Privacy Policy

1. What we collect

Account data: name, email, and a hashed password. Organization & proposal data: the profile details and grant information you enter to generate proposals. Billing data: handled by our payment partner Lemon Squeezy (merchant of record) - we never see or store your card details. Technical data: basic logs (IP address, timestamps) for security and rate limiting.

2. How we use it

To operate the Service: generating your proposals, sending transactional emails (verification, password reset), processing subscriptions, preventing abuse, and improving the product. We do not sell your personal data. We do not send marketing email without your consent.

3. AI processing

When you generate a proposal, your organization profile and grant details are sent to our AI infrastructure provider (Groq, Inc.) to produce the draft, under their data processing terms. Your content is not used by us to train AI models.

4. Service providers

We use trusted providers to run GrantEasy: Vercel (hosting), MongoDB Atlas (database), Groq (AI inference), Lemon Squeezy (payments), and Brevo (transactional email). Each receives only the data needed for its function.

5. Data retention & deletion

Your data is retained while your account is active. You can delete your account anytime from Settings - this permanently deletes your profile, organization data, proposals, and deadlines. Billing records are retained by Lemon Squeezy as required for tax and accounting law.

6. Security

Passwords are hashed with bcrypt; verification and reset tokens are stored only as SHA-256 hashes; all traffic is encrypted with HTTPS; payment webhooks are signature-verified. No method is 100% secure, but we follow industry best practices.

7. Your rights

Depending on your location (including under GDPR and similar laws), you may have rights to access, correct, export, or delete your personal data. Most of these are available directly in the app; for anything else, contact us and we'll respond within 30 days.

8. Cookies

We use a single essential cookie to keep you logged in. We do not use advertising or third-party tracking cookies.

9. Children

GrantEasy is not directed at children under 18 and we do not knowingly collect their data.

10. Changes & contact

We will notify you of material changes to this policy. Questions: contact us at the support email listed on our website.