Privacy Policy

Last updated: March 26, 2026

GrantGuard (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our grant compliance monitoring platform.

1. Information We Collect

We collect the following types of information:

  • Account Information: Name, email address, organization name, job title, and phone number provided when you create an account or request a demo.
  • Grant Documents: PDF and other document files you upload for compliance analysis, including grant agreements, budgets, and related materials.
  • Usage Data: Information about how you interact with our platform, including pages visited, features used, and session duration.

2. How We Use Your Information

  • To provide and improve our grant compliance monitoring services
  • To analyze your grant documents and generate compliance insights
  • To send you alerts, notifications, and service updates
  • To respond to your inquiries and provide customer support
  • To improve and optimize our platform

3. Data Storage and Security

All data is stored securely in the United States using Supabase, our cloud infrastructure provider. Grant documents are stored permanently unless you request deletion. All data is encrypted both in transit (TLS/SSL) and at rest (AES-256 encryption).

We implement industry-standard security measures including role-based access controls, regular security audits, and secure application development practices.

4. Data Sharing — We Do NOT Sell Your Data

We do not sell, rent, or share your personal information or grant documents with third parties. Period. Your data is used solely to provide you with our services.

We may share data only in the following limited circumstances:

  • With service providers who assist in operating our platform (e.g., cloud hosting, AI processing), bound by strict data protection agreements
  • When required by law, court order, or government regulation
  • To protect the rights, safety, or property of GrantGuard or our users

5. Payment Data

All payment processing is handled by Stripe. We do not store your full credit card number, CVV, or other sensitive payment credentials on our servers. Stripe may collect and process payment information in accordance with their own privacy policy, which you can review at stripe.com/privacy. We retain only a tokenized reference to your payment method and basic billing details (such as card brand and last four digits) for display and record-keeping purposes.

6. AI Processing of Documents

Grant documents you upload are processed using OpenAI's API for extraction, analysis, and compliance monitoring. Your documents are sent to OpenAI solely for the purpose of providing our Service to you. Your documents are not used to train OpenAI's models. We use OpenAI's API with data usage policies that prohibit training on customer inputs and outputs. Document content is processed in real-time and is not retained by OpenAI beyond what is necessary to fulfill the API request.

7. Analytics

We may use analytics services such as Google Analytics to understand how our platform is used. These services may collect anonymized usage data to help us improve the user experience. You can opt out of Google Analytics using browser extensions or settings.

8. Cookies

We use essential cookies required for authentication and platform functionality. We may use additional cookies in the future for analytics and preferences. We will update this policy accordingly and provide appropriate notice.

9. Data Retention and Deletion

Grant documents and associated compliance data are stored permanently to maintain your compliance history. You may request deletion of your account and all associated data at any time by contacting us. We will process deletion requests within 30 days.

10. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect about you
  • Request deletion of your personal information
  • Opt out of the sale of personal information (we do not sell your data)
  • Non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us at the email address below.

11. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy on our website and updating the “Last updated” date.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us: