What we refuse to build
is as important as what we ship.
IDØ exists to give founders and investors better intelligence — without becoming the surveillance tool that no one asked for. This page is the full list of design choices, hard boundaries, and infrastructure controls that keep that promise honest.
A serious intelligence tool earns trust by limiting itself, not by collecting more. IDØ ingests only public artifacts, refuses to score on who anyone is, and never tells a company that someone looked at it. These are architectural decisions, not policies — they are the same even if our leadership changes.
Public artifacts. With timestamps and source URLs on every record.
Public web surfaces
Marketing sites, pricing pages, careers pages, blogs, RSS feeds, changelogs, official documentation, public GitHub repos.
Public press + community
Trade press, HN, Product Hunt, Reddit, X / Twitter posts and quoted threads.
Public funding records
Crunchbase-class data, SEC filings, public press releases, accelerator portfolio pages.
Founder-supplied content
Anything a founder voluntarily adds to their own claimed profile — events, commentary, links.
Eight hard boundaries.
- ×Demographic features — no age, gender, race, school prestige, location
- ×LinkedIn scraping — no centralised credential pool, ever
- ×Personal email mining — we do not buy or sell email lists
- ×Behavioural tracking of viewers — investor mode is read-only
- ×Cross-site fingerprinting — no tracking pixels on company pages
- ×Sale of user data to third parties — not as a side hustle, not ever
- ×Public 'who looked' leaderboards — we cannot show them; we do not record them
- ×Binary verdicts on people — the platform refuses to issue a yes/no on anyone
The reason these are off-limits is that every one of them is what a worse, easier-to-build product would do. The interesting question is not whether they would generate revenue (they would). It is whether they would make IDØ a tool you can trust. The answer is no.
Investors cannot follow you. By architecture.
The investor product surface has no "follow" button, no watchlist, no alert subscription, no scheduled email digest of any company. There is no path through the UI to subscribe to changes.
Under the hood, the platform does not store a record of which investor opened which company page. We log requests for performance and abuse-prevention, but we do not maintain a per-user view-history of company pages — and the per-investor view log is irrecoverable after 7 days.
This is not a policy that could be loosened in the next quarterly roadmap. The data model has no field for it. The investor app has no UI for it. The notification system has no recipient for it.
Verifiable: any company can request their own "who looked at us" report. The answer is always "we do not have one to give you, and we never will."
The boring controls that have to be in place.
Where we are, honestly.
We are pre-SOC 2. We are pre-ISO. We are pre-most-things you would expect on this page. This is by design: we will not put a compliance badge on the marketing site we don't have.
What we have today is a deliberate data minimisation posture, the infrastructure controls above, and a willingness to walk through the architecture with any prospective customer in detail.
What we are committed to: SOC 2 Type 1 within the first six months of paid usage; SOC 2 Type 2 within the first year. GDPR and CCPA-equivalent posture from day one.
Found something off?
Vulnerability disclosure, privacy concerns, or any of the above. We read every email at this address.
security@ido.dev →