Gritscape Operational Acceleration Platform

Effective Date: May 2026 · Version 1.0 · Review Cycle: Annual, or upon material change in service scope, jurisdiction, or partnership structure

Code of Business Conduct

Preamble: The Gritscape Standard

Gritscape exists because founders outside established power centres are asked to build without infrastructure. That structural gap is not an excuse for us to operate with anything less than institutional-grade integrity.

Every founder who shares an idea, every university that signs an MoU, every investor who attends a Demo Day, and every mentor who joins a clinic must be able to trust that Gritscape will treat their time, data, and ambition with the seriousness those commitments deserve.

This Code is not a trust-page placeholder. It is a binding operational standard that governs how we represent ourselves, how we handle what others entrust to us, and how we respond when we fall short.

1. To Whom This Code Applies

This Code binds every person who acts on Gritscape's behalf or under its brand, including:

  • Founders, directors, officers, and employees
  • Advisors, mentors, clinic facilitators, and domain experts
  • Contractors, consultants, squad members, and outsourced operators
  • University coordinators, institutional partners, and their authorised representatives acting within Gritscape-managed programmes
  • Community moderators, THREX organisers, and event staff
  • Any third party with access to founder data, platform tools, or institutional relationships

Acceptance of this Code is a condition of engagement. Violation is grounds for immediate removal, contractual termination, legal action, or regulatory referral, depending on severity.

2. Foundational Commitments

Gritscape commits to:

  • Integrity: Truthful representation of capabilities, timelines, pricing, and outcomes. No fabrication. No implication of certainty where execution, regulation, or market forces create genuine uncertainty.
  • Competence: We offer guidance and execution only where we have verified capability, documented methodology, or qualified external support. We do not bluff through legal, tax, securities, or regulatory risk.
  • Confidentiality: Founder ideas, financial data, cap tables, customer evidence, and strategic plans are treated as privileged. Access is need-to-know. Disclosure is authorised, legally compelled, or operationally necessary, never casual.
  • Fairness: No elitism, gatekeeping, or dismissive conduct based on geography, pedigree, language, or stage. Tier-2 and Tier-3 founders receive the same operational rigour as metro founders.
  • Accountability: Decisions are documented. Errors are acknowledged. Remediation is prompt. Retaliation against good-faith reporting is prohibited and itself a violation.

3. Core Operating Principles

3.1 Execution Over Optics

We prioritise meaningful execution, measurable progress, operational clarity, and founder outcomes over performative branding, inflated claims, vanity metrics, or ecosystem theatrics.

Every public representation, internal report, and founder communication must be capable of substantiation.

3.2 Founder Respect

Every founder deserves to be treated with dignity, fairness, seriousness, and professional respect irrespective of geography, language, educational background, funding access, socioeconomic status, technical capability, gender, religion, caste, ethnicity, nationality, disability, or institutional affiliation.

Gritscape exists because many founders outside established metro circles lack access to strong infrastructure, so our conduct must actively reject elitism, ridicule, gatekeeping theatre, or dismissive behaviour toward early-stage builders.

3.3 Long-Term Trust

We seek to build durable trust rather than short-term commercial extraction.

We do not pressure founders into paid engagements that are clearly premature, unsuitable, or misaligned with their present stage. Where a founder is not yet ready for Copilot, Cohort, or another paid service, we guide them toward an earlier-stage or lower-friction next step rather than forcing conversion for short-term revenue.

3.4 Confidentiality and Data Responsibility

  • Access is need-to-know basis only.
  • Disclosure is authorised, legally compelled, or operationally necessary and is never casual.

Founder information, startup data, investor materials, operational strategies, financial projections, and intellectual property shall be handled with appropriate confidentiality, restricted access, and responsible operational discipline.

3.5 Honest Representation

We do not knowingly make false, misleading, exaggerated, manipulative, or unrealistic representations regarding funding probability, investor access, startup valuation, market outcomes, product success, revenue forecasts, technology capabilities, AI system accuracy, cohort outcomes, or partnership access.

4. Honest Representation

4.1 Marketing and Public Communication

All website copy, discovery-call messaging, sales collateral, social media content, and public statements must be:

  • Materially accurate and capable of internal substantiation
  • Current as of the date of publication
  • Clear about boundaries between what Gritscape delivers directly and what depends on founder execution, regulatory approval, or third-party action

We do not:

  • Guarantee funding outcomes, investor interest, or term-sheet conversion
  • Fabricate case studies, testimonials, or traction metrics
  • Misstate regulatory status (e.g., DPIIT recognition, SISFS implementing agency designation, NIDHI eligibility) as achieved when still pending
  • Create false impressions of institutional endorsement, government partnership, or investor syndicate affiliation
  • Use founder names, logos, or product screenshots in marketing without explicit written consent

4.2 Programme and Service Representation

Where a result depends on founder execution, market timing, grant committee discretion, or regulatory processing, we state that dependency explicitly. We do not imply certainty.

The 2% equity Cohort arrangement, Copilot monthly fees, standalone service pricing, and grant administration fees must be disclosed completely before commitment. No hidden charges. No retroactive price adjustments.

4.3 No Guarantee Clause

Gritscape does not guarantee funding, investment, startup success, revenue outcomes, market dominance, investor introductions, accelerator admission, product-market fit, hiring success, or legal approvals. Any projections, assessments, AI-generated insights, founder scores, or strategic recommendations are intended to support decision-making and operational planning and should not be interpreted as guarantees.

5. Founder Respect and Stage-Appropriate Guidance

5.1 Dignity in Every Interaction

Gritscape was built for founders who lack metro infrastructure. Our conduct must actively reject the elitism that keeps them outside. We treat every founder with the same operational seriousness, whether they are a solo founder in Coimbatore with a notebook or a team in Chennai with a live MVP.

5.2 No Pressure Conversion

We do not pressure founders into paid engagements that are structurally premature. If a founder is not yet Cohort-ready or Copilot-appropriate, we guide them to the Free Explorer tier, the MAPP self-assessment, or THREX community participation. Revenue must never come at the cost of founder trust.

5.3 Honest Assessment

The MAPP framework and Founder Gravity outputs must be calibrated honestly. A low score is not a sales opportunity; it is a diagnostic signal. We do not inflate MAPP scores to justify paid engagement. We do not deflate them to create anxiety.

6. Confidentiality and Founder Data Protection

6.1 Scope of Confidential Information

Founders routinely share:

  • Business plans, product roadmaps, and technical architecture
  • Financial models, cap tables, and equity structures
  • Customer interview data, LOIs, and pilot results
  • Legal documentation, incorporation filings, and compliance gaps
  • Investor materials, pitch decks, and term-sheet negotiations
  • Hiring plans, talent-matching briefs, and co-founder agreements
  • India-entry strategy, FEMA structuring, and RBI correspondence

All such information is strictly confidential unless:

  • The founder provides explicit written authorisation for specific disclosure
  • Disclosure is required by Indian law, court order, or regulatory directive
  • Disclosure is strictly necessary to deliver the agreed service scope (e.g., sharing a founder's profile with a shortlisted co-founder candidate)

6.2 Prohibited Uses

No team member or collaborator may use founder information for:

  • Personal investment or side-business advantage
  • Competitive positioning against the founder
  • Unauthorised referrals to external service providers
  • Informal sharing with mentors, investors, or community members
  • Training public-facing AI models without separate, explicit, documented consent

6.3 Technical Safeguards

Confidential information must be accessed only through:

  • The Founder OS, with row-level security (RLS) enforced at the Supabase PostgreSQL layer
  • Encrypted communication channels
  • HSM-grade encryption for KYC documents and identity proofs

Founder data isolation is non-negotiable. Even internal ops team members cannot access a founder's data without explicit permission.

6.4 AI and Data Usage Restrictions

Founder content, anything shared by the prospect, including pitch decks, financial models, customer evidence, and proprietary roadmaps, shall not be used to train public-facing AI or machine learning models without separate, explicit, documented consent.

Internal AI systems must operate within defined ethical and operational safeguards.

Any exposure of founder data to unapproved AI environments or third-party model training pipelines is prohibited.

