This Privacy Policy ("Policy") describes how GrantPlatform Inc. ("we," "us," or "our") collects, uses, processes, stores, and protects personal information in connection with our grant information platform ("Services"). This Policy applies to all users of our Services, including website visitors, registered users, and subscribers.

We are committed to transparency about our data practices and compliance with applicable privacy laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other data protection regulations.

3.1 Information You Provide:
• Account Information: Name, email, organization details, contact information
• Professional Data: Grant history, areas of interest, funding goals, organizational mission
• Payment Information: Billing address, payment method details (processed by secure third parties)
• Communications: Support inquiries, feedback, survey responses

3.2 Automatically Collected Information:
• Usage Data: Pages visited, search queries, feature usage, session duration
• Technical Data: IP address, browser type, device information, operating system
• Location Data: General location based on IP address or provided preferences
• Cookies & Tracking: As described in Section 7

3.3 Information from Third Parties:
• Social media platforms (if you connect accounts)
• Analytics providers
• Payment processors
• Public grant databases

We process Personal Data based on the following legal grounds:

4.1 Contractual Necessity: Processing necessary to fulfill our service agreement with you.
4.2 Legitimate Interests: Processing for our legitimate business interests, balanced against your rights.
4.3 Legal Obligation: Processing required to comply with legal requirements.
4.4 Consent: Processing based on your explicit consent, which may be withdrawn at any time.

Specific legal bases for each processing activity are documented in our Data Processing Records.

We use your Personal Data for the following purposes:

5.1 Service Delivery:
• Providing access to grant database and tools
• Personalizing grant recommendations
• Processing payments and subscriptions
• Account management and authentication

5.2 Service Improvement:
• Analyzing usage patterns to improve Services
• Developing new features and functionality
• Conducting research and analysis

5.3 Communication:
• Sending service-related notifications
• Providing grant alerts and updates
• Responding to support requests
• Sending promotional communications (with consent)

5.4 Legal & Security:
• Complying with legal obligations
• Protecting against fraud and security threats
• Enforcing our Terms of Service
• Protecting rights and property

6.1 Service Providers: We share data with trusted vendors who assist in:
• Payment processing (Stripe, PayPal)
• Cloud hosting (AWS, Google Cloud)
• Email delivery (SendGrid)
• Analytics (Google Analytics)
• Customer support (Zendesk)

6.2 Legal Requirements: We may disclose data when required by law, regulation, or legal process.

6.3 Business Transfers: In connection with mergers, acquisitions, or asset sales.

6.4 International Transfers: Data may be transferred to countries with different privacy laws. We ensure adequate protection through:
• Standard Contractual Clauses (EU)
• Adequacy Decisions
• Privacy Shield (where applicable)

We do NOT sell Personal Data to third parties.

We implement comprehensive security measures including:

8.1 Technical Controls:
• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Regular security audits and penetration testing
• Intrusion detection and prevention systems
• Secure development practices

8.2 Administrative Controls:
• Employee security training
• Access controls and least privilege principle
• Incident response plan
• Regular risk assessments

8.3 Physical Controls:
• Secure data center facilities
• Environmental protections
• Access logging and monitoring

While we implement industry-standard security measures, no system is 100% secure. We will notify affected users of data breaches as required by law.

Depending on your jurisdiction, you may have the following rights:

10.1 Access Rights: Right to know what Personal Data we hold about you.
10.2 Correction Rights: Right to correct inaccurate or incomplete data.
10.3 Deletion Rights: Right to request deletion of your data ("right to be forgotten").
10.4 Portability Rights: Right to receive your data in a structured, commonly used format.
10.5 Objection Rights: Right to object to certain processing activities.
10.6 Restriction Rights: Right to restrict processing in certain circumstances.
10.7 Consent Withdrawal: Right to withdraw consent at any time.
10.8 Non-Discrimination: Right not to receive discriminatory treatment for exercising rights.

To exercise these rights, contact our Data Protection Officer. We will respond within 30 days.

12.1 GDPR Compliance: We comply with the EU General Data Protection Regulation, including:
• Appointment of Data Protection Officer
• Data Protection Impact Assessments
• Records of Processing Activities
• Data Processing Agreements with vendors

12.2 CCPA Compliance: We comply with the California Consumer Privacy Act, including:
• "Do Not Sell" compliance
• Verifiable consumer requests
• Non-discrimination provisions

12.3 Other Jurisdictions: We comply with applicable laws in jurisdictions where we operate, including:
• PIPEDA (Canada)
• LGPD (Brazil)
• Privacy Act (Australia)