← Back to home

Privacy Policy

Effective date: 1 January 2025 · Last updated: 15 June 2026

Introduction

GrantMaster ("GrantMaster," "we," "us," or "our") provides a grant management and financial tracking platform for nonprofits, NGOs, social enterprises, and research institutions. We care deeply about the privacy and security of the people and organizations who trust us with their data.

This Privacy Policy explains what personal information we collect, how we use and share it, how long we keep it, and the choices and rights you have. It applies to our website at grantmaster.ai, the GrantMaster application, and related services (together, the "Services"). By using the Services, you agree to the practices described here. If you do not agree, please do not use the Services.

Who we are

GrantMaster is operated by GrantMaster, registered at Sumatrakade 1479, 1019 RR, Amsterdam, Netherlands. For privacy questions, contact us at support@grantmaster.ai.

When your organization uses GrantMaster, your organization is the controller of the personal data it puts into the platform, and GrantMaster acts as a processor that handles that data on your organization's behalf. For our website and account administration, GrantMaster is the controller.

Information we collect

Information you provide

• Account and profile data — name, work email, password, job title, organization, profile photo, and preferences.

• Organization data — details about your nonprofit or institution, team members, roles, and departments.

• Grant and program data — funding opportunities, applications, proposals, budgets, milestones, and reports.

• Financial data — expenses, receipts, invoices, budget allocations, and time or journal entries.

• Documents and content — files, comments, and other materials you upload.

• Support and communications — messages, survey responses, and feedback you send us.

Information we collect automatically

• Usage data — features used, actions taken, and timestamps.

• Device and log data — IP address, browser type, operating system, device identifiers, and diagnostic data.

• Cookies and similar technologies — to keep you signed in, remember preferences, and understand how the Services are used.

Information from third parties

If you connect an integration (for example, an accounting or CRM tool) or sign in through a third-party identity provider, we receive information from that provider consistent with your settings and their policies.

How we use your information

• Provide, maintain, and secure the Services and your account.

• Run the grant, financial, compliance, and reporting workflows you initiate.

• Power AI-assisted features such as smart matching, draft generation, and anomaly detection.

• Communicate with you about your account, updates, security alerts, and support requests.

• Monitor, troubleshoot, and improve performance, reliability, and usability.

• Detect, prevent, and investigate fraud, abuse, and security incidents.

• Comply with legal obligations and enforce our agreements.

We do not sell your personal information, and we do not use the content you upload to train third-party AI models.

AI features

GrantMaster uses artificial intelligence to power features like grant matching, proposal drafting, journal suggestions, and compliance anomaly detection. When you use these features, relevant content may be processed by our AI service providers solely to generate results for you. We do not permit these providers to use your content to train their general-purpose models, and AI outputs are suggestions you remain responsible for reviewing.

Legal bases for processing (EEA/UK)

If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR and UK GDPR:

• Contract — to provide the Services you or your organization request.

• Legitimate interests — to secure, improve, and promote the Services, balanced against your rights.

• Legal obligation — to meet accounting, tax, and other legal requirements.

• Consent — where required, for example certain cookies or marketing communications. You may withdraw consent at any time.

How we share information

We share personal information only as described here:

• Within your organization, with other authorized users according to the roles and permissions your administrators configure.

• With service providers (subprocessors) who host, support, and help operate the Services under contractual data-protection obligations.

• With integrations you choose to enable.

• For legal and safety reasons, when required by law or to protect the rights, property, or safety of GrantMaster, our users, or the public.

• In connection with a merger, acquisition, financing, or sale of assets, subject to this policy.

Subprocessors

• Google Firebase / Google Cloud — application hosting, authentication, database, and storage

• Google (Gemini) — AI-assisted features

• Stripe — payment and subscription processing

• Postmark — transactional email delivery

• HubSpot — customer relationship management and communications

• Sentry — error monitoring and diagnostics

• Algolia / Typesense — search functionality

The current list may change as the Services evolve. Maintain an up-to-date subprocessor list for your published policy.

International data transfers

We may process and store information in countries other than where you live, including the United States. Where we transfer personal data internationally, we use appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms to protect your information.

Data retention

We keep personal information for as long as your account is active and as needed to provide the Services. After an account is closed, we retain or delete data according to our retention schedule and any legal, accounting, or compliance obligations. Your organization may also set its own retention requirements for grant records. You can request deletion as described in "Your rights" below.

Security

We use technical and organizational measures designed to protect personal information, including encryption in transit, role-based access controls, multi-factor authentication, tenant data isolation, and continuous monitoring. No method of transmission or storage is completely secure, but we work to protect your data and to respond promptly to any incident.

Your rights

Depending on where you live, you may have the right to:

• Access the personal information we hold about you.

• Correct inaccurate or incomplete information.

• Delete your personal information.

• Restrict or object to certain processing.

• Receive a portable copy of your data.

• Withdraw consent where processing is based on consent.

• Lodge a complaint with a supervisory authority.

EEA and UK residents have these rights under the GDPR and UK GDPR. California residents have rights under the CCPA/CPRA, including the right to know, delete, correct, and opt out of the "sale" or "sharing" of personal information — note that we do not sell personal information. We will not discriminate against you for exercising your rights. If GrantMaster acts as a processor for your organization, we will direct certain requests to your organization as the controller. To exercise your rights, contact us at support@grantmaster.ai. We may need to verify your identity before responding.

Children's privacy

The Services are intended for organizations and their staff, not for children. We do not knowingly collect personal information from children under 12. If you believe a child has provided us personal information, contact us and we will take appropriate steps to delete it.

Cookies and tracking

We use cookies and similar technologies to operate the Services, remember your preferences, keep you signed in, and analyze usage. You can control cookies through your browser settings; disabling some cookies may affect functionality. Where required by law, we request your consent for non-essential cookies.

Third-party links

The Services may link to third-party websites or services we do not control. This policy does not apply to those third parties, and we encourage you to review their privacy notices.

Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and, where appropriate, notify you through the Services or by email. Your continued use of the Services after an update means you accept the revised policy.

Contact us

If you have questions, requests, or concerns about this Privacy Policy or our data practices, contact us at:

GrantMaster, Sumatrakade 1479, 1019 RR, Amsterdam, Netherlands — Email: support@grantmaster.ai