7. Data Protection and DPDP 2023 Alignment

7.1 Data Protection Commitments

  • Data Minimisation: We collect only what is necessary for the specific service requested. The intake form does not harvest data unused in the MAPP assessment.
  • Consent: Every data collection point presents explicit consent language specifying what is collected, for what purpose, for how long, and with whom it may be shared.
  • Breach Response: Suspected breaches must be reported to the Grievance Officer within 2 hours and to CERT-In within the mandatory 6-hour window. Automated breach detection pipelines must not be disabled or ignored.
  • Deletion: Founder deletion requests receive confirmation within 24 hours. Deletion is executed across all storage layers — primary database, edge cache, API session data, and backup snapshots.
  • No Sale: We do not sell personal information. We do not monetise founder data through secondary use.

Gritscape's data architecture is designed around the Digital Personal Data Protection Act, 2023. Our conduct must match that design.

7.2 User Prohibitions

Users must not attempt unauthorised access, misuse platform vulnerabilities, scrape founder data, harvest confidential information, circumvent security controls, or upload malicious code or harmful material. Any suspected breach, misuse, or vulnerability must be reported immediately.

8. Professional Competence and Scope Discipline

8.1 What We Deliver

Gritscape provides operational acceleration: validation frameworks, legal squad execution, tech squad MVP builds, GTM Lab pilots, talent matching, and investor-readiness preparation. We deliver these with documented methodology, defined SLAs, and clear escalation paths.

8.2 What We Do Not Deliver

  • Incorporation workflow management (not legal advice on complex cross-border structures)
  • Compliance gap identification (not definitive regulatory interpretation)
  • Pitch deck and Demo Day preparation (not investment recommendation or valuation opinion)
  • Grant application facilitation (not guarantee of approval)

Gritscape is not a law firm, chartered accountancy practice, investment adviser, or securities broker. We support founders with:

Where a matter exceeds our qualified scope — complex FEMA structuring, contested IP litigation, tax optimisation for foreign subsidiaries, SEBI compliance for securities issuance — we refer the founder to qualified external specialists and document the referral.

8.3 AI and Automation Discipline

  • High-risk outputs (legal classification, regulatory flag, funding recommendation) require human review before transmission to the founder.
  • AI hallucinations must be caught and corrected, not transmitted as fact.
  • Founder data must not be exposed to unapproved AI environments or third-party model training pipelines.
  • The 87% MAPP accuracy baseline must be monitored monthly. If accuracy drops below 80%, recalibration is mandatory before the AI is used for tier assignment or squad prioritisation.

Gritscape AI, MAPP scoring, and Founder Gravity outputs support human judgment. They do not replace it.

9. Conflicts of Interest: Disclosure and Management

A conflict exists when personal, financial, or relational interests could impair objective judgment or create a perception of bias.

9.1 Disclosure Obligation

Team members, mentors, and advisors must disclose:

  • Financial interests in vendors, freelancers, or service providers they recommend to founders
  • Investment positions in startups competing with or adjacent to Gritscape portfolio companies
  • Side businesses that overlap with Gritscape service lines
  • Referral fee arrangements with external professionals
  • Personal relationships with founders under active assessment or squad execution
  • Dual advisory roles with investors who may receive Gritscape Demo Day introductions

Disclosure must be made to the operations lead or designated compliance contact before the conflicted activity occurs, not after.

9.2 Prohibited Conduct

  • Steering a founder toward a vendor in which the team member has an undisclosed interest
  • Using non-public founder information for personal investment decisions
  • Advising multiple directly competing founders without documented separation protocols
  • Recommending a deal structure or equity split because it benefits the team member more than the founder
  • Accepting gratuities, equity kickbacks, or undisclosed commissions from investors introduced through Gritscape Demo Day

10. Non-Discrimination, Dignity, and Anti-Harassment

10.1 Protected Characteristics

Gritscape prohibits discrimination, intimidation, harassment, bullying, humiliation, or exclusionary conduct in all operational, community, and institutional spaces.

This includes conduct based on gender, sex, sexual orientation, religion, caste, ethnicity, disability, age, language, nationality, region, educational background, socioeconomic status, or any protected attribute under Indian law.

10.2 Professional Disagreement vs. Disrespect

Professional disagreement is necessary and healthy. Disrespect is prohibited. Tough feedback must be specific, constructive, relevant to the work, and free of personal degradation. Founders must not be shamed publicly for incomplete readiness, weak traction, or early-stage confusion. Feedback environments should be candid, but they must remain psychologically safe and professionally structured.

10.3 Reasonable Accommodations

Reasonable accommodations shall be considered wherever operationally feasible for persons with disabilities, caregivers, or those with specific accessibility requirements. This applies to events, digital platforms, and physical engagements.

11. Ecosystem Ethics and Community Integrity

Gritscape is an execution layer within the start-up ecosystem, not an extraction layer.

11.1 Prohibited Practices

  • Bad-faith poaching of founders from partner universities or incubators
  • False whisper campaigns against competing accelerators or service providers
  • Fabricated competitive comparisons in sales conversations
  • Undisclosed paid placement in THREX, community forums, or mentor recommendations
  • Exploitative lead extraction from founders under the guise of free assessment
  • Converting community spaces (THREX, forums, webinars) into covert sales funnels or spam channels

11.2 Demo Day and Investor Introduction Ethics

  • Every investor introduction is warm by design — pre-briefed, qualified, and matched to the founder's sector and stage
  • We do not accept undisclosed referral fees, carry arrangements, or equity stakes from investors in exchange for introduction priority
  • Founder metrics presented to investors are clearly labelled as founder-reported and not independently audited, unless a third-party audit has been completed
  • Post-Demo Day follow-up packs are sent to all interested investors with identical structure and timing. No preferential treatment for sponsors or affiliated funds

11.3 THREX and Community Conduct

Where Gritscape operates THREX hackathons, founder forums, webinars, or community spaces, those spaces must remain useful, respectful, and not covertly converted into spam channels, pressure funnels, or undisclosed lead extraction mechanisms. Community moderation must be authentic, as specified in the Website Manual. Founders should not be shamed publicly for incomplete readiness, weak traction, or early-stage confusion.

12. Grant and Institutional Fund Integrity

12.1 Ring-Fencing and Utilisation

Gritscape administers and co-applies for government grants including NIDHI-Accelerator, SISFS, StartupTN, and BIRAC LEAP. Grant funds are ring-fenced in designated accounts and disbursed strictly per approved utilisation schedules. Monthly grant compliance review is mandatory before expenditure, not after. Mentor substitutions, vendor changes, or budget category shifts require documented notification to the programme officer.

12.2 Asset Tracking

Cloud infrastructure, equipment, and assets purchased with grant funds are tracked against NIDHI asset restriction periods and cannot be transferred without DST approval. The standard MoU asset clause is revised to state: "Equipment purchased with Gritscape operating funds or grant funds managed by Gritscape remains the sole property of Gritscape." All future grant asset purchases are documented with their restriction period prominently noted in the grant compliance file, with calendar alerts set for the restriction period end date.

12.3 Misrepresentation Prohibition

No grant funds may be used for payroll, entertainment, or activities outside the approved programme scope. Misrepresentation of grant utilisation, milestone achievement, or cohort composition to secure or retain funding is a terminable offence and may trigger regulatory referral. Where cloud infrastructure costs are classified, technical documentation must demonstrate alignment with the programme's approved budget category.

13. Fair Pricing, Commercial Transparency, and Refund Discipline

13.1 Clear Communication

All fees, equity terms, cancellation windows, and refund conditions must be communicated in writing before commitment:

  • Cohort: ₹1,00,000 + 2% equity at prevailing valuation, with vesting and documentation requirements
  • Copilot: ₹50,000/month, no equity, 48-hour response SLA
  • Standalone services: "Starting from" pricing with clear variables that affect final fee
  • Grant administration: 5–10% fee disclosed upfront

13.2 No Concealment

We do not:

  • Hide material pricing conditions in fine print
  • Imply that payment guarantees programme acceptance
  • Conceal boundaries between free discovery, assessment layers, and paid engagement
  • Charge for work already covered under a prior engagement without explicit amendment

13.3 Refund Integrity

Refund and cancellation terms published on the website and in the Founder Services Agreement must be honoured without obstruction. Disputes over refund eligibility are escalated to the Grievance Officer, not buried in administrative delay.

14. Anti-Bribery and Improper Influence

Gritscape prohibits bribery, kickbacks, facilitation payments, undisclosed commissions, or any improper advantage in connection with:

  • Founder admissions or cohort placement
  • University MoU negotiations or incubator management contracts
  • Grant applications, committee approvals, or disbursement processes
  • Procurement of vendors, mentors, or service providers
  • Investor access, Demo Day slots, or follow-up priority
  • Regulatory filings, DPIIT recognition, or compliance certifications

Reasonable hospitality and legitimate business development are permitted. They must never cross into secrecy, inducement, or quid pro quo. Any questionable payment, "special access" arrangement, or preferential treatment request must be escalated before action.

15. Intellectual Property and Originality

15.1 Founder IP

All intellectual property created by the founder before or during engagement remains founder-owned. Gritscape claims no stake in founder IP by virtue of the management fee, cohort equity, or service relationship. This is explicit in Clause 3 of the Founder Services Agreement.

15.2 Gritscape IP

The MAPP framework, Gritscape AI model weights, Founder OS architecture, proprietary methodologies, and training data remain Gritscape property. Founders receive no licence to use these outside the platform during or after engagement.

15.3 Third-Party Content

We do not copy, appropriate, or redistribute founder materials, proprietary playbooks, confidential decks, or brand elements without permission. Where Gritscape creates execution assets during an engagement, ownership and usage rights are governed by the applicable service agreement.

16. Records, Documentation, and Audit Integrity

  • Good records protect founders and Gritscape
  • Records are not backdated, manipulated, or altered to hide error or inflate compliance
  • Grant utilisation records, purchase orders, invoices, and bank statements are maintained for the statutory period and made available for DST, SIDBI, or auditor review
  • Founder OS activity logs, MAPP assessments, and squad deliverables are retained per the Data Security and Retention Policy

Material decisions, approvals, founder instructions, commercial terms, access permissions, grievance actions, and execution steps must be documented in a reasonably organised manner.

17. Digital Communication and Social Media Conduct

Team members and representatives must exercise judgment in digital channels.

17.1 WhatsApp / Chat Apps and Messaging

Founder-sensitive information is not shared in unencrypted group chats. Cap tables, legal documents, and financial data belong in the Founder OS, not informal threads.

17.2 Email Protocol

External communications with founders, investors, and partners must use Gritscape domain addresses. Personal email accounts are not authorised for business correspondence.

17.3 Social Media and Public Posts

Persons representing Gritscape publicly must avoid false or misleading claims, defamatory or inflammatory commentary, and unauthorised media representations. Public posts referencing Gritscape founders, partners, or portfolio companies require prior approval. No live-tweeting of Demo Day pitches, MAPP scores, or confidential founder struggles.

17.4 LinkedIn and Public Profiles

Mentors and squad members representing Gritscape must not claim credentials, partnerships, or regulatory statuses they do not hold. Personal views must be distinguished from official Gritscape statements.

18. Regulatory Compliance

All operations conducted by or on behalf of Gritscape shall comply with applicable Indian law, including the Information Technology Act, 2000; the Digital Personal Data Protection Act, 2023; intellectual property statutes; contract law; employment regulations; consumer protection principles; and applicable taxation and compliance frameworks.

19. Third-Party Conduct

Vendors, freelancers, agencies, and collaborators engaged by Gritscape — including Legal Squad contractors, Tech Squad developers, GTM Lab specialists, and mentor clinic facilitators — are expected to follow applicable laws, maintain confidentiality, respect founder information, avoid unethical conduct, and comply with agreed service standards.

Serious breaches may result in immediate termination of engagement and vendor blacklisting.

