Privacy policy

The short version

PowerGrant is software that helps nonprofits write grant proposals. To do that, you upload information about your organization and your grant work. We hold that data on your behalf, we don't sell it, we don't use it to train AI models, and we let you export or delete it whenever you want.

Who we are

PowerGrant is operated by [ENTITY NAME, TBD pending Atlas C-corp filing], a Delaware corporation. Reach us at hello@powergrant.ai.

What we collect

Account information: name, email address, organization name, password (hashed), and authentication tokens from Google sign-in if you use it.

Content you upload: grant proposals, financial summaries, program descriptions, and any other material you add to your knowledge base. This is your data; you control it.

Usage data: page views, feature interactions, and error reports we use to improve the product. We use PostHog (configured in cookieless mode, no session replay, no fingerprinting). It does not set tracking cookies and does not collect personal information beyond what's needed to count visits.

Billing information: processed by Stripe. We don't store credit card numbers; Stripe does, under PCI-DSS. We see only the last four digits and the billing email.

How we use AI

When you ask PowerGrant to draft, analyze, or query content, we send relevant excerpts of your knowledge base to commercial AI providers (currently Google Gemini, with plans to add Anthropic Claude). We use provider configurations that opt out of model training. Your content is not used to train any AI model — ours, theirs, or anyone else's.

Drafts are returned to your account and stored alongside your other content. They aren't shared with other users or organizations.

Where your data lives

Primary data is stored on Supabase (Postgres) in US data centers, encrypted at rest. Files you upload are stored in Supabase Storage. All traffic between your browser and our servers is encrypted in transit (HTTPS/TLS).

We use Google Cloud for compute (Cloud Functions for our backend API). Sentry handles error monitoring; we configure it to scrub authentication tokens and request bodies from error reports.

Who can see your data

You and the team members you invite to your organization. No one else — including PowerGrant employees — has access in normal operation. We may access account data when you ask us to (support requests) or when required by law.

We don't sell your data. We don't share it with advertisers. There is no advertising business model lurking behind PowerGrant.

How long we keep it

As long as your account is active. If you cancel, we keep your data for 30 days in case you come back, then delete it on request. You can also delete your data — or your entire account — at any time from inside the app.

Your rights

You can request a copy of your data, correct it, or delete it. Email hello@powergrant.ai and we'll handle the request within 30 days. If you're in a jurisdiction with formal data-protection rights (EU, California, etc.), those rights apply and we'll honor them.

Cookies

We use one cookie for authentication. We don't set advertising or tracking cookies. Our analytics tool (PostHog) is configured to run without cookies.

Children

PowerGrant is for adults working at nonprofit organizations. We don't knowingly collect data from children under 13.

Changes to this policy

We'll post material changes here and email account holders. Minor edits may go up without notice.

Questions

hello@powergrant.ai. A real person answers.