Dormy is an AI-powered fundraising copilot for founders, exposed as both an MCP (Model Context Protocol) server and a CLI tool. It integrates into your agent stack (Claude Code, Cursor, or any MCP-compatible client) to provide curated investor intelligence, warm-intro paths, and proactive growth opportunities.

Founders and solo entrepreneurs raising pre-seed to Series A capital. Especially useful for technical builders and lean teams (2 to 5 people) who use AI agents daily and want data-driven investor intelligence without hiring a fundraising consultant.

How do I install Dormy?

Sign in at https://heydormy.ai with email OTP (no password). New accounts get $5 free credits. Then on /console/install copy the command `claude mcp add dormy --transport http https://mcp.heydormy.ai/mcp` and paste it in your terminal. The first tool call opens a browser tab to approve the OAuth connection — you're already signed in, so it's a one-click Approve. No API key required in the install command. For Telegram bot access, DM @dormyaibot directly with /start.

Does Dormy cost money?

New accounts get $5 free credits — enough for roughly 100 cheap-tier tool calls or 30 premium-tier (Claude Sonnet, Gemini Pro) calls. After that, top up from /console/billing via Stripe. Cheap-tier calls run ~$0.005 each, deep-reasoning calls ~$0.05. Power users can paste their own OpenRouter API key in /console/settings to bypass Dormy's per-token markup; you'd pay OpenRouter directly and Dormy charges nothing for that path.

What API keys do I need?

None to start. The MCP install command no longer requires an API key — Dormy uses OAuth 2.1 (authorization_code + PKCE) for MCP authentication. Sign in once via email OTP, click Approve in the consent screen the first time your agent calls a tool, and you're connected. Optionally, you can add your own OpenRouter API key in /console/settings to pay OpenRouter directly instead of buying Dormy credits.

How long does setup take?

Connect your workspace (Slack or Telegram) in about 2 minutes. Train Dormy on your context in roughly 15 minutes, or one founder call. Then Dormy starts working proactively.

Can I use Dormy without Claude Code or Cursor?

Yes. Request access to the Dormy Telegram bot via the contact form on https://heydormy.ai/#get-in-touch; once approved you'll receive a one-time invite link. Or connect to the same MCP server from any MCP-compatible client using URL https://mcp.heydormy.ai/mcp.

Privacy Policy

Effective Date: May 22, 2026 · Version: 1.0.0

This Privacy Policy describes how Dormitory LLC, a Nevada limited liability company (“Dormy”, “we”, “us”), collects, uses, and shares information when you visit heydormy.ai, use the Dormy console, the Dormy CLI, the Dormy MCP server, the Dormy Telegram bot, or any other product or service we offer (collectively, the “Services”).

1. Scope

This Policy applies to founders and other end users of the Services, prospective customers, support contacts, and visitors to our marketing pages. It does not apply to third-party services you access through Dormy (for example, Anthropic, OpenRouter, Stripe), which are governed by their own privacy notices.

2. Information We Collect

2.1 Information you provide

Account data: email address (for one-time-password sign-in), display name, optionally Telegram user ID once you link the bot.
Founder profile: company name, sector, stage, revenue, runway, fundraising context, and other inputs you submit through the console or CLI. We treat this as confidential business information.
Customer Content: prompts, files, chat messages, generated intro drafts, match results, and other content you create with the Services.
BYOK API keys: when you enable Bring-Your-Own-Key, the API keys you provide (for example, your OpenRouter key). Handling is described in Section 8.
Support communications: messages and attachments you send to support@heydormy.ai.
Payment information: handled by Stripe, Inc.; we receive only metadata (last four digits, brand, country, charge identifiers) and never store full card numbers.

2.2 Information we collect automatically

Usage telemetry: which Services you use, MCP tool calls, model identifiers, token counts, latency, success and error codes.
Security signals: IP address, approximate geolocation derived from IP, user-agent, session and authentication audit logs.
Cookies: a single HTTP-only session cookie (signed JWT, 7-day TTL) used to keep you signed in to the console. We do not use third-party advertising or cross-site tracking cookies.

2.3 Third-party contact data (special category)

Dormy operates on a private knowledge base that may include the names, work email addresses, employers, and public professional context of investors, advisors, and other business contacts who are not themselves Dormy users (“Third-Party Contact Data”). This data is sourced from your own records (for example, contacts you import) and from public business sources. Section 6 describes how Third-Party Contact Data is handled and how affected individuals can request access or deletion.

3. How We Use Information

Operate, secure, and improve the Services.
Authenticate you and prevent fraud, abuse, and unauthorized access.
Meter usage and process payments, including issuing refunds where applicable.
Respond to support inquiries and communicate operational notices (for example, security incidents, terms updates).
Generate aggregated or de-identified analytics that cannot reasonably identify you, for product research and reporting.
Comply with legal obligations and enforce our Terms of Service.

We do not sell your personal information, and we do not use your Customer Content to train foundation models. See Section 9.

4. How We Share Information

We share information only with the following categories of recipients and only as needed for the purposes listed:

Sub-processors that provide infrastructure, hosting, payment, messaging, AI inference, and analytics on our behalf. The current list is in Section 5.
Professional advisors (legal, accounting, insurance) under duties of confidentiality.
Authorities and other parties, when we believe in good faith that disclosure is required by law, subpoena, or other valid legal process, or to protect the rights, property, or safety of Dormy, our users, or the public.
Acquirers, in connection with a merger, financing, acquisition, or sale of assets, subject to customary confidentiality and to this Policy surviving the transaction.

We do not sell or rent personal information to third parties.

5. Current Sub-processors

The following sub-processors process personal information on our behalf as of the effective date of this Policy. We may update this list from time to time; the most current version will appear on this page.

