Think NeverlandWhere Imagination Ships
← Back to Home

Privacy Policy

Last updated: February 24, 2026

1. Defined Terms

In this Privacy Policy, the following terms have the meanings set forth below:

  • “Company,” “we,” “us,” or “our” means Think Neverland, LLC, a limited liability company organized under the laws of the State of Ohio.
  • “Platform” means the Think Neverland web application accessible at thinkneverland.com and all related subdomains, APIs, and interfaces.
  • “Services” means the Platform, the Venture Studio program, all related tools, features, and communications provided by the Company.
  • “Venture Studio” means the Company's business of building, incubating, and operating software products in partnership with founders and contributors.
  • “Personal Data” means any information that identifies, relates to, describes, or could reasonably be linked to an identified or identifiable individual.
  • “User,” “you,” or “your” means any individual who accesses or uses the Services.

2. Information We Collect

2.1 Information You Provide Directly

  • Contact Information: Name, email address, and message content when you use our contact form or communicate with us.
  • Pitch & Idea Submissions: Name, email address, project name, project description, venture category, and any supporting materials you submit through our pitch form. This information is used to evaluate potential partnership opportunities.
  • Account Information: Name, email address, and authentication credentials when you create an account on the Platform.
  • Organization & Team Data: Organization name, team member information, roles, project milestones, and related collaboration data when you participate in the Venture Studio program.
  • Payment & Financial Information: Bank account details, tax identification numbers, and billing information when you use payment features (e.g., Stripe Connect for revenue sharing). Payment processing is handled by Stripe, Inc. and is subject to Stripe's Privacy Policy.
  • Legal Documents & Electronic Signatures: Electronic signatures, signatory metadata, and agreement content when you execute contracts through the Platform (e.g., operating agreements, revenue-share agreements, NDAs).
  • Cookie Consent Records: Your cookie preference selections, consent timestamps, and associated identifiers for compliance purposes.

2.2 Information Collected Automatically

  • Usage Data: IP address, browser type and version, operating system, referring URLs, pages viewed, clickstream data, and the dates and times of your visits.
  • Device Information: Device type, screen resolution, operating system version, and unique device identifiers.
  • Session Data: Session cookies and authentication tokens used to maintain your login state and secure your Platform experience.
  • Log Data: Server logs that record requests made to our Services, including timestamps, HTTP methods, and response codes.

2.3 Information We Do Not Collect

We do not knowingly collect Social Security numbers, government-issued identification numbers, biometric data, health information, or financial account numbers beyond those necessary for payment processing through Stripe.

3. Legal Basis for Processing

3.1 For Users in the European Economic Area (EEA) and United Kingdom

We process your Personal Data only where we have a valid legal basis under the General Data Protection Regulation (GDPR):

  • Consent: Where you have given explicit consent to the processing (e.g., cookie preferences, marketing communications). You may withdraw consent at any time.
  • Contractual Necessity: Where processing is necessary to perform a contract with you or to take pre-contractual steps at your request (e.g., account creation, Venture Studio participation, payment processing).
  • Legitimate Interests: Where processing is necessary for our legitimate interests, provided those interests are not overridden by your rights (e.g., fraud prevention, service improvement, security monitoring).
  • Legal Obligation: Where processing is required to comply with applicable law (e.g., tax reporting, financial regulations, responding to lawful requests from authorities).

3.2 For Users in the United States

We process your Personal Data for the following business purposes under applicable U.S. privacy laws:

  • Service Performance: To provide, maintain, and improve the Services you have requested.
  • Business Operations: To manage accounts, process transactions, administer the Venture Studio program, and communicate with you about your projects and ventures.
  • Fraud Prevention & Security: To detect, prevent, and respond to security incidents, fraud, and other harmful activity.
  • Legal Compliance: To comply with applicable federal, state, and local laws, regulations, and legal processes.

3.3 Legal Basis by Activity

  • Account creation: Contractual necessity / Service performance
  • Pitch submissions: Legitimate interest / Contractual necessity
  • Payment processing: Contractual necessity / Legal obligation
  • Marketing communications: Consent (opt-in only)
  • Analytics (if implemented): Consent / Legitimate interest
  • Security monitoring: Legitimate interest / Legal obligation

4. How We Use Your Information

We use the information we collect to:

  • Respond to your inquiries and contact form submissions
  • Evaluate venture pitch submissions and partnership opportunities
  • Provide, operate, maintain, and improve the Platform and Services
  • Create and manage your account, team memberships, and organizational roles
  • Process payments, revenue-share distributions, and related financial transactions
  • Generate, manage, and store legal documents, agreements, and electronic signatures
  • Communicate with you about your account, projects, milestones, and Platform updates
  • Send transactional emails (e.g., magic-link authentication, payment confirmations, agreement notifications)
  • Monitor and analyze usage patterns to improve user experience and Platform performance
  • Detect, prevent, and respond to fraud, abuse, security incidents, and technical issues
  • Enforce our Terms of Service and other agreements
  • Comply with applicable legal obligations, including tax and financial reporting requirements

