate Interests (Article 6(1)(f) GDPR)

Where processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and freedoms. Our legitimate interests include operating and improving the Site, understanding how Users interact with our content, ensuring the security of our Site, preventing fraud and spam, administering and managing our business, and marketing our services to existing Users.

6.3 Performance of a Contract (Article 6(1)(b) GDPR)

Where processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering a contract. This may apply when you register for an account, submit a founder story for publication, or engage with our services.

6.4 Legal Obligation (Article 6(1)(c) GDPR)

Where processing is necessary for compliance with a legal obligation to which we are subject, such as responding to lawful requests from public authorities or complying with tax, accounting, or reporting obligations.

7. How We Use Your Information

We use the personal information we collect for the following purposes:

Operating, maintaining, and improving the Site and its content, features, and functionality
Publishing founder stories, interviews, and submitted content on the Site and related platforms
Responding to your comments, inquiries, and requests submitted through the contact form or other channels
Sending you newsletters, updates, and marketing communications (with your consent where required by applicable law)
Personalizing your experience on the Site and delivering content relevant to your interests
Analyzing usage trends, monitoring the effectiveness of our content, and generating aggregate statistics
Detecting, preventing, and addressing fraud, spam, abuse, security breaches, and other harmful activity
Enforcing our Terms of Service and other legal rights
Complying with applicable laws, regulations, and legal processes
Administering affiliate programs and advertising relationships as described in Section 22
Fulfilling any other purpose disclosed to you at the time of collection or as otherwise directed by you

8. Cookies and Tracking Technologies

The Site uses cookies and similar tracking technologies to enhance your browsing experience, analyze Site traffic, and understand where our visitors are coming from.

8.1 Types of Cookies We Use

Strictly Necessary Cookies: These cookies are essential for the operation of the Site. They include cookies that enable you to log into secure areas of the Site and use its features. These cookies do not collect information about you that could be used for marketing or remembering where you have been on the internet.

Functional Cookies: These cookies allow the Site to remember choices you make (such as your username, language, or region) and provide enhanced, more personalized features. If you leave a comment on the Site, you may choose to save your name, email address, and website in cookies for your convenience. These cookies typically last for one year.

Analytics and Performance Cookies: These cookies collect information about how visitors use the Site, including which pages are visited most often and whether visitors receive error messages. All information collected by these cookies is aggregated and therefore anonymous.

Advertising and Targeting Cookies: If present, these cookies are used to deliver advertisements relevant to you and your interests. They may also be used to limit the number of times you see an advertisement and to help measure the effectiveness of advertising campaigns.

8.2 WordPress-Specific Cookies

As the Site is powered by WordPress, the following cookies may be set:

Comment cookies: If you leave a comment, your name, email address, and website may be stored in cookies for your convenience (typically lasting one year)
Login cookies: If you visit the login page, a temporary cookie is set to determine whether your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser
Authentication cookies: When you log in, cookies are used to store your login information and screen display preferences. Login cookies last approximately two days, and screen options cookies last up to one year. Selecting “Remember Me” extends login persistence up to two weeks. Logging out removes login cookies.
Post editing cookies: If you edit or publish content, a cookie is saved in your browser. This cookie contains no personal data and only indicates the post ID. It expires after one day.

8.3 Your Cookie Choices

You can manage your cookie preferences through the following methods:

Browser settings: Most web browsers allow you to control cookies through their settings. You can set your browser to refuse all or some cookies, or to alert you when cookies are being sent. Note that if you disable or refuse cookies, some parts of the Site may become inaccessible or not function properly.
Opt-out tools: You may opt out of interest-based advertising through the Digital Advertising Alliance (DAA) at https://optout.aboutads.info/, the Network Advertising Initiative (NAI) at https://optout.networkadvertising.org/, or the European Interactive Digital Advertising Alliance (EDAA) at https://www.youronlinechoices.com/
Google Analytics: You may opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on available at https://tools.google.com/dlpage/gaoptout

For EU/EEA visitors, we will request your consent before placing non-essential cookies on your device, in compliance with the ePrivacy Directive and GDPR. You may withdraw your consent at any time.

