Privacy Policy

Introduction

Grant Nexus LLC ("Company," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our grant matching platform ("Service").

This policy is designed to comply with applicable privacy regulations, including the California Consumer Privacy Act (CCPA), Colorado Privacy Act (CPA), and the General Data Protection Regulation (GDPR) where applicable.

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, institutional affiliation, job title, and account credentials when you register
• Faculty Data: Faculty names, departments, research interests, publication information, and expertise areas uploaded by institutional administrators
• Institutional Information: Institution name, type (e.g., R1, R2, PUI), EPSCoR status, and other eligibility criteria
• Communications: Messages you send us through support channels
• Billing Information: Payment details processed through our payment provider (Stripe) — we do not store full credit card numbers

1.2 Information Collected Automatically

• Usage Data: Pages viewed, features used, search queries, and interactions with the Service
• Device Information: Browser type, operating system, device type, and IP address
• Cookies: Session cookies, authentication cookies, and analytics cookies (see Section 6)

1.3 Information From Third Parties

• Grant Data: Federal grant information from Grants.gov and other public sources
• Authentication Providers: If you use single sign-on (SSO), we receive basic profile information from your identity provider

2. How We Use Your Information

We use collected information to:

• Provide, maintain, and improve the Service
• Process faculty-to-grant matching using our AI algorithms
• Generate personalized recommendations and reports
• Process payments and manage subscriptions
• Send service-related communications and updates
• Respond to support requests and inquiries
• Analyze usage patterns to improve user experience
• Ensure security and prevent fraud
• Comply with legal obligations

3. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), we process your data based on:

• Contract Performance: Processing necessary to provide the Service you've subscribed to
• Legitimate Interests: Improving our Service, security, and analytics, where these interests don't override your rights
• Consent: For marketing communications, where required
• Legal Obligations: Compliance with applicable laws

4. Information Sharing and Disclosure

We may share your information with:

4.1 Service Providers

4.2 Other Disclosures

• With your consent or at your direction
• To comply with legal obligations, court orders, or lawful requests
• To protect our rights, property, or safety, or that of others
• In connection with a merger, acquisition, or sale of assets

We do not sell your personal information to third parties.

5. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

• Encryption of data in transit (TLS/HTTPS) and at rest
• Access controls and authentication requirements
• Regular security assessments and monitoring
• Employee training on data protection

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Cookies and Tracking

We use the following types of cookies:

• Essential Cookies: Required for authentication and basic functionality
• Analytics Cookies: Help us understand how users interact with the Service
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Note that disabling essential cookies may affect Service functionality.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Specifically:

• Account Data: Retained until account deletion, plus 30 days for data export
• Faculty Data: Retained while subscription is active; deleted 90 days after subscription ends
• Usage Logs: Retained for 12 months for security and analytics purposes
• Billing Records: Retained for 7 years for tax and legal compliance

8. Your Rights

8.1 All Users

• Access and download your personal data
• Correct inaccurate information
• Delete your account and associated data
• Opt out of marketing communications

8.2 California Residents (CCPA)

You have the right to:

• Know what personal information we collect and how it's used
• Request deletion of your personal information
• Opt out of the sale of personal information (we do not sell data)
• Non-discrimination for exercising your rights

8.3 EEA Residents (GDPR)

You additionally have the right to:

• Data portability in a machine-readable format
• Object to processing based on legitimate interests
• Restrict processing in certain circumstances
• Lodge a complaint with your supervisory authority

9. International Data Transfers

Our services are hosted in the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the U.S. We implement appropriate safeguards for international transfers, including Standard Contractual Clauses where required.

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected such information, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or through the Service. Your continued use after changes take effect constitutes acceptance of the updated policy.

13. Contact Us

For questions about this Privacy Policy or to exercise your rights, please contact us:

For GDPR-related inquiries, you may also contact our Data Protection representative at: dpo@grantnexus.ai