Business Idea Discovery by Million Opportunities
Find business ideas

Legal

Privacy Policy

How Business Idea Discovery collects, stores, and processes account data, discovery inputs, local storage values, and third-party AI provider requests.

Last updated: March 20, 2026

This Privacy Policy describes how Business Idea Discovery ("we", "us", or "our") collects, uses, and shares information about you when you use our web application at this domain (the "Service").

§1 Information We Collect

We collect information you provide directly, including:

  • Account information (email address, invite code) when you sign in or register.
  • Discovery inputs (topics, role descriptions) that you enter into the workspace.
  • Contact information (name, email, message) submitted through project request or feedback forms.
  • API keys you supply in BYOK mode — these are stored only in your browser's localStorage and are never transmitted to our servers.

We also collect information automatically, including:

  • Session data stored in a server-side session cookie.
  • Browser localStorage values used to save your scan history, preferences, and theme selection.
  • Standard server request logs (IP address, user-agent, timestamp) for security and debugging purposes.

§2 How We Use Your Information

  • To provide, operate, and improve the Service.
  • To respond to requests submitted through project request and feedback forms.
  • To enforce usage limits, detect abuse, and maintain security.
  • To send transactional communications (e.g., replies to your inquiries).

We do not sell your personal information. We do not use your discovery inputs to train AI models.

§3 AI Processing

Scan inputs (topic, role) are sent to third-party AI providers (Google Gemini, OpenAI, Anthropic, or Kimi, depending on the mode you select) to generate results. These providers process your inputs under their own terms and privacy policies. In hosted mode, requests go through our server using our API credentials. In BYOK mode, your API key is sent directly from your browser to the provider's API.

§4 Cookies and Local Storage

We use a session cookie to maintain your login session. We use browser localStorage to save your scan history, preferences (theme, sort mode, billing mode), and BYOK API keys (BYOK mode only). No advertising or cross-site tracking cookies are used.

§5 Data Retention

Scan data and account information are retained for 12 months for scan results; 24 months for quote requests and feedback after account inactivity or deletion request, unless we are required to retain it by law. You may request deletion of your account data at any time by contacting us.

§6 Contact Us

For privacy-related requests or questions, contact us at: legal@1mil.app

§7 Third-Party Services

The Service may use the following third-party processors:

  • Google Gemini API — AI inference (hosted mode default)
  • OpenAI API — AI inference (BYOK optional)
  • Anthropic API — AI inference (BYOK optional)
  • Kimi API — AI inference (BYOK optional)
  • Vercel — hosting and serverless infrastructure
  • PostgreSQL database provider (if configured) — scan and account data storage

§8 Security

We implement reasonable technical and organizational measures to protect your information. However, no system is completely secure. BYOK API keys are stored only in your browser and are never transmitted to our servers. You are responsible for protecting your own browser environment. Contact us at legal@1mil.app to report any security concerns.

§9 Children

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13.

§10 California Residents (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know — You may request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete — You may request deletion of personal information we have collected, subject to certain exceptions.
  • Right to Opt-Out — We do not sell personal information. There is nothing to opt out of.
  • Right to Non-Discrimination — We will not discriminate against you for exercising any CCPA rights.

To exercise these rights, contact us at legal@1mil.app. We will respond within 45 days.

§11 European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the following applies:

  • Legal basis for processing — We process session and scan data on the basis of legitimate interests (operating and securing the Service). We process quote and feedback requests on the basis of contract performance (responding to your inquiry). Where required, we rely on your consent.
  • Your rights — You have the right to access, rectify, erase, restrict, or port your personal data, and to object to processing. You also have the right to lodge a complaint with your local supervisory authority.
  • Data transfers — Your data may be processed in the United States. Where we transfer data outside the EEA, we rely on standard contractual clauses or other lawful transfer mechanisms.
  • Retention — We retain personal data only as long as necessary for the purposes described in this policy or as required by law.

To exercise your rights or ask questions about our GDPR practices, contact us at legal@1mil.app.

§12 Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be noted by updating the "Last updated" date at the top. Continued use of the Service after changes constitutes acceptance of the updated policy. For questions, contact legal@1mil.app at Million Opportunities LLC.