9. Embedded Content from Third Parties

Articles and pages on the Site may include embedded content such as videos (e.g., from YouTube or Vimeo), images, social media posts, audio players, or articles from other websites. Embedded content from other websites behaves in the same way as if you had visited those websites directly.

These third-party websites may collect data about you, use their own cookies, embed additional third-party tracking, and monitor your interaction with that embedded content. This includes tracking your interaction with the embedded content if you have an account and are logged in to those third-party websites.

We encourage you to review the privacy policies of any third-party services whose content is embedded on our Site. We are not responsible for the privacy practices of these third-party services.

10. Data Sharing and Disclosure

We value your privacy and do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share or disclose your personal information only in the following circumstances:

10.1 Service Providers and Processors

We may share your personal information with third-party service providers who perform services on our behalf, including but not limited to web hosting providers, email delivery services (such as ConvertKit/Kit), analytics providers, spam detection services (such as Akismet/Automattic), content delivery networks, and customer support tools. These service providers are authorized to use your personal information only as necessary to provide these services to us and are contractually obligated to protect your information.

10.2 Legal Requirements

We may disclose your personal information if required to do so by law, or in the good faith belief that such action is necessary to comply with a legal obligation (such as a subpoena, court order, or government request), protect and defend our rights or property, prevent or investigate possible wrongdoing in connection with the Site, protect the personal safety of users or the public, or protect against legal liability.

10.3 Business Transfers

In the event of a merger, acquisition, reorganization, dissolution, or similar corporate transaction involving all or part of our assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

10.4 With Your Consent

We may share your personal information with third parties when you have given us your explicit consent to do so.

10.5 Publicly Visible Information

If you submit a comment, founder story, or other user-generated content to the Site, certain information associated with your submission (such as your name, company name, profile picture, and the content itself) may be publicly displayed on the Site. Your approved comment and its associated profile picture (if using Gravatar) are visible to the public.

10.6 CCPA/CPRA Disclosure

In the preceding twelve (12) months, we have not sold personal information of consumers as defined by the CCPA/CPRA. We have not shared personal information for cross-context behavioral advertising as defined by the CCPA/CPRA. We do not have actual knowledge that we sell or share the personal information of consumers under 16 years of age.

11. International Data Transfers

The Site is operated from and our servers may be located in various jurisdictions. If you are accessing the Site from outside the jurisdiction where our servers are located, please be aware that your personal data may be transferred to, stored, and processed in a country different from the one in which you reside.

If you are located in the EEA, UK, or Switzerland, and we transfer your personal data outside those regions, we will ensure that appropriate safeguards are in place to protect your data in accordance with the GDPR. These safeguards may include:

Standard Contractual Clauses (SCCs) approved by the European Commission
Transfers to countries that have received an adequacy decision from the European Commission
Binding Corporate Rules (BCRs) where applicable
Your explicit consent to the transfer, after being informed of possible risks

By using the Site, you acknowledge and agree that your personal data may be transferred internationally as described in this section.

12. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, regulatory, accounting, or reporting requirements.

12.1 Retention Periods

Comments: If you leave a comment on the Site, the comment and its associated metadata (including IP address and browser user agent) are retained indefinitely to allow us to recognize and approve follow-up comments automatically rather than holding them in a moderation queue.
Account data: If you register for an account, your profile information is retained for the duration of your account. You may view, edit, or delete your personal information at any time (except your username). Site administrators may also view and edit this information.
Contact form submissions: Data submitted through our contact form is retained for the period necessary to respond to your inquiry and for our legitimate record-keeping purposes, after which it is deleted or anonymized.
Newsletter subscriber data: If you subscribe to our newsletter, your email address and related data are retained until you unsubscribe or request deletion.
Analytics data: Aggregated and anonymized analytics data may be retained indefinitely for statistical purposes.
Founder stories and submissions: Submitted content that is published on the Site is retained as part of the Site’s published content. Unpublished submissions are retained for a reasonable period to evaluate them for publication and then deleted.
Log files: Server log files containing technical data are typically retained for a limited period (generally no longer than 90 days) for security and troubleshooting purposes.

