Privacy Policy

1. Introduction

ArceusX Ventures LLC ("we," "our," or "us") operates Sieve, an AI-powered venture capital due diligence platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application at app.sieve.arceusxventures.com, our public API at api.sieve.arceusxventures.com, or our MCP (Model Context Protocol) server (collectively, the "Service").

By using Sieve, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

• Name and email address
• Organization name and role
• Authentication credentials (securely hashed)
• Profile preferences and settings

2.2 Content You Provide

• Pitch decks and documents you upload for analysis
• Deal information and notes
• Comments and feedback on analyses
• Content imported from connected services (e.g., Notion, Google Drive)

2.3 Automatically Collected Information

• Usage data (pages visited, features used, timestamps)
• Device information (browser type, operating system)
• IP address and approximate location
• Cookies and similar tracking technologies

2.4 API and MCP Server Data

• API keys (stored as cryptographic hashes only; we never store raw keys)
• Company names and descriptions submitted for screening
• API request metadata (endpoint, method, response time, timestamp)
• Monthly usage counts per API key for rate limiting

What we do not collect: When you use Sieve through an AI assistant (such as Claude, ChatGPT, or Cursor) via our MCP server, we do not receive, store, or have access to your conversation history, prompts, or any data exchanged between you and the AI assistant. We only receive the specific API requests your assistant makes to our screening endpoints.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process documents through AI analysis for due diligence reports
• Generate investment memos and scoring assessments
• Respond to your inquiries and provide customer support
• Send service-related communications and important notices
• Analyze usage patterns to improve user experience and features
• Detect, prevent, and address technical issues or fraud
• Comply with legal obligations

4. AI Processing and Third-Party Services

Sieve uses artificial intelligence to analyze documents and generate insights. Your data may be processed by the following third-party AI providers:

• Anthropic (Claude) - For document analysis and report generation
• OpenAI - For embeddings and semantic search
• Groq - For fast document processing

These providers process data according to their respective privacy policies. We have data processing agreements with each provider to ensure appropriate safeguards.

Important: Documents you upload are processed by AI models to extract insights. While we implement security measures, you should not upload documents containing highly sensitive personal information unless necessary for analysis.

5. Public API and MCP Server

Sieve provides a public API and an MCP (Model Context Protocol) server that enable AI assistants and third-party applications to access our due diligence screening capabilities programmatically.

5.1 API Authentication

Access to the API requires an API key, which is tied to your organization account. API keys are stored as SHA-256 hashes; we cannot recover your raw key after creation. You may revoke API keys at any time from your account settings.

5.2 Data Processed via API

When you submit a company for screening via the API or MCP server, we process the company name, website URL, description, and any pitch deck text you provide. This data is used solely to generate the due diligence analysis and is subject to the same AI processing described in Section 4.

5.3 Rate Limiting and Usage Tracking

We track the number of screening requests per API key per billing period to enforce rate limits. This usage data includes the API key identifier (hashed), endpoint called, HTTP method, status code, and timestamp.

5.4 No Conversation Data Collection

When Sieve is used as an MCP server within AI assistants (such as Claude, ChatGPT, Cursor, or Windsurf), we do not collect, store, or have access to any conversation context, user prompts, or AI-generated responses. Our server only processes the explicit tool calls made to our API endpoints.

6. Third-Party Integrations

You may choose to connect Sieve with third-party services such as:

• Notion - To import documents and export reports
• Google - For authentication (OAuth)

When you connect these services, we access only the data necessary to provide the requested functionality. You can disconnect integrations at any time from your settings.

7. Data Sharing and Disclosure

We do not sell your personal information. We may share your information:

• Within your organization - Team members in your organization can access shared deals and analyses
• With service providers - Who assist us in operating the Service (hosting, analytics, AI processing)
• For legal compliance - When required by law or to protect rights and safety
• In business transfers - In connection with a merger, acquisition, or sale of assets

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption of data in transit (TLS) and at rest
• Secure authentication with hashed passwords
• Regular security assessments and monitoring
• Access controls and audit logging
• Encrypted storage of third-party OAuth tokens

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

9. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. You may request deletion of your account and associated data at any time.

After account deletion, we may retain certain data for up to 90 days for backup purposes and legal compliance. Aggregated, anonymized data may be retained indefinitely for analytics.

10. Your Rights

Depending on your location, you may have the right to:

• Access - Request a copy of your personal data
• Correction - Request correction of inaccurate data
• Deletion - Request deletion of your data
• Portability - Receive your data in a portable format
• Restriction - Request restriction of processing
• Objection - Object to certain processing activities

To exercise these rights, contact us at hello@arceusxventures.com.

11. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information is collected, request deletion, and opt-out of the sale of personal information.

We do not sell personal information. To exercise your CCPA rights, contact us at the email above.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States. These countries may have different data protection laws. We ensure appropriate safeguards are in place for such transfers.

13. Children's Privacy

Sieve is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: