Privacy Policy

For purposes of applicable data protection laws, the controller of your personal information is:

Evangelos Kouris & SIA EE

Glyfada, 16674, Athens, Greece

hello@qualigrant.com

Data Protection Contact: hello@qualigrant.com

We collect information you provide directly, information generated through your use of the Service, and limited technical information.

Account information

We may collect:

• email address
• account ID
• authentication metadata
• sign-in history
• account status
• evaluation balance
• billing status

We use this to create and manage your account, authenticate you, provide access to the Service, prevent abuse, and communicate with you.

Organization profile information

We collect the organization details you enter, which may include:

• organization name
• organization type
• legal or nonprofit status
• headquarters location
• geographic area served
• mission and organization description
• focus areas
• annual budget band
• year founded
• team credentials
• prior grants
• grant experience
• other information you choose to provide

This information is used to evaluate grant fit, eligibility, strategic alignment, application effort, and recommendation confidence.

Uploaded documents

We collect documents you upload or submit for evaluation, such as:

• RFPs
• NOFOs
• grant guidelines
• calls for proposals
• funder instructions
• related files

We may extract text and metadata from uploaded files so the Service can analyze them.

Uploaded documents may contain personal information about you, your organization, funders, employees, researchers, project staff, partners, or other third parties. You are responsible for ensuring that you have the right to upload and process any document you submit.

Evaluation data and generated outputs

We collect and store data related to evaluations, including:

• extracted requirements
• eligibility criteria
• deadlines
• award amounts
• citations
• recommendation results
• application plans
• narrative angles
• draft prompts
• confidence indicators
• saved opportunities
• user edits or corrections

This allows us to provide the Service, save your history, improve reliability, and support your account.

Payment and billing information

Payments are processed by Stripe or another payment provider.

We may receive limited billing information, such as:

• payment confirmation
• purchase amount
• plan or pack purchased
• number of Grant Evaluations purchased
• billing email
• invoice or receipt metadata
• payment status
• tax or VAT metadata where applicable

We do not store your full payment card number.

Communications

If you contact us, we may collect:

• your email address
• your message
• support history
• attachments you provide
• responses we send

We use this to respond to support requests and maintain records of our communications.

Technical and usage information

We may collect limited technical data, including:

• IP address
• browser type
• device information
• pages visited
• timestamps
• error logs
• upload status
• evaluation status
• product usage events
• security logs

This helps us operate, secure, debug, and improve the Service.

If we use product analytics tools, we configure them to minimize unnecessary personal data where reasonably possible.

We use information for the following purposes.

To provide the Service

This includes:

• creating and managing accounts
• authenticating users
• processing uploaded grant documents
• extracting RFP requirements
• evaluating grant fit against organization profiles
• generating recommendations and application plans
• saving evaluation history
• managing Grant Evaluation balances
• processing purchases and billing

To improve and maintain the Service

This includes:

• debugging errors
• monitoring performance
• improving extraction quality
• improving user experience
• identifying confusing workflows
• maintaining service reliability
• measuring feature usage

We do not use Your Content to train our own AI models unless we separately ask for and receive your permission.

To protect the Service

This includes:

• preventing fraud
• detecting abuse
• enforcing usage limits
• preventing multiple-account abuse
• protecting against malware or malicious uploads
• securing accounts and infrastructure

To communicate with you

We may send:

• magic sign-in links
• account notices
• evaluation status updates
• receipts
• payment notices
• important service updates
• security alerts
• responses to support requests

We do not send marketing emails unless you opt in or applicable law allows it. If we send marketing emails, you can unsubscribe at any time.

To comply with law

We may process or retain information where necessary to:

• comply with legal obligations
• maintain accounting and tax records
• respond to lawful requests
• enforce our Terms
• protect legal rights

If EU, UK, or similar data protection laws apply, we rely on the following legal bases.

Contract

We process information where necessary to provide the Service you requested, including account access, evaluations, application plans, saved reports, billing, and customer support.

Legitimate interests

We process information where necessary for legitimate business interests, including security, abuse prevention, debugging, service improvement, analytics, and enforcing our Terms, provided those interests are not overridden by your rights.

Legal obligation

We process information where required to comply with tax, accounting, legal, regulatory, or dispute-resolution obligations.

Consent

We rely on consent where required, such as for certain cookies, optional analytics, marketing communications, or optional product research.

You may withdraw consent where processing is based on consent.

To generate evaluations and application plans, we may send relevant grant document text, extracted requirements, organization profile information, and related prompts to our AI provider.

Our current AI provider is OpenAI.

