Privacy Policy

Last Updated: October 18, 2025

1. Introduction

Welcome to GrantAppli ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you use our grant application writing and management platform.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, organization details
  • Profile Information: Phone number, industry, budget information (optional)
  • Content: Grant applications, documents, notes, uploaded files, and chat messages
  • Project Data: Project names, descriptions, deadlines, and collaboration settings

2.2 Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent on platform
  • Device Information: Browser type, operating system, IP address
  • Cookies: Authentication tokens, session information, preferences

2.3 Third-Party Services

When you connect third-party services, we may access:

  • Google Drive: File names, content, and metadata (read-only access)
  • Google Docs/Sheets: Document content for import purposes
  • Authentication Providers: Basic profile information (name, email, profile photo)

3. How We Use Your Information

We use your information to:

  • Provide Services: Enable grant writing, document management, and AI assistance
  • Improve Platform: Analyze usage patterns and enhance features
  • Communication: Send service updates, reminders, and support responses
  • AI Processing: Generate content suggestions, format documents, and provide intelligent assistance
  • Collaboration: Enable project sharing and real-time collaboration between users
  • Security: Detect and prevent fraud, abuse, and security incidents

4. Google API Services

GrantAppli's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4.1 Google Drive Access

When you connect Google Drive:

  • We request read-only access to your Google Drive files
  • We can only access files you explicitly choose to import
  • We do not modify, delete, or share your Google Drive files
  • You can revoke access at any time through your Google Account settings

4.2 Data Use Limitations

Google user data obtained through API access:

  • Is used only to provide services you've requested
  • Is not used for serving advertisements
  • Is not transferred to third parties except as necessary to provide the service
  • Is not used for creditworthiness determinations or lending purposes

5. How We Share Your Information

We may share your information with:

  • Service Providers: OpenAI (for AI assistance), MongoDB (data storage), Vercel (hosting)
  • Collaborators: Users you explicitly share projects with
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with mergers, acquisitions, or asset sales

We do NOT:

  • Sell your personal data to third parties
  • Share your content with other users without your permission
  • Use your data for advertising purposes

6. Data Storage and Security

6.1 Data Storage

  • User Data: Stored securely in MongoDB with encryption at rest
  • Files: Stored in Vercel Blob Storage with secure access controls
  • Location: Data stored in secure data centers in the United States

6.2 Security Measures

  • End-to-end HTTPS encryption for data in transit
  • Secure authentication using industry-standard OAuth 2.0
  • Regular security audits and updates
  • Access controls and role-based permissions
  • Automated backups and disaster recovery procedures

7. Your Rights and Choices

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and associated data
  • Export: Download your content in a portable format
  • Revoke Access: Disconnect third-party integrations at any time
  • Opt-Out: Unsubscribe from marketing communications

To exercise these rights, contact us at support@app.grantappli.com

8. Data Retention

We retain your data:

  • Active Accounts: As long as your account remains active
  • Deleted Accounts: Up to 30 days after deletion (for recovery purposes)
  • Legal Requirements: Longer if required by law or legitimate business purposes
  • Anonymized Data: May be retained indefinitely for analytics

9. Children's Privacy

GrantAppli is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

10. International Users

If you access GrantAppli from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States. By using our service, you consent to this transfer.

11. Third-Party Links

Our platform may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by:

  • Posting the new policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification (for material changes)

Continued use of the platform after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this privacy policy or our data practices, please contact us:

GrantAppli

Email: support@app.grantappli.com

Website: https://app.grantappli.com

14. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to say no to the sale of personal information
  • Right to access your personal information
  • Right to request deletion of personal information
  • Right to equal service and price

Note: We do not sell personal information.

15. European Users (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

  • Legal Basis: We process data based on consent, contract performance, and legitimate interests
  • Data Protection Officer: Contact us for DPO information
  • Supervisory Authority: You have the right to lodge a complaint with your local data protection authority

By using GrantAppli, you acknowledge that you have read and understood this Privacy Policy.