Effective date: 21 October 2025

​

1. Introduction

Welcome to the privacy policy of YAVA London Ltd (trading as “Venture Crush”, “YAVA”, “we”, “us”, “our”).
We respect your privacy and are committed to protecting your personal data. This policy explains what data we collect, why we collect it, how we use it, who we share it with, how long we keep it, and what rights you have.

It applies to:

• Visitors to our website (https://www.venture-crush.com/ and related pages);

• Users registered as Founders or Techies (Developers);

• Anyone who interacts with us (support, events, surveys, marketing).

Questions? Email help@venture-crush.com

​

2. Who is the Controller

YAVA London Ltd is the data controller for all processing linked to the Platform.

Contact details
Email privacy@yava.com
Address 8 Oakfield Street, London, SW10 9JB, United Kingdom
Company No. 04787449

 

You may complain at any time to the Information Commissioner’s Office (ICO) (www.ico.org.uk). We’d appreciate the chance to resolve concerns first.

​

3) Changes to this Policy

We review this policy regularly. The version above is current as of 21 October 2025. We will post updates on the Platform and, where appropriate, notify you by email or in-app notice.

​

4) Third-Party Links & Services

Our website may include links to third-party websites, plug-ins and applications (for example, social media, payment pages, analytics dashboards). Clicking those links may allow third parties to collect or share data about you. We do not control third-party sites and are not responsible for their privacy notices. We encourage you to read the privacy policy of every website or app you visit.

If you access our services via third-party apps or logins, your use of those apps is governed by the relevant third party’s terms and privacy policy (e.g., Google, Meta/Instagram, X/Twitter).

​

5) The Data We Collect

“Personal data” means information that identifies you or can be used to identify you. We may collect, use, store and transfer the following categories.

A) Founders

• Identity Data: name, title.

• Contact Data: email, telephone, job title, company details, relevant online presence (e.g., LinkedIn URL you provide).

• Profile Data: username, password, responses to onboarding questions, skills/interests, startup details, preferences, reviews/ratings, messages and files you upload, surveys and feedback.

• Marketing Data: preferences for receiving marketing from us/third parties.

• Usage Data: how you use the Platform (pages viewed, features used, messages sent, time stamps).

• Technical Data: IP address, browser type/version, device type, OS, time zone, page response times, unique device identifiers, device settings, approximate geo-location.

• Transaction Data: subscription tier, invoices, payment confirmations, method token details from payment processors (we do not store full card PAN/CVV).

B) Techies (Developers)

• Identity Data: name, title.

• Contact Data: email, telephone, job title, company (if relevant), professional links/portfolio you share.

• Profile Data: username, password, skills/specialisms, experience, certifications (if provided), preferences, rates (if shared), reviews/ratings, messages and files you upload, surveys and feedback.

• Marketing Data, Usage Data, Technical Data, Transaction Data: as for Founders.

C) Website Visitors

• Technical Data and Usage Data as above (cookies, analytics, logs).

D) Aggregated Data

We create statistics (e.g., feature usage, conversion rates) from your data. Aggregated Data is not personal data unless it can identify you; if it can, we treat it as personal data.

E) Special Category / Criminal Data

We do not intentionally collect special category data (e.g., health, ethnicity, political opinions) or criminal convictions data. Please don’t upload such data to the Platform. If you do, you remain responsible for having a lawful basis and any necessary consents.

​

6) If You Don’t Provide Data

Where we need personal data by law or to provide the Platform (e.g., account details), we may be unable to create or maintain your account or deliver certain features if you don’t provide it.

​

7) How We Collect Data

• Direct interactions: account creation, profile setup, messaging, file uploads, surveys, support, events, newsletters.

• Automated technologies: cookies, SDKs and server logs collect Technical/Usage Data as you browse or use the Platform.

• Third parties:

  • Analytics (e.g., Google Analytics)

  • Payments (e.g., Stripe, PayPal, Klarna)

  • Authentication/verification tools (where used)

  • Marketing tools (email/SMS platforms, ad networks, social media platforms)

See our Cookies Notice for details on cookies/SDKs and how to control them.

​

8) How We Use Your Personal Data (Purposes & Legal Bases)

We will only use your personal data when the law allows. Our main legal bases are: contract, legitimate interests, legal obligation, and consent (where required).

We use your data to:

• Create and manage your account; enable log-in and security (contract, legitimate interests for security).

• Provide and improve the Platform; match Founders and Techies; operate messaging; host files; run search and discovery; provide support; monitor performance; fix bugs (contract, legitimate interests to run our business).

• Matching & recommendations (“profiling”): use your Profile/Usage Data to suggest relevant matches, Techies, Founders, resources, and opportunities (legitimate interests to make the Platform useful). We do not carry out automated decision-making that produces legal or similarly significant effects without human involvement.

• Payments & subscriptions: process fees, verify transactions, handle billing/invoices (contract, legal obligation re: tax/accounting).

• Safety, security & fraud prevention: detect misuse, enforce terms, prevent fraud, protect users and our systems (legitimate interests, legal obligation).

• Communications: service notices, changes to terms/policies, security alerts (contract, legal obligation, legitimate interests).

• Surveys, feedback, research & analytics: improve features, understand usage (legitimate interests).

• Marketing: send updates, offers, product news (see Section 9) (consent for individuals where required, otherwise legitimate interests where permitted).

• Legal & compliance: respond to regulators/law enforcement; enforce rights; manage disputes (legal obligation, legitimate interests).

