Privacy Policy

We collect information you provide directly to us, information generated through your use of the service, and limited technical data necessary to operate the platform.

We do not sell your personal data to third parties. We do not use your data to train AI models without your explicit consent.

When you create an account or sign in, we collect:

• Email address (required for account creation)
• Name and profile photo (if signing in via Google OAuth)
• Authentication tokens and session identifiers
• Account creation date and last login timestamp

Authentication is handled by Supabase Auth, which supports email/password and Google OAuth sign-in. We do not store your Google password. Google OAuth only shares your name, email, and profile photo with us.

To personalize your grant writing experience, we store the organization profile information you voluntarily provide, including:

• Organization name, type, and location
• Mission statement and program descriptions
• Population served and annual budget
• Funding context and history
• Grant proposals you upload for reference matching

This data is stored securely in your account and is only used to generate personalized responses. It is never shared with other users or used to train AI models.

Uploaded proposal documents are processed to extract text for context matching. The raw files are not permanently stored after processing.

We store your conversation history (messages you send and AI responses you receive) to allow you to review past sessions and to improve response quality within your account context.

We also collect usage analytics including:

• Number of messages sent per day (for free plan limits)
• Feature usage patterns (e.g., profile saves, proposal uploads)
• Session timestamps and approximate session duration

We do not track your activity across other websites. We do not use third-party advertising trackers.

If you subscribe to GrantGPT Pro, payment processing is handled entirely by Stripe. We do not store your credit card number, CVV, or full payment details on our servers.

We store:

• Your Stripe customer ID (a reference token, not payment data)
• Subscription status (active, canceled, past due)
• Subscription plan and billing interval
• Subscription start and end dates

For Stripe's privacy practices, see stripe.com/privacy.

All user data is stored in Supabase, a secure cloud database platform hosted on AWS infrastructure. Data is encrypted at rest and in transit using industry-standard TLS/SSL encryption.

We use Supabase Row Level Security (RLS) policies to ensure that each user can only access their own data. No user can read, modify, or delete another user's data.

Our database is hosted in the United States. If you are located outside the United States, your data will be transferred to and processed in the United States.

We use the following third-party services to operate GrantGPT:

Your chat messages are sent to Together AI's API for processing. Together AI does not use your data to train their models under our enterprise agreement. Please review their privacy policy for full details.

You have the following rights regarding your personal data:

• Access — You can view all data stored in your account at any time.
• Correction — You can update your organization profile and account information at any time.
• Deletion — You can request full deletion of your account and all associated data.
• Export — You can request a copy of your data in a portable format.
• Opt-out — You can delete your conversation history at any time from within the app.

To request account deletion or a data export, email us at privacy@grantgpt.com. We will process your request within 30 days.

If you are located in the European Economic Area (EEA), you may have additional rights under GDPR, including the right to lodge a complaint with your local data protection authority.

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the platform. Continued use of GrantGPT after changes constitutes acceptance of the updated policy.