12.2 Retention Criteria

When determining the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the data and whether we can achieve those purposes through other means, and any applicable legal, regulatory, or contractual requirements.

13. Data Security

We implement appropriate technical and organizational measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include but are not limited to:

Secure Sockets Layer (SSL/TLS) encryption for data in transit between your browser and our servers
Regular software and security updates for our hosting environment and content management system
Access controls limiting access to personal data to authorized personnel who need it for legitimate business purposes
Use of strong passwords and multi-factor authentication for administrative accounts
Regular backups of Site data stored in secure environments
Spam detection and prevention tools to protect the integrity of user-generated content
Periodic reviews of our data collection, storage, and processing practices

While we take reasonable precautions to protect your information, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to promptly addressing any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

14. Your Rights Under the GDPR (EEA, UK, and Swiss Residents)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have certain rights under the GDPR and applicable local laws with respect to your personal data. Subject to certain exceptions and limitations, these rights include:

14.1 Right of Access (Article 15 GDPR)

You have the right to request confirmation as to whether we process your personal data and, if so, to obtain a copy of that personal data along with certain supplementary information about how it is processed.

14.2 Right to Rectification (Article 16 GDPR)

You have the right to request correction of inaccurate personal data and to have incomplete personal data completed.

14.3 Right to Erasure / Right to Be Forgotten (Article 17 GDPR)

You have the right to request deletion of your personal data in certain circumstances, including where the data is no longer necessary for the purposes for which it was collected, where you withdraw consent on which the processing is based, where you object to the processing and there are no overriding legitimate grounds, or where the personal data has been unlawfully processed.

14.4 Right to Restriction of Processing (Article 18 GDPR)

You have the right to request restriction of processing of your personal data in certain circumstances, such as where you contest the accuracy of the data, where the processing is unlawful but you do not want erasure, or where we no longer need the data but you require it for legal claims.

14.5 Right to Data Portability (Article 20 GDPR)

You have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance, where the processing is based on consent or a contract and is carried out by automated means.

14.6 Right to Object (Article 21 GDPR)

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes. Where you object to processing for direct marketing purposes, we will cease processing your data for those purposes immediately.

14.7 Right Not to Be Subject to Automated Decision-Making (Article 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except where necessary for a contract, authorized by law, or based on your explicit consent.

14.8 Right to Withdraw Consent

Where we rely on your consent as the legal basis for processing your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

14.9 Exercising Your GDPR Rights

To exercise any of the above rights, please contact us using the information provided in Section 27. We will respond to your request without undue delay and in any event within one (1) month of receipt. This period may be extended by two (2) further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt. We will verify your identity before processing any request. There is no fee for exercising your rights, unless your request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act on the request.

15. Your Rights Under the CCPA/CPRA (California Residents)

If you are a California resident, the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively, “CCPA”) provides you with specific rights regarding your personal information. This section describes those rights and explains how to exercise them.

15.1 Right to Know

You have the right to request that we disclose: the categories of personal information we have collected about you; the categories of sources from which the personal information was collected; the business or commercial purpose for collecting, selling, or sharing your personal information; the categories of third parties to whom we disclose personal information; and the specific pieces of personal information we have collected about you. You may request this information for the 12-month period preceding your request (and, as of January 1, 2026, requests may extend back to January 1, 2022).

15.2 Right to Delete

You have the right to request that we delete personal information we have collected from you, subject to certain exceptions permitted by law (such as completing a transaction, detecting security incidents, exercising free speech, complying with legal obligations, or conducting internal uses that are reasonably aligned with your expectations).

15.3 Right to Correct

You have the right to request that we correct inaccurate personal information that we maintain about you, taking into account the nature of the personal information and the purposes of the processing.

