Legal

Privacy Policy

Last updated: May 2026

This privacy policy explains how Grantscom collects, uses, and protects your personal data when you use our website (grantscom.com, grantscom.co.uk) and our grant and tender discovery platform. We are committed to handling your data responsibly and in accordance with the UK GDPR and the Data Protection Act 2018.

1. Who We Are

Grantscom is operated as a business based in England. We are the data controller for personal data collected through this platform. Contact us at hello@grantscom.com for any data-related queries.

2. What Data We Collect

We collect the following categories of personal data:

  • Account data: your email address and encrypted password when you register
  • Business profile data: your company name, industry, sector, location (UK or US), and the types of opportunities you are interested in
  • Billing data: subscription plan and payment status (card details are handled by Stripe and never stored by us)
  • Usage data: pages visited, opportunities viewed or saved, and feature interactions
  • Communications: emails you send to us and your preferences for email notifications
  • Consent records: when you subscribe to a paid plan, we record your acceptance of our Terms and Conditions and Privacy Policy. This record includes your user account identifier, the date and time of acceptance, your IP address, and the subscription plan you selected. This data is retained as evidence of your agreement.

3. How We Use Your Data

We use your personal data to:

  • Provide, maintain, and improve the Grantscom platform
  • Match and score grant and tender opportunities against your business profile
  • Process your subscription and manage billing via Stripe
  • Send you relevant opportunity alerts and digest emails (which you can unsubscribe from at any time)
  • Respond to your support enquiries
  • Maintain records of your consent to our terms as required for legal compliance
  • Comply with legal obligations

4. Legal Basis for Processing

We process your data on the following legal bases:

  • Contract: processing necessary to deliver the service you have subscribed to
  • Legitimate interests: improving our platform, preventing fraud, and maintaining security
  • Legal obligation: retaining records of contractual consent and financial transactions as required by law
  • Consent: marketing emails where required - you can withdraw consent at any time

5. Who We Share Your Data With

We do not sell your personal data. We share it only with trusted third-party service providers who help us operate the platform:

  • Supabase - secure database and authentication hosting
  • Stripe - payment processing
  • Anthropic - AI processing for opportunity matching and summarisation
  • SendGrid - transactional and digest email delivery
  • Vercel - platform hosting and infrastructure

All processors are contractually bound to handle your data securely and only for the purposes we specify.

6. Data Retention

We retain your account and business profile data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or financial compliance purposes (typically up to 7 years for billing and consent records).

Consent records (including IP address and acceptance timestamp) are retained for the duration of your account and for up to 7 years after account closure, as they form part of the contractual record between you and Grantscom.

7. Your Rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data (subject to our legal retention obligations)
  • Object to or restrict how we process your data
  • Receive a copy of your data in a portable format
  • Withdraw consent at any time where processing is based on consent

To exercise any of these rights, email us at hello@grantscom.com. We will respond within 30 days. Please note that consent records retained for legal compliance purposes may not be deleted on request where we have a legitimate legal basis for retention.

8. Cookies

We use cookies and similar technologies to operate the platform and improve your experience. For full details of the cookies we use and how to manage them, please see our Cookie Policy.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. All data is transmitted over encrypted HTTPS connections. Access to personal data is restricted to personnel who need it to operate the service.

10. International Transfers

Some of our third-party processors (including Anthropic and Vercel) operate in the United States. Where your data is transferred outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements, including Standard Contractual Clauses where applicable.

11. Complaints

If you have concerns about how we handle your data, please contact us at hello@grantscom.com. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify active subscribers of material changes by email. The current version will always be available on this page.