Privacy Policy

This Privacy Policy describes how First Commit LLC ("GrantsExplained," "we," "us," or "our") collects, uses, and protects your personal information when you use the GrantsExplained website and services.

1. Information We Collect

Information you provide

• Account information — your name and email address when you create an account
• Authentication data — credentials or OAuth tokens when you sign in with email/password or Google
• Saved grants — grants you bookmark and any notes you attach to them
• Alert preferences — your selected applicant types and funding categories for grant alerts
• Newsletter subscription — your email address if you subscribe to our newsletter
• Payment information — processed securely by Stripe; we do not store your full card number, CVC, or billing address on our servers
• Contact form submissions — your name, email, and message content

Information collected automatically

• Usage data — pages visited, features used, search queries, and interaction patterns
• Device information — browser type, operating system, and screen resolution
• Session data — IP address and user agent, stored temporarily for authentication and security

2. How We Use Your Information

• Provide, maintain, and improve the GrantsExplained service
• Send daily grant alert emails based on your selected preferences (paid subscribers)
• Send weekly newsletter updates if you have subscribed
• Process subscription payments through Stripe
• Generate in-app notifications for matching grants (paid subscribers)
• Respond to your inquiries and support requests
• Analyze usage patterns to improve the platform and user experience
• Detect and prevent fraud, abuse, and security incidents

3. Data Sharing

We do not sell, rent, or trade your personal data to third parties. We may share data with the following categories of service providers who process data on our behalf:

• Stripe — payment processing and subscription management
• Amazon Web Services (SES) — transactional and alert email delivery
• Vercel — application hosting and serverless infrastructure
• Neon — PostgreSQL database hosting
• OpenAI — AI-powered grant summarization (grant data only, not personal data)

We may also disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4. Cookies & Similar Technologies

We use cookies for authentication and session management. These are essential for the service to function and cannot be disabled without losing access to authenticated features. We do not use advertising or third-party tracking cookies.

5. Data Retention

• Account data — retained for as long as your account is active
• Notifications — automatically deleted after 30 days
• Session data — expires after 7 days of inactivity
• Deleted accounts — personal data is removed within 30 days of account deletion, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention)

6. Data Security

We implement industry-standard security measures to protect your personal information, including encrypted data transmission (TLS/HTTPS), encrypted password storage, and secure session management. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access — request a copy of your personal data
• Correction — update inaccurate or incomplete information via your account settings
• Deletion — delete your account and associated data from your settings page
• Opt-out — unsubscribe from newsletters and email alerts at any time via your settings or the unsubscribe link in any email
• Data portability — request your data in a structured, machine-readable format

To exercise these rights, please contact us or email support@grantsexplained.com. We will respond within 30 days.

8. Children's Privacy

GrantsExplained is not directed to individuals under the age of 13. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 13, we will take steps to delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the service. Continued use of GrantsExplained after changes are posted constitutes acceptance of the revised policy.

10. Contact

If you have questions about this Privacy Policy, please contact us or email support@grantsexplained.com.