We may rely on more than one lawful basis depending on context. Contact us if you want details of the specific basis for a given processing activity.

​

9) Marketing

We aim to send relevant communications. If you are an individual, we will rely on your consent (or soft opt-in where allowed) before sending email/SMS marketing. You can opt-out at any time via the unsubscribe link or by contacting us. Opting out of marketing won’t affect service communications (e.g., security, billing, changes to terms).

​

10) Cookies

You can set your browser to refuse all or some cookies or to alert you when a website sets/accesses cookies. Some Platform features may not function properly without certain cookies. See our Cookies Notice for details.

​

11) Change of Purpose

We will only use your personal data for the purposes we collected it for unless we reasonably consider we need to use it for another compatible purpose. If we need to use it for an unrelated purpose, we will explain the legal basis and provide notice where required.

​

12) Disclosures of Your Personal Data

We may share your data with:

• Other Users: Founders ↔ Techies for matching, messaging, and contracting (limited to what is necessary).

• Service providers (processors): hosting, storage, analytics, security, customer support, email/SMS platforms, marketing tools, product analytics, A/B testing, content moderation, identity checks (if used).

• Payment providers: Stripe, PayPal, Klarna (we do not store full card PAN/CVV).

• Professional advisers: lawyers, auditors, insurers, bankers.

• Authorities: HMRC, regulators, law enforcement, courts where required.

• Corporate transactions: buyers/investors during a merger, acquisition, restructure or asset sale; your data may be transferred to the new controller under the same protections.

We require processors to protect your data and act only on our instructions. We do not allow them to use your data for their own purposes.

​

13) International Transfers

Our infrastructure and providers may be located in or process data from the UK, EEA, and other countries. Where we transfer your data outside the UK/EEA, we will ensure appropriate safeguards are in place, such as:

• UK IDTA or EU Standard Contractual Clauses (SCCs) (plus UK Addendum where needed), and

• additional technical and organisational measures (e.g., encryption, access controls).
  Details are available on request. If you prefer the strict statement that no transfers occur, you may replace this section with your earlier wording—but most modern stacks do involve international processing.

​​

14) Data Security

We have implemented appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, alteration or disclosure. These include access controls, encryption in transit (and at rest where supported), segregated environments, role-based permissions, and employee confidentiality obligations. Despite our efforts, no system is 100% secure. If we become aware of a personal data breach that poses a risk to you, we will notify you and regulators where legally required.

Important safety notes for users:

• Do not share passwords or one-time codes.

• Do not upload full card numbers, CVV codes, bank PINs or highly sensitive personal data to chats or public areas.

• Use NDAs before disclosing sensitive IP or trade secrets (see Terms & Conditions).

• Use unique, strong passwords and enable device-level security.

​​​

15) Data Retention

We keep personal data only as long as necessary for the purposes described in this policy, including legal, tax, accounting or reporting requirements, dispute resolution, and fraud prevention. We consider the amount, nature and sensitivity of the data, the potential risk from unauthorised use or disclosure, the purposes and whether they can be achieved by other means, and applicable legal obligations.
High-level guidance:

• Account data: retained while your account is active and for a reasonable period thereafter (typically 6–72 months) to address queries, compliance and disputes.

• Contracts/transactions: retained per statutory requirements (often 6 years in the UK).

• Marketing preferences: retained until you opt-out and for a short period thereafter to ensure suppression.
  More detail is available on request.

​​

16) Your Rights

Under UK GDPR and (where applicable) EU GDPR, you have the right to:

• Access your personal data (commonly known as a Subject Access Request).

• Rectification of inaccurate or incomplete data.

• Erasure (“right to be forgotten”) in certain circumstances.

• Restriction of processing in certain circumstances.

• Data portability to you or a third party (for data you provided, processed by automated means, under consent or contract).

• Object to processing where we rely on legitimate interests and to direct marketing at any time.

• Withdraw consent at any time where we rely on consent (this won’t affect processing carried out before withdrawal).

No fee is usually required. We may charge a reasonable fee or refuse where a request is unfounded, repetitive or excessive.
Verification: we may need to confirm your identity before acting.
Timing: we aim to respond within one month (complex requests may take longer; we will keep you informed).

To exercise your rights, contact help@venture-crush.com

​

17) Children

The Platform is not intended for children under 13. Users aged 13–17 may only use the Platform with parental/guardian supervision and permission (controller of the account). We do not knowingly collect data from children under 13. If you believe a child has provided us personal data, please contact us and we will take appropriate steps.

​

18) Profiling & Automated Decision-Making

We use matching logic and recommendation systems to help Founders find Techies (and vice versa). This profiling uses your Profile/Usage Data to suggest more relevant matches and content. It does not produce legal or similarly significant effects without human involvement. You can always adjust your profile inputs and preferences to influence recommendations.

​

19) Confidentiality, IP & Sensitive Disclosures

Your ideas and IP remain yours. However, anything you choose to upload or share on the Platform is at your own risk. We strongly recommend using mutual NDAs before sharing sensitive or proprietary information and only sharing what is necessary. See our Terms & Conditions for more on idea protection, confidentiality and your responsibilities.

​

20) Contact & Complaints

Questions, requests or concerns about this policy or your data rights:
help@venture-crush.com | YAVA London Ltd, 8 Oakfield Street, London, SW10 9JB, UK

​

If you are not satisfied with our response, you may complain to the Information Commissioner’s Office (ICO): www.ico.org.uk.