5. Sharing of Information

We do not sell, trade, rent, or otherwise disclose your Personal Data for monetary or other valuable consideration. We may share information only in the following limited circumstances:

  • Venture Studio Partners: If you participate in the Venture Studio program, limited information about your project, role, and contact details may be shared with other team members, co-founders, or collaborators within the same venture, strictly as necessary for project operations and as described in your executed venture agreement.
  • Service Providers: We share information with third-party service providers who process data on our behalf to help us operate the Services (e.g., hosting, email delivery, payment processing). These providers are contractually obligated to use your data only as directed by us and to maintain appropriate security measures.
  • Payment Processors: Payment and financial data is processed by Stripe, Inc. We share only the information necessary to facilitate transactions and comply with financial regulations.
  • Legal Requirements: We may disclose information if required to do so by law, regulation, subpoena, court order, or other governmental or legal process.
  • Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your Personal Data may be transferred as part of that transaction. We will provide notice before your Personal Data is transferred and becomes subject to a different privacy policy.
  • Protection of Rights: We may disclose information where we believe it is necessary to protect the rights, property, or safety of Think Neverland, LLC, our Users, or others, including to prevent or stop activity that we consider to be illegal, unethical, or legally actionable.
  • With Your Consent: We may share your information for any other purpose with your explicit consent.

6. Third-Party Services

Our Services integrate with or rely upon the following third-party services. Each third party processes data according to its own privacy policy:

We conduct reasonable due diligence on our service providers to ensure they maintain appropriate security and privacy practices. We do not control the privacy practices of these third parties, and their use of your information is governed by their respective privacy policies.

7. Data Retention

We retain Personal Data only for as long as reasonably necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Our specific retention periods are:

  • Account data: Retained for the duration of your active account. Upon account deletion request, data is deleted within 30 days, except where retention is required by law.
  • Pitch submissions: Retained for the duration of the evaluation process. If accepted, retained for the duration of the venture partnership plus three (3) years following termination. If declined, retained for one (1) year following the date of evaluation, then deleted.
  • Payment & financial records: Retained for seven (7) years as required by applicable U.S. federal and state tax and financial regulations (including IRS record-keeping requirements).
  • Tax information (W-9, 1099): Retained for seven (7) years from the date of the relevant tax year.
  • Legal agreements & signatures: Retained for the duration of the agreement plus the applicable statute of limitations (typically six (6) years under Ohio law).
  • Cookie consent records: Retained for three (3) years from the date of consent, as required for demonstrating compliance.
  • Server logs & usage data: Retained for ninety (90) days, unless needed for investigation of a security incident.
  • Contact form submissions: Retained for two (2) years.

We may retain data beyond these periods where necessary for the establishment, exercise, or defense of legal claims, or to comply with a legal obligation.

8. Data Security

We implement reasonable technical and organizational measures designed to protect your Personal Data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS).
  • Encryption at Rest: Sensitive data stored in our databases is encrypted at rest.
  • Access Controls: Access to Personal Data is restricted to authorized personnel on a need-to-know basis, with role-based access controls.
  • Secure Authentication: We use magic-link authentication and secure session tokens. Passwords are not stored.
  • Rate Limiting: API and authentication endpoints are rate-limited to prevent brute-force attacks.
  • Vendor Due Diligence: We assess the security practices of third-party service providers before engaging them and require contractual protections where appropriate.
  • Incident Response: We maintain an incident response protocol to detect, investigate, and respond to security incidents. In the event of a data breach involving Personal Data, we will notify affected individuals and applicable regulatory authorities in accordance with applicable breach notification laws, including Ohio Revised Code § 1349.19 (within a reasonable time, not to exceed 45 days of discovery) and GDPR Article 72 (within 72 hours of awareness, where applicable).

No method of transmission over the Internet or electronic storage is completely secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

9. Your Privacy Rights

9.1 All Users

Regardless of your location, you have the right to:

  • Access the Personal Data we hold about you
  • Request correction of inaccurate or incomplete Personal Data
  • Request deletion of your Personal Data (subject to legal retention requirements)
  • Withdraw consent where processing is based on consent
  • Request information about the categories of data we collect and the purposes for which it is used

9.2 Ohio Residents (Ohio Data Protection Act)

Think Neverland, LLC is organized in the State of Ohio. If you are an Ohio resident, the Ohio Data Protection Act (ODPA, effective January 1, 2026) provides you with the following rights:

  • Right to Confirm & Access: Confirm whether we are processing your Personal Data and access that data.
  • Right to Delete: Request deletion of your Personal Data.
  • Right to Data Portability: Obtain a copy of your Personal Data in a portable, readily usable format.
  • Right to Opt Out: Opt out of the processing of your Personal Data for purposes of (a) targeted advertising, (b) the sale of Personal Data, or (c) profiling in furtherance of decisions that produce legal or similarly significant effects.

We do not sell Personal Data, engage in targeted advertising based on Personal Data, or conduct automated profiling that produces legal or similarly significant effects.

