Privacy Policy
Last updated: July 5, 2026
1. What we collect
Account data: name, email, and a hashed password. Organization & proposal data: the profile details and grant information you enter to generate proposals. Billing data: handled by our payment partner Lemon Squeezy (merchant of record) - we never see or store your card details. Technical data: basic logs (IP address, timestamps) for security and rate limiting.
2. How we use it
To operate the Service: generating your proposals, sending transactional emails (verification, password reset), processing subscriptions, preventing abuse, and improving the product. We do not sell your personal data. We do not send marketing email without your consent.
3. AI processing
When you generate a proposal, your organization profile and grant details are sent to our AI infrastructure provider (Groq, Inc.) to produce the draft, under their data processing terms. Your content is not used by us to train AI models.
4. Service providers
We use trusted providers to run GrantEasy: Vercel (hosting), MongoDB Atlas (database), Groq (AI inference), Lemon Squeezy (payments), and Brevo (transactional email). Each receives only the data needed for its function.
5. Data retention & deletion
Your data is retained while your account is active. You can delete your account anytime from Settings - this permanently deletes your profile, organization data, proposals, and deadlines. Billing records are retained by Lemon Squeezy as required for tax and accounting law.
6. Security
Passwords are hashed with bcrypt; verification and reset tokens are stored only as SHA-256 hashes; all traffic is encrypted with HTTPS; payment webhooks are signature-verified. No method is 100% secure, but we follow industry best practices.
7. Your rights
Depending on your location (including under GDPR and similar laws), you may have rights to access, correct, export, or delete your personal data. Most of these are available directly in the app; for anything else, contact us and we'll respond within 30 days.
8. Cookies
We use a single essential cookie to keep you logged in. We do not use advertising or third-party tracking cookies.
9. Children
GrantEasy is not directed at children under 18 and we do not knowingly collect their data.
10. Changes & contact
We will notify you of material changes to this policy. Questions: contact us at the support email listed on our website.