We use OpenAI’s API. According to OpenAI’s API data policy, API inputs and outputs are not used to train or improve OpenAI models by default unless the customer opts in.

AI providers may process data in accordance with their own security, abuse-monitoring, retention, and data-processing policies.

AI-generated outputs may contain errors, omissions, or incorrect assumptions. You are responsible for reviewing and verifying all outputs before relying on them.

We use third-party service providers to operate the Service. These may include:

These providers process information on our behalf or as independent controllers depending on the service and context.

We require service providers to process information only as needed to provide their services to us, subject to appropriate contractual, technical, and organizational safeguards where applicable.

Your information may be processed in countries other than the country where you live, including the United States and countries where our service providers operate.

Where required by law, we rely on appropriate safeguards for international transfers, such as standard contractual clauses, data processing agreements, adequacy decisions, or other legally recognized transfer mechanisms.

We do not sell your personal information.

We do not rent your personal information to advertisers or data brokers.

We may share information:

• with service providers needed to operate the Service
• with payment processors to complete purchases
• with AI providers to generate outputs
• with hosting and database providers to store and process data
• with analytics or monitoring providers to improve reliability
• where required by law, subpoena, court order, or legal process
• to protect rights, safety, security, or prevent abuse
• in connection with a merger, acquisition, financing, sale of assets, restructuring, or business transfer

If a business transfer occurs, we will take reasonable steps to ensure your information remains protected consistently with this Privacy Policy.

We retain information for as long as reasonably necessary to provide the Service, maintain your account, comply with legal obligations, resolve disputes, enforce agreements, and maintain security.

Typical retention periods are:

You may request deletion of your account and associated data by contacting us. We will delete or anonymize data within a reasonable period unless we need to retain it for legal, security, tax, accounting, fraud-prevention, or dispute-resolution purposes.

Deleting uploaded documents or your account may make previous evaluations unavailable.

We use reasonable technical and organizational measures designed to protect information, including:

• encryption in transit
• access controls
• authentication controls
• database permissions
• row-level access controls where implemented
• secure infrastructure providers
• monitoring and logging
• limited internal access

No method of transmission, storage, or processing is completely secure. We cannot guarantee absolute security.

You are responsible for maintaining secure access to your email account and devices.

Depending on where you live, you may have rights to:

• access your personal information
• correct inaccurate information
• delete your information
• export your information
• object to certain processing
• restrict certain processing
• withdraw consent
• opt out of certain data uses
• complain to a data protection authority

You can edit some organization profile information directly in the Service.

To exercise privacy rights, contact us at hello@qualigrant.com. We may need to verify your identity before responding.

We will not discriminate against you for exercising privacy rights.

If the California Consumer Privacy Act or similar laws apply, this section provides additional information.

We may collect the following categories of personal information:

• identifiers, such as email address and account ID
• commercial information, such as purchases and billing metadata
• internet or electronic activity information, such as usage logs and interactions
• professional or organization-related information, such as organization profile details
• user-generated content, such as uploaded documents and evaluation inputs
• inferences generated from your use of the Service, such as evaluation outputs and recommendations

We collect this information for the purposes described in this Privacy Policy, including providing the Service, processing payments, securing the Service, improving functionality, and communicating with users.

We do not sell personal information.

We do not knowingly share personal information for cross-context behavioral advertising.

If this changes, we will update this Privacy Policy and provide required opt-out mechanisms.

California residents may have rights to know, access, delete, correct, and opt out of certain processing. To exercise these rights, contact us at hello@qualigrant.com.

We use strictly necessary cookies and similar technologies to:

• keep you signed in
• secure your session
• remember account state
• operate the Service

If we use optional analytics cookies or similar tracking technologies, we will configure them to respect privacy where reasonably possible and provide any required notice or consent mechanism.

You can control cookies through your browser settings, but disabling necessary cookies may prevent the Service from working properly.

The Service is not intended for anyone under 18.

We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will take reasonable steps to delete it.

The Service may contain links to third-party websites, funder websites, payment pages, or external resources.

We are not responsible for the privacy practices, content, or security of third-party websites or services. Review their privacy policies before providing information to them.

We may update this Privacy Policy from time to time.

If changes are material, we will take reasonable steps to notify users, such as updating the “Last updated” date, showing an in-app notice, or sending an email.

Your continued use of the Service after the updated Privacy Policy takes effect means the updated policy applies to future processing.

For privacy questions, data requests, or rights requests, contact:

Evangelos Kouris & SIA EE

Glyfada, 16674, Athens, Greece

hello@qualigrant.com