Granta← Home

Legal

Privacy Policy

Last updated · May 30, 2026

This policy explains what Granta collects, how we use it, and the rights you have over your data. We aim for the strictest standard that applies to you — GDPR for EU users, CCPA/CPRA for California, and equivalents elsewhere.

1. Data we collect

Account data

  • Email address (required for sign-in).
  • OAuth identifiers when you sign in with Google.

Organization profile

  • Org name, type, industry, state, demographics, mission, capabilities, past funding.
  • Saved grants, pipeline status, drafts, benchmarks, and uploaded reference documents.

Usage data

  • Pages visited, features used, timestamps, approximate geolocation from IP, and device/browser metadata.

2. How we use it

  • Operate the service: match grants, generate drafts, run benchmarks.
  • Personalize results: tailor relevance scoring and recommendations to your profile.
  • Communicate: deadline reminders, product updates, support replies.
  • Improve the product: aggregate, anonymized analytics — never sold.
  • Security & legal: fraud prevention, abuse detection, regulatory compliance.

3. AI processing

When you use Draft, Analyst, Cover Letter, or Benchmark, the relevant inputs (your profile, RFP text, draft text) are sent to a third-party large-language-model provider through the Lovable AI Gateway. Providers process the data to return a response and do not use it to train their public models. We do not send your data to any AI provider outside of features you actively trigger.

4. Sharing

We share data only with:

  • Infrastructure providers (hosting, database, email delivery) under contractual confidentiality.
  • AI providers for the features described above.
  • Legal authorities when required by valid law.

We do not sell personal data and we do not run ad tracking.

5. Retention

We keep your data while your account is active. After deletion, profile and proposal content is removed within 30 days; backups are purged within 90 days. Aggregated, anonymized analytics may be retained longer.

6. Your rights

  • Access — request a copy of your data.
  • Correction — edit your profile directly, or email us.
  • Deletion — close your account or request erasure.
  • Portability — export grants, proposals, and pipeline as CSV/JSON.
  • Objection — opt out of non-essential processing.

Email privacy@granta.app to exercise any of these. We respond within 30 days.

7. Security

Data is encrypted in transit (TLS) and at rest. Row-level security isolates every user's records in our database. We log access, rotate credentials, and follow least- privilege internally. No system is perfectly secure; report concerns to security@granta.app.

8. International transfers

Granta is operated from the United States. If you access it from outside the US, your data is transferred to and processed in the US under standard contractual clauses where required.

9. Children

The service is not directed to anyone under 18. We do not knowingly collect data from children.

10. Changes

We'll announce material changes by email or in-app at least 14 days before they take effect.

11. Contact

Questions or requests: privacy@granta.app.

TermsPrivacyCookiesContact