15.4 Right to Opt Out of Sale or Sharing

You have the right to opt out of the sale or sharing of your personal information. As stated above, we do not sell or share your personal information as those terms are defined under the CCPA/CPRA. Should this practice change in the future, we will provide you with the ability to opt out and will update this Policy accordingly.

15.5 Right to Limit Use of Sensitive Personal Information

You have the right to limit the use and disclosure of your sensitive personal information. We do not collect sensitive personal information as defined by the CCPA/CPRA for purposes other than those permitted by law.

15.6 Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. We will not deny you goods or services, charge you different prices or rates, provide you a different level or quality of goods or services, or suggest that you may receive a different price or rate or different level or quality of goods or services for exercising your rights.

15.7 Exercising Your CCPA Rights

To exercise any of the rights described above, you may submit a verifiable consumer request by contacting us at https://unseenfounder.com/contact/. Only you, or a person you have authorized to act on your behalf (an authorized agent), may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

We will verify your identity by matching information you provide with information we have on file. We will respond to your request within 45 calendar days. If we require more time (up to an additional 45 days), we will notify you in writing. We will deliver our response by mail or electronically, at your option. We will not charge a fee to process your request unless it is excessive, repetitive, or manifestly unfounded.

15.8 Financial Incentive Programs

We do not currently offer any financial incentive programs related to the collection of personal information. If we implement any such programs in the future, we will provide a notice of financial incentive in accordance with the CCPA and applicable regulations.

16. Children’s Privacy (COPPA Compliance)

We take children’s privacy seriously. The Site is not directed at, and is not intended for use by, children under the age of 13. We do not knowingly collect, use, or disclose personal information from children under 13 years of age.

16.1 Age Restrictions

The Site is a general audience website intended for adult users, particularly entrepreneurs, business founders, and individuals interested in startup culture and business content. The Site is not designed for or targeted at children under 13 (or under 16 in jurisdictions where the GDPR applies).

16.2 No Knowing Collection from Children

We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13 without verifiable parental consent, we will take immediate steps to delete that information from our records. This includes the deletion of account data, comments, submissions, email addresses, and any other personal information associated with the child.

16.3 Parental Rights

If you are a parent or legal guardian and believe that your child under 13 has provided us with personal information, please contact us immediately using the information in Section 27. Upon verification, we will promptly delete the child’s personal information from our records.

Parents and guardians have the right to: review the personal information we have collected from their child; request that we delete the personal information collected from their child; refuse to permit further collection or use of their child’s personal information; and agree to the collection and use of their child’s personal information while refusing to allow disclosure to third parties (unless disclosure is integral to the service).

16.4 Third-Party Services

To the extent that any third-party services embedded on or connected to the Site may collect information from children, we are not responsible for those third parties’ data collection practices. We encourage parents and guardians to monitor their children’s online activities and to instruct them never to provide personal information through any website without parental permission.

16.5 GDPR Protections for Minors

Under the GDPR, the processing of personal data of children under 16 for information society services requires parental or guardian consent. As the Site does not target children and does not knowingly process children’s data, we rely on this Policy’s general prohibitions. Should we become aware that a minor in a GDPR jurisdiction has provided personal data without appropriate parental consent, we will take steps to delete that data.

16.6 CCPA/CPRA Protections for Minors

Under the CCPA/CPRA, the definition of sensitive personal information now includes information about consumers under 16. We do not sell or share the personal information of consumers we know to be under 16 years of age. We do not have actual knowledge that we collect or process personal information from consumers under 16. If we discover that we have collected personal information from a minor under 16 without appropriate consent, we will promptly delete it.

17. Do Not Track and Global Privacy Control Signals

Some web browsers transmit “Do Not Track” (DNT) signals to websites. Because there is no uniform standard for how to interpret and respond to DNT signals, we do not currently respond to DNT signals. However, you may use the cookie and tracking opt-out mechanisms described in Section 8.3 to manage your preferences.

We recognize and honor the Global Privacy Control (GPC) signal as a valid opt-out of sale/sharing request under the CCPA/CPRA. If our systems detect a GPC signal from your browser, we will treat it as an opt-out of any sale or sharing of your personal information, to the extent applicable. We encourage California residents and other users to install a browser or browser extension that supports GPC.

