Privacy Policy

GrantAQ is a product of Friedman Global LLC, a grant consulting and technology company. When this policy says "GrantAQ," "we," "us," or "our," it refers to Friedman Global LLC and the GrantAQ platform operated at grantaq.com.

Questions about this policy? Contact us at privacy@grantaq.com.

Account & Organization Information

• Name, email address, phone number
• Organization name, type, and mission
• EIN (Employer Identification Number) — stored encrypted at rest
• Financial data (annual revenue, budget, prior grant history)
• Board member names and contact information
• Uploaded documents (audits, 990s, bylaws, letters of support)

Usage & Technical Data

• Pages visited, features used, and time spent in the platform
• IP address, browser type, device type, and operating system
• Referral source (UTM parameters, referral codes)
• Session tokens and authentication data

AI Interaction Data

• Prompts and messages sent to Grantie (our AI chat assistant)
• Grant application drafts generated or edited through the platform
• AI-generated scores, strategy recommendations, and readiness assessments

• Grant matching: We use your organization profile to surface relevant grant opportunities and calculate AI match scores.
• AI writing assistance: Your mission, financials, and history inform AI-generated grant drafts and narrative recommendations.
• Readiness scoring: We analyze your documents and profile data to generate readiness assessments for specific grants.
• Nonprofit formation services: Where applicable, your profile data pre-fills formation templates and document preparation workflows.
• Platform improvement: Aggregated, anonymized usage data helps us improve matching algorithms and product features.
• Communications: We send transactional emails (receipts, deadline alerts) and, with your consent, product and educational updates.

We share data with the following sub-processors to operate the platform:

We do not sell your personal data to third parties. We do not share your data with advertisers.

We use a minimal set of cookies:

• Session cookies (essential): Required for authentication and keeping you logged in. These cannot be disabled without breaking the platform.
• Referral tracking cookie (30-day): If you arrive via a referral link, we store the referral code for up to 30 days to credit the referring user when you sign up.

We do not use advertising cookies or third-party tracking pixels.

You have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Update or correct inaccurate information through your account settings.
• Deletion: Request deletion of your account and associated data. We will fulfill deletion requests within 30 days, except where retention is required by law.
• Data export: Request a machine-readable export of your data (profile, documents, grant history).
• Opt-out of marketing: Unsubscribe from non-essential communications at any time via the link in any email or through account settings.

To exercise any of these rights, email privacy@grantaq.com.

• Account and organization data is retained while your account is active.
• Behavioral and usage data is retained for up to 2 years for analytics purposes.
• Upon account deletion, your personal data is removed within 30 days. Anonymized aggregate data may be retained indefinitely.
• Stripe retains payment records as required for financial compliance (typically 7 years).

GrantAQ is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, contact us immediately at privacy@grantaq.com and we will delete it promptly.

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following additional rights:

• The right to know what personal information we collect, use, disclose, and sell.
• The right to request deletion of your personal information.
• The right to opt out of the "sale" of personal information. We do not sell personal information.
• The right to non-discrimination for exercising your privacy rights.

To submit a CCPA request, email privacy@grantaq.com with the subject line "CCPA Request."

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data in accordance with the General Data Protection Regulation (GDPR). Our legal bases for processing include: contract performance (providing the service you signed up for), legitimate interest (fraud prevention, platform security, product improvement), and consent (marketing communications). You have the right to lodge a complaint with your local data protection authority. Data transfers to the United States are covered by applicable standard contractual clauses.

We use industry-standard security practices including encryption at rest and in transit, access controls, and regular security reviews. EINs and other sensitive identifiers are encrypted at the database level. However, no system is perfectly secure — if you believe your account has been compromised, contact us immediately.

We may update this Privacy Policy from time to time. Material changes will be communicated by email and/or a prominent notice on the platform at least 30 days before taking effect. Continued use of GrantAQ after the effective date constitutes acceptance of the updated policy.