20. Speaking Up, Grievance Escalation, and Non-Retaliation

20.1 Reporting Channel

Anyone who encounters conduct inconsistent with this Code may report concerns to:

Grievance Officer — grievance@gritscape.com (for user, founder & partner complaints)

Ethics and Compliance Desk — ethics@gritscape.com (for internal misconduct, conflicts, & policy violations)

20.2 Reportable Concerns

Reports may relate to:

  • Confidentiality breaches or data misuse
  • Discrimination, harassment, or disrespectful conduct
  • Unethical sales pressure or misrepresentation
  • Conflicts of interest or undisclosed financial ties
  • Grant fund misuse or utilisation misstatement
  • Improper AI usage or hallucinated output transmission
  • Bribery, improper influence, or corrupt practice
  • Retaliation or suppression of good-faith reporting

20.3 Process and Timelines

  • Acknowledgement: Within 24 hours of receipt
  • Substantive response: Within 15 calendar days, per the Grievance Redressal Policy
  • Investigation: Fair, documented, and proportionate to the allegation
  • Corrective action: Counselling, retraining, restricted access, removal from project, suspension, termination, contractual remedy, or regulatory referral, depending on severity
  • Appeal: Available to the reporting party if dissatisfied with resolution

20.4 Non-Retaliation

  • Demotion, exclusion, or removal from opportunities
  • Public shaming or professional blacklisting
  • Threats of legal action intended to silence reporting
  • Informal pressure to withdraw or modify a report

Retaliation against any person who raises a concern, reports suspected misconduct, cooperates in an internal review, or seeks clarification in good faith is prohibited and itself a violation of this Code.

Malicious or knowingly false allegations, however, may themselves constitute misconduct.

21. Enforcement and Consequences

Violations of this Code may result in graduated responses based on severity:

  • Minor / First-time — Counselling, retraining, written warning (e.g., inadvertent social media slip, minor documentation lapse).
  • Moderate / Repeated — Restricted access, removal from project, suspension (e.g., repeated confidentiality lapses, undisclosed minor conflict, pressure conversion attempt).
  • Serious / Intentional — Termination of association, contractual remedy, legal action (e.g., grant fund misuse, founder data theft, bribery, systematic misrepresentation, AI manipulation).
  • Criminal / Regulatory — Regulatory referral to CERT-In, Data Protection Board, DST, StartupTN, or law enforcement (e.g., data breach cover-up, fraudulent grant application, securities misrepresentation, sexual harassment).

Where misconduct affects founders, users, or partners, Gritscape will take corrective and remedial steps to limit further harm, including notification, service recovery, and, where required by DPDP 2023, breach reporting.

22. Integration with Other Policies

This Code operates alongside and is reinforced by:

  • Founder Services Agreement (equity, IP, data, termination)
  • Privacy Policy and Data Security and Retention Policy (DPDP 2023 compliance)
  • Grievance Redressal Policy (reporting timelines and escalation)
  • Refund and Cancellation Policy (commercial fairness)
  • Terms of Use (platform conduct and liability boundaries)
  • University MoU (Clause 11: Data Rights; Clause 14: Termination and Active Cohort Protection)

In case of conflict, the Founder Services Agreement governs for individual founder engagements, the University MoU governs for institutional partnerships, and this Code governs conduct standards for all parties.

23. Review, Amendment, and Evolution

23.1 Review Cycle

This Code is reviewed annually, or sooner upon material change in service scope (new geographies, new engagement tiers), regulatory amendment (DPDP 2023 rules, DST grant guideline updates), platform architecture change (new AI capabilities, new data handling), or significant incident or near-miss that reveals a gap.

23.2 Amendment

Gritscape reserves the right to update or revise this Code periodically to reflect operational, technological, legal, regulatory, or ecosystem developments. Updated versions shall become effective upon publication unless otherwise stated. All bound parties shall be notified of material changes.

23.3 Evolution with Growth

As Gritscape expands its Founder OS, AI-assisted workflows, India-entry services, and university-facing products, this Code must mature with the operational reality rather than remain a static trust-page placeholder.

Acknowledgment

Every person bound by this Code must acknowledge receipt and understanding before accessing founder data, platform tools, or institutional relationships.

"I have read, understood, and agree to abide by the Gritscape Code of Business Conduct. I understand that violation may result in removal from engagement and that I have a duty to report concerns without fear of retaliation."