I think start-up culture tends to be a bit unethical - we favor expedience and results over rules and regulations, and that's generally correct, but also leads us into murky territory.
The most important guideline might be this - build a company where you'd want to have any of the jobs, and where you'd want to be a customer. But specifically:
1) never send someone an email without explicit opt-in (make them check a box, don't start spamming just because they registered).
2) make it easy for a user to delete themselves from your database, entirely
3) make it easy for a user to port data elsewhere
4) don't make up fake email personages, or otherwise overtly lie to your customers
5) don't use misleading numbers for marketing or fundraising
6) give employees warning and/or severance when you plan to fire them
7) don't discriminate based on gender or sexual preference, even though it may be legal for small companies to do so in your locality
8) if you store financial or sensitive data, make security a priority
For example, if I've been taking money from a customer, then I am required to keep appropriate records of that, for example for tax purposes. I must not completely delete that user from my database, no matter how much they ask me to or how willing I would be to do so absent the legal/regulatory requirements that I have to meet.
Having said that, I think serious ethical problems start to creep in if we allow genuine obligations like that one to start getting blurred. After all, if I have to keep some personal data on file because of my tax obligations, there's no harm in keeping the rest as well, right? No-one will ever know unless we get hacked, and we're 100% confident in our security so that's never going to happen. Similarly, if users are signing up using an e-mail address as account ID and I send the required legalese documents to them at that address when they sign up, I might as well send them "news" every few days as well since they obviously don't mind hearing from me. And hey, I've got a cookie there to handle someone logging in, so no harm in having another one for analytics, and if we're going to do that, we might as well let advertisers use tracking cookies as well because no-one cares about privacy any more and they're all on Facebook anyway.
I suppose the trouble is that all of those things are probably already illegal, at least in my jurisdiction, and any start-up willing to do them is probably just as willing to sign up to any friendly-sounding "pledge" and then completely ignore it. Put another way, I'd be happy for any business I run to commit to a realistic pledge along the lines you suggested, but then we wouldn't be doing the sorts of shady thing you're trying to highlight anyway, so I'm not sure anyone gains anything from it.
do you feel like this is a big problem in the startup world?
More on point, our cultural norms are a little funky. I don't feel really that their should be any degree at a university where there are 20x the number of male students than female students. However, in the computer science world, this is probably the case. This isn't from direct discrimination, but as I said, from cultural standards. Perhaps we should try to be more welcoming to women in the technology field in general.
I personally think that startups face enough challenges already and anything that goes beyond legal limitations and restrictions is just reducing the chances for startups to succeed. Startups are there to break the rules, be disruptive, and should get some slack to "fake it until they make it".
Most of these things already come under "legal limitations and restrictions", and if a start-up can't disrupt a market or create a viable competing offer without breaking those rules, then perhaps it deserves to fail.