18. Automated Decision-Making and Profiling

We do not currently engage in automated decision-making or profiling that produces legal effects or similarly significant effects on you. The Site does not use automated processing to make decisions about visitors that would have legal or similarly significant consequences.

If we implement any automated decision-making processes in the future that could have legal or similarly significant effects, we will update this Policy to provide transparent information about the logic involved, the significance, and the envisaged consequences for you, and we will provide you with the right to contest such decisions, obtain human intervention, and express your point of view.

19. Third-Party Links and Services

The Site may contain links to third-party websites, services, or applications that are not operated by us, including but not limited to social media platforms (Facebook, Instagram, LinkedIn, YouTube, Medium), affiliate partner websites (such as Amazon.com), email marketing platforms (such as ConvertKit/Kit), community platforms, and other external resources.

We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. We encourage you to read the privacy policy of every website you visit. The inclusion of a link on the Site does not imply endorsement of the linked site’s privacy practices or content.

20. Email Newsletter and Marketing Communications

If you subscribe to our email newsletter or community communications (currently managed through ConvertKit/Kit), we will collect your email address and any additional information you voluntarily provide. We use this information to send you newsletters, updates, founder stories, book recommendations, and other content related to the Unseen Founder platform.

Your rights regarding marketing communications include:

Opt-out/Unsubscribe: You may unsubscribe from our marketing emails at any time by clicking the “unsubscribe” link included in every marketing email we send, or by contacting us directly. We will process your unsubscribe request promptly, and in any event within 10 business days as required by the CAN-SPAM Act.
Consent: Where required by applicable law (including the GDPR), we will obtain your prior consent before sending you marketing communications.
Data processing: Your newsletter subscription data is processed by our email service provider in accordance with their own privacy policy. We recommend you review their privacy policy for details on how they handle your data.

21. User-Generated Content and Submissions

The Site features founder stories, interviews, and other user-submitted content. When you submit content to us for potential publication, you should be aware of the following:

Any personal information included in your submission (such as your name, company name, photograph, biographical details, and business information) may be published on the Site and made publicly available
Published content, including your name and associated information, may be indexed by search engines and accessible to the public worldwide
By submitting content, you grant us a royalty-free, perpetual, irrevocable, non-exclusive, worldwide license to use, reproduce, edit, publish, distribute, and display such material as described in our Terms of Service
If you upload images, you should avoid uploading images that contain embedded location data (EXIF GPS), as visitors to the Site may be able to download and extract location data from images
You may request removal of your submitted content by contacting us, subject to the terms of our Terms of Service and any applicable legal requirements

22. Affiliate Disclosures and Advertising

The Site participates in select affiliate advertising programs, including the Amazon Services LLC Associates Program. This means that if you click on certain links on the Site and make a purchase, we may earn a commission from that purchase.

With respect to your privacy and affiliate programs:

Affiliate links may use cookies or tracking technologies to attribute sales to our Site. These cookies are placed by the affiliate program operator (such as Amazon), not by us, and are subject to the affiliate program operator’s privacy policy.
We do not receive personal information about you from affiliate program operators. We may receive aggregate, anonymized data about clicks and sales.
We are transparent about our affiliate relationships and mark affiliate content in accordance with applicable FTC guidelines and regulations.
You may opt out of affiliate tracking by disabling cookies in your browser settings or by using the opt-out tools described in Section 8.3.

23. State-Specific Privacy Rights (United States)

In addition to the CCPA/CPRA rights described in Section 15, residents of certain US states have additional privacy rights under their respective state privacy laws:

23.1 Virginia (VCDPA)

Virginia residents have the right to access, correct, delete, and obtain a copy of their personal data, the right to opt out of the processing of personal data for purposes of targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects. You may also appeal our decision regarding a data rights request by contacting us.

