Grant Compass

Privacy Policy

Last updated: 26 May 2026

This Privacy Policy explains how Grant Compass ("we", "us") collects, uses, and protects personal data when you use our website and application at grantcompass.co.uk (the "Service"). We are the data controller for the personal data described below and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Information we collect

  • Account data: your name, email address, and password hash when you sign up.
  • Organisation data: charity name, registration number, team members, and roles.
  • Content you create: grant applications, deadlines, partners, visits, budgets, documents, and notes.
  • Usage data: log entries, IP address, browser type, and pages visited, used to keep the Service secure and reliable.
  • Communications: emails you send to us and any forwarded grant-related correspondence sent to your inbox address.

2. How we use your data

  • To provide and operate the Service (legitimate interest and contract).
  • To send you transactional emails — sign-in links, invitations, deadline reminders.
  • To improve the Service through aggregated, non-identifying analytics.
  • To comply with legal obligations, including responding to lawful requests.

We do not sell your data. We do not use your content to train third-party AI models.

3. Sharing and processors

We use trusted sub-processors to run the Service:

  • Supabase / Cloudflare — hosting and database.
  • Resend / Mailgun — transactional email delivery.
  • Stripe — subscription billing (we never see your card details).
  • Google, Anthropic — AI features you choose to use (your inputs are sent only when you invoke an AI action).

4. Where your data is stored

Data is stored in the UK and EU regions. Some sub-processors may transfer data to other jurisdictions under appropriate safeguards (e.g. UK adequacy decisions or Standard Contractual Clauses).

5. Retention

We keep your data for as long as your account is active. If you delete your account, we remove your personal data within 30 days, except where we are required by law to retain records (e.g. billing records for 6 years).

6. Your rights

Under UK GDPR you have the right to:

  • access, correct, or delete your personal data;
  • object to or restrict processing;
  • data portability;
  • withdraw consent at any time;
  • complain to the Information Commissioner's Office (ico.org.uk).

7. Security

We use industry-standard safeguards: encryption in transit (TLS), encryption at rest, row-level security, role-based access controls, and regular backups. No system is completely secure — please use a strong, unique password and keep your login details safe.

8. Cookies

We use a small number of strictly necessary cookies to keep you signed in. We do not use third-party advertising cookies.

9. Changes

We may update this policy from time to time. Material changes will be notified by email or via an in-app notice at least 14 days in advance.

10. Contact

Questions or requests? Email hello@grantcompass.co.uk.