This Privacy Policy describes how First Commit LLC ("GrantsExplained," "we," "us," or "our") collects, uses, and protects your personal information when you use the GrantsExplained website and services.
1. Information We Collect
Information you provide
- Account information — your name and email address when you create an account
- Authentication data — credentials or OAuth tokens when you sign in with email/password or Google
- Saved grants — grants you bookmark and any notes you attach to them
- Alert preferences — your selected applicant types and funding categories for grant alerts
- Newsletter subscription — your email address if you subscribe to our newsletter
- Payment information — processed securely by Stripe; we do not store your full card number, CVC, or billing address on our servers
- Contact form submissions — your name, email, and message content
Information collected automatically
- Usage data — pages visited, features used, search queries, and interaction patterns
- Device information — browser type, operating system, and screen resolution
- Session data — IP address and user agent, stored temporarily for authentication and security
2. How We Use Your Information
- Provide, maintain, and improve the GrantsExplained service
- Send daily grant alert emails based on your selected preferences (paid subscribers)
- Send weekly newsletter updates if you have subscribed
- Process subscription payments through Stripe
- Generate in-app notifications for matching grants (paid subscribers)
- Respond to your inquiries and support requests
- Analyze usage patterns to improve the platform and user experience
- Detect and prevent fraud, abuse, and security incidents
3. Data Sharing
We do not sell, rent, or trade your personal data to third parties. We use trusted third-party service providers to operate GrantsExplained, including Stripe for payment processing and subscription management. These providers handle data on our behalf under their own privacy and security commitments.
We may also disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
4. Cookies & Similar Technologies
We use cookies for authentication and session management. These are essential for the service to function and cannot be disabled without losing access to authenticated features. We do not use advertising or third-party tracking cookies.
5. Data Retention
- Account data — retained for as long as your account is active
- Notifications — automatically deleted after 30 days
- Session data — expires after 7 days of inactivity
- Deleted accounts — when you delete your account from your settings page, your profile, saved grants, alert preferences, notifications, and authenticated sessions are permanently erased immediately. The following limited records are retained as required by law or for fraud prevention:
- Email suppression list — your email address and unsubscribe timestamp are kept indefinitely so we never re-contact you (required by CAN-SPAM).
- Consent audit log — records of when you subscribed, unsubscribed, or changed marketing preferences (required to demonstrate compliance with CAN-SPAM and GDPR).
- Past email delivery records — the recipient email address on newsletters/alerts already sent to you is retained for delivery audit purposes.
- Payment records on Stripe — if you were a paid subscriber, Stripe retains transaction records on its own infrastructure as required by tax and financial regulations. We delete our local copy of subscription metadata at the same time as your account.
6. Data Security
We implement industry-standard security measures to protect your personal information, including encrypted data transmission (TLS/HTTPS), encrypted password storage, and secure session management. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
7. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access — request a copy of your personal data
- Correction — update inaccurate or incomplete information via your account settings
- Deletion — delete your account and associated data from your settings page
- Opt-out — unsubscribe from newsletters and email alerts at any time via your settings or the unsubscribe link in any email
- Data portability — request your data in a structured, machine-readable format
To exercise these rights, please contact us or email support@grantsexplained.com. We will respond within 30 days.
8. Children's Privacy
GrantsExplained is not directed to individuals under the age of 13. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 13, we will take steps to delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the service. Continued use of GrantsExplained after changes are posted constitutes acceptance of the revised policy.
10. Contact
If you have questions about this Privacy Policy, please contact us or email support@grantsexplained.com.
Written correspondence may be sent to:
First Commit LLC
329 South Oyster Bay Road #2165
Plainview, NY 11803