23.2 Colorado (CPA)

Colorado residents have the right to access, correct, and delete their personal data, to opt out of targeted advertising, data sales, and profiling, and to obtain a portable copy of their data. The Colorado Attorney General must be notified if an appeal of our decision is not resolved.

23.3 Connecticut (CTDPA)

Connecticut residents have the right to access, correct, delete, and obtain a copy of their personal data, to opt out of targeted advertising, data sales, and profiling, and to appeal decisions we make regarding their requests.

23.4 Utah (UCPA)

Utah residents have the right to access and delete their personal data, to opt out of the sale of personal data and targeted advertising, and to obtain a copy of their personal data in a portable format.

23.5 Other US State Privacy Laws

Additional US states have enacted or are enacting comprehensive privacy laws, including Oregon, Montana, Texas, Delaware, Iowa, New Hampshire, New Jersey, Tennessee, Indiana, Kentucky, Nebraska, Maryland, Minnesota, and others. If you are a resident of any state with an applicable consumer privacy law, you may exercise your rights under that law by contacting us at https://unseenfounder.com/contact/. We will process your request in accordance with applicable law.

24. Privacy Rights for Other Jurisdictions

24.1 Canada (PIPEDA)

If you are a Canadian resident, you have the right under PIPEDA to access and correct your personal information held by us, to withdraw consent for the processing of your personal information, and to file a complaint with the Office of the Privacy Commissioner of Canada. We will obtain your meaningful consent before collecting, using, or disclosing your personal information, except where legally permitted without consent.

24.2 Brazil (LGPD)

If you are a Brazilian resident, you have rights under the LGPD including the right to confirmation of processing, access to data, correction of incomplete or inaccurate data, anonymization, blocking, or deletion of unnecessary or excessive data, data portability, information about shared data, information about the possibility of denying consent, and the right to review automated decisions. To exercise these rights, please contact us using the information in Section 27.

24.3 Australia (Privacy Act 1988)

If you are an Australian resident, we are bound by the Australian Privacy Principles (APPs) under the Privacy Act 1988. You have the right to access and correct your personal information, and to make a complaint if you believe your privacy has been breached. Complaints may be directed to us or to the Office of the Australian Information Commissioner (OAIC).

24.4 Other International Visitors

If you are visiting the Site from a jurisdiction not specifically mentioned in this Policy, your use of the Site is governed by this Privacy Policy and applicable local laws. We are committed to respecting the privacy rights of all visitors and will process data rights requests from any jurisdiction in a timely and good-faith manner.

25. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of affected individuals, we will:

Notify the relevant supervisory authority (such as a Data Protection Authority in the EEA/UK) without undue delay and, where feasible, within 72 hours of becoming aware of the breach, as required by Article 33 of the GDPR
Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms, as required by Article 34 of the GDPR
Comply with state-level data breach notification laws in the United States, including California Civil Code § 1798.82 and equivalent laws in other states
Document the facts relating to the breach, its effects, and the remedial actions taken
Take reasonable steps to mitigate the effects of the breach and prevent recurrence

26. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, applicable laws, or for other operational, legal, or regulatory reasons. When we make material changes to this Policy, we will:

Post the updated Privacy Policy on the Site with a revised “Last Updated” date at the top of the Policy
Where required by applicable law, notify you by email or through a prominent notice on the Site prior to the changes taking effect
Obtain your consent to the updated Policy where required by applicable law

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Site after any changes to this Policy constitutes your acceptance of the updated Policy, except where additional consent is required by law.

27. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, or if you wish to exercise any of your rights described in this Policy, please contact us using the following methods:

Entity: MB Arrok (doing business as Unseen Founder)
Website: https://unseenfounder.com
Contact Page: https://unseenfounder.com/contact/

When contacting us regarding a data rights request, please provide sufficient information to allow us to verify your identity and to understand the nature and scope of your request. We may need to request additional information from you to verify your identity and process your request.

We aim to respond to all legitimate requests within the timeframes required by applicable law (typically within 30 days for GDPR requests and 45 days for CCPA/CPRA requests).

This Privacy Policy was last updated on March 5, 2026.