Exercising Your Rights: To exercise your ODPA rights, contact us at hello@thinkneverland.com. We will verify your identity before processing your request. We will respond within forty-five (45) days of receiving your verified request. We may extend this period by an additional forty-five (45) days where reasonably necessary, with notice to you.

Right to Appeal: If we decline to take action on your request, you may appeal by contacting us at hello@thinkneverland.com with the subject line “Privacy Rights Appeal.” We will respond to your appeal within sixty (60) days. If your appeal is denied, you may contact the Ohio Attorney General.

9.3 California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA), provides you with the following additional rights:

  • Right to Know: Request disclosure of the categories and specific pieces of Personal Data we have collected about you, the sources, the purposes, and the categories of third parties with whom we share it.
  • Right to Delete: Request deletion of your Personal Data, subject to certain exceptions.
  • Right to Correct: Request correction of inaccurate Personal Data.
  • Right to Opt Out of Sale/Sharing: Opt out of the sale or sharing of your Personal Data for cross-context behavioral advertising. We do not sell or share Personal Data as defined by the CCPA/CPRA.
  • Right to Limit Use of Sensitive Personal Information: Where applicable.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise your CCPA/CPRA rights, contact us at hello@thinkneverland.com. We will verify your identity and respond within forty-five (45) days.

9.4 Colorado, Virginia, Connecticut, and Other U.S. State Residents

If you are a resident of Colorado, Virginia, Connecticut, or another state with a comprehensive consumer privacy law, you may have similar rights to access, delete, correct, and opt out of certain processing of your Personal Data. To exercise these rights, contact us at hello@thinkneverland.com. We will process your request in accordance with the applicable state law and respond within the statutory deadline.

9.5 European Economic Area & United Kingdom Residents (GDPR / UK GDPR)

If you are located in the European Economic Area or the United Kingdom, you have the following rights under the GDPR:

  • Right of Access: Obtain confirmation of whether we process your Personal Data and access to that data.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data (“right to be forgotten”), subject to legal exceptions.
  • Right to Restrict Processing: Request restriction of processing in certain circumstances.
  • Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.
  • Right to Object: Object to processing based on legitimate interests, including direct marketing.
  • Rights Related to Automated Decision-Making: Not be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.
  • Right to Lodge a Complaint: Lodge a complaint with your local data protection supervisory authority.

To exercise your GDPR rights, contact us at hello@thinkneverland.com. We will respond within thirty (30) days of your request.

9.6 Verification Process

For all privacy rights requests, we may require you to verify your identity before processing your request. Verification methods may include confirming your email address, providing information associated with your account, or other reasonable means. We will not fulfill a request if we cannot verify your identity to a reasonable degree of certainty.

10. International Data Transfers

Our Services are hosted and operated in the United States. If you access our Services from outside the United States, including from the European Economic Area, the United Kingdom, or other jurisdictions with data protection laws that differ from those in the United States, your Personal Data will be transferred to, stored, and processed in the United States.

By using our Services, you acknowledge and consent to the transfer of your Personal Data to the United States. Where required by applicable law (including the GDPR), we will ensure that appropriate safeguards are in place for such transfers, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Other legally recognized transfer mechanisms as applicable

11. Marketing & Communications

We may send you transactional communications related to your account, projects, and the Services (e.g., authentication emails, payment confirmations, agreement notifications). These communications are necessary for the operation of the Services and are not considered marketing.

We will only send you marketing or promotional communications with your prior opt-in consent. You may opt out of marketing communications at any time by:

We comply with the CAN-SPAM Act of 2003. All marketing emails will include our physical address, a clear identification of the message as an advertisement (where applicable), and a functioning opt-out mechanism. We will honor opt-out requests within ten (10) business days.

12. Children's Privacy (COPPA)

Our Services are not directed to children under the age of thirteen (13). We do not knowingly collect, solicit, or maintain Personal Data from children under 13. If you are under 13, do not use or provide any information through the Services. In the European Economic Area, the age of digital consent is sixteen (16) years.

If we learn that we have collected Personal Data from a child under the applicable age of consent without verified parental consent, we will take immediate steps to delete that information. If you believe we have collected information from a child, please contact us at hello@thinkneverland.com.

13. Do Not Track

Our Services do not currently respond to “Do Not Track” (DNT) signals from web browsers. There is no universally accepted standard for how online services should respond to DNT signals. If a standard is adopted in the future, we will update this policy accordingly.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Any changes will be posted on this page with an updated “Last updated” date. If we make material changes, we will provide notice via email to the address associated with your account or through a prominent notice on the Platform at least thirty (30) days before the changes take effect. Your continued use of the Services after any changes constitutes your acceptance of the revised policy.

15. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Ohio, without regard to its conflict of law principles, except where superseded by applicable federal law or mandatory privacy regulations (e.g., GDPR, CCPA).

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will acknowledge receipt of your inquiry within five (5) business days and respond substantively within the timeframes required by applicable law.