Supabase Inc. (United States) — primary database, authentication storage, file storage.
Vercel Inc. (United States) — web hosting and CDN for heydormy.ai and the console.
Railway Corp. (United States) — hosting for the Dormy MCP server at mcp.heydormy.ai.
Stripe, Inc. (United States) — payment processing.
Resend, Inc. (United States) — transactional email delivery (one-time passwords, notifications).
OpenRouter, Inc. (United States) — LLM API gateway used to route inference to model providers under your BYOK key or, in metered modes, under ours.
Anthropic, PBC (United States) — LLM provider for certain skills and the memory extractor.
NVIDIA Corporation (United States) — LLM inference via the NVIDIA Build platform for the Dormy Router default tier.
MiroThinker — specialized agent inference for the deep research tool.
Tavily AI (United States) — programmatic web search.
Firecrawl (United States) — web page fetching and extraction.
EverMind / EverCore Cloud — managed memory backend used to store and retrieve durable user observations across sessions.
Telegram FZ-LLC (United Arab Emirates) — messaging platform used by the Dormy Telegram bot. Messages you send to the bot are processed by Telegram under its own privacy policy.

6. Third-Party Contact Data

Dormy’s investor and advisor matching features depend on a knowledge base of business contacts. Some of these contacts are individuals who are not Dormy users (“Affected Individuals”).

Legal basis (EEA/UK). We process Third-Party Contact Data on the basis of our legitimate interest (Article 6(1)(f) GDPR) in operating a business-to-business intelligence service for founders, balanced against the rights of the Affected Individuals. The data is limited to professional context (name, employer, work role, business email or social handles) and is not used for advertising or sold to third parties.
Sources. Third-Party Contact Data is drawn from (a) records imported by Dormy customers from their own CRMs or notes, and (b) public business sources such as company websites, public funding announcements, and public professional profiles.
Rights of Affected Individuals. If you are an Affected Individual and believe Dormy holds information about you, you may request access, correction, deletion, or objection to processing by emailing support@heydormy.ai with the subject line “Third-Party Contact Request”. We will respond within 30 days, subject to identity verification. Where we act as a processor for a Dormy customer (for example, contacts the customer imported), we will route the request to that customer and assist them in responding.

7. International Transfers

Dormy is operated from the United States, and most of our sub-processors are located in the United States. If you access the Services from outside the United States, your information will be transferred to, processed in, and stored in the United States and potentially other countries where our sub-processors operate. Where required, we rely on Standard Contractual Clauses or equivalent transfer mechanisms with our sub-processors.

8. BYOK Key Handling

When you enable Bring-Your-Own-Key on the console, the API key you submit is encrypted at rest using AES-256-GCM with a per-deployment encryption key before it is written to our database; the plaintext key is never persisted. For routing and rate-limit purposes we also store a SHA-256 prefix of the key as a non-reversible identifier.

When the console or the MCP server needs to call a downstream model provider on your behalf, the encrypted key is decrypted in memory only for the duration of that request and is passed as an Authorization: Bearer header to the relevant provider. We do not log plaintext keys. You can rotate or remove your key at any time from Console → Settings.

9. AI Models & Training

We do not use your Customer Content, founder profile, or Third- Party Contact Data to train foundation models. We invoke third-party LLM providers for inference only. Each provider’s own data practices apply to the request they receive; we choose providers whose default API terms commit to not training on customer inputs, and we will state any exception prominently before you use it.

10. Data Retention

Specific retention periods for each category of data are described in our Data Retention Policy. In summary, account data persists while your account is active and for a short grace period after closure; payment and tax records are kept as required by law; encrypted backups are rotated approximately every 30 days.

11. Security

We protect personal information using industry-standard safeguards, including TLS in transit, AES-256-GCM encryption for BYOK keys at rest, hashed and salted one-time-password tokens, row-level security on the primary database, scoped service credentials, and audit logging of administrative access. No system is perfectly secure; we cannot guarantee absolute security, and you are responsible for maintaining the security of your sign-in credentials and any device on which you access the Services.

12. Your Rights

12.1 General

Subject to applicable law, you have the right to access, correct, delete, port, and object to or restrict our processing of your personal information, and to withdraw consent where we rely on consent. To exercise any of these rights, email support@heydormy.ai with the subject line “Privacy Request”. We will verify your identity (for example, by confirming control of the account email) before acting.

12.2 EEA / UK (GDPR)

If you are in the EEA or the UK, our legal bases for processing are: (a) performance of a contract (operating the Services for you), (b) compliance with legal obligations, (c) legitimate interests (securing the Services, preventing abuse, operating a B2B intelligence service as described in Section 6), and (d) your consent where we ask for it. You have the right to lodge a complaint with your local data protection authority.

12.3 California (CCPA / CPRA)

If you are a California resident, you have the right to (a) know what categories of personal information we collect and how we use them (see Sections 2 and 3), (b) request deletion of personal information we hold about you, (c) correct inaccurate information, and (d) opt out of the sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising. We will not discriminate against you for exercising these rights.

13. Children’s Privacy

The Services are not directed to children under 16, and we do not knowingly collect personal information from children under 16. If you believe a child has provided us personal information, email us and we will delete it.

14. Changes to This Policy

We may update this Policy from time to time. If we make a material change, we will provide reasonable advance notice (for example, by email or via the console) before the change takes effect. The version and effective date at the top of this page indicate the current version.

15. Contact

Questions, requests, or complaints about this Policy: email support@heydormy.ai with “Privacy Request” in the subject line. Dormitory LLC is a Nevada limited liability company.

Questions about this document? Email support@heydormy.ai with the document name (e.g., “Privacy Request”) in the subject line.