Privacy
Privacy policy
This policy explains how Grantledger Ltd handles personal data. It is written to be read, not just filed. Effective 16 June 2026.
Draft pending confirmation.This page is accurate to how the service processes data, but the company's registered details and contact addresses (shown in square brackets) are confirmed at launch. It is not yet a final, binding policy.
1. Two different roles
Grantledger is grant-management software used by funders. For most of the personal data that flows through the product — applicants, grantees, reviewers and a funder's own CRM contacts — the funder is the data controller and we are their processor. We process that data only on the funder's documented instructions, under a Data Processing Addendum. If you applied for or received a grant, the funder who ran that programme is responsible for your data, and you should direct rights requests to them first; we will assist them.
We are the data controller only for the data we collect directly to run our business: the accounts of the people who administer a funder workspace, billing records, support correspondence, and aggregate analytics on our public marketing site. The rest of this policy concerns that controller data and the choices that apply to it.
2. What we collect, and why
| Data | Why we hold it | Lawful basis (UK GDPR) |
|---|---|---|
| Account details (name, work email, workspace, role) | To create and secure your login and workspace | Contract |
| Billing details (plan, country, Stripe customer reference) | To take subscription payments and issue receipts | Contract; legal obligation (tax records) |
| Support correspondence and product feedback | To answer you and fix problems | Legitimate interests |
| Security and operational logs (IP, timestamps, request metadata) | To keep the service secure, available and abuse-free | Legitimate interests; legal obligation |
| Aggregate analytics on the public marketing site | To understand which pages help prospective funders | Consent (where required) |
We do not ask for, or need, special-category data to run the service, and we instruct funders not to enter it into free-text fields.
3. Sub-processors
We use a small number of vendors to deliver the service. Each is bound by data-protection terms no less protective than our own, and controllers are told before we add or change one. The current list is maintained on our security page: hosting and database (region-pinned to the funder's market), transactional email (names and email addresses only), Stripe (subscription billing — never applicant data), an optional AI provider (PII-redacted input only), and Microsoft Clarity (aggregate analytics on the marketing site only, never the console or applicant pages).
4. Statutory register checks
Due-diligence checks send only the identifiers needed for a lookup (a charity, company or organisation registration number) to the relevant public register — the Charity Commission and Companies House in the UK, and equivalent public registers in other markets. We do not send applicant personal data to those registers, and a failed or unconfigured lookup is reported as “unavailable”, never as an adverse finding.
5. Where data lives, and transfers
Customer data is hosted in the region for the funder's market — UK data stays in the UK. Our per-market data-residency statementsets out the regions and the registers contacted. Where any transfer outside the UK is necessary (for example a sub-processor control plane), it is covered by an adequacy decision or appropriate safeguards (UK IDTA / EU SCCs) and the controller's documented instruction.
6. How long we keep it
Account data is kept for as long as your workspace is active and then deleted or anonymised within a reasonable wind-down period after closure. Billing and tax records are kept for the period UK law requires. Operational logs are kept only as long as they are useful for security and reliability, then rotated out. For data we process on a funder's behalf, retention follows the funder's instructions and our DPA, and erasure is a working feature in the console.
7. Your rights
Under UK GDPR you can ask us to give you access to your personal data, correct it, delete it, restrict or object to processing, or provide it in a portable format, and you can withdraw any consent at any time. To exercise a right over data we control, contact us using the details below. If your data was processed by us on a funder's behalf, we will pass your request to that funder and support them in answering it. We aim to respond within one month.
8. Cookies and analytics
The funder console and the applicant and grantee pages set only the strictly necessary cookies that keep you signed in and protect the forms you submit; they are never tracked. Aggregate analytics (Microsoft Clarity) run on the public marketing pages only, and only where consent applies. We do not sell personal data or use it for third-party advertising.
9. Security
We protect data with database-enforced tenant isolation, encryption in transit and at rest, a tamper-evident audit chain over sensitive actions, and a PII firewall before any AI processing. Our security page describes the posture in detail, most of which is verifiable from inside the product.
10. Contact and complaints
The controller for the data described above is Grantledger Ltd, [registered office address] (company number [company number]). Data-protection enquiries: [privacy@your-domain].
If you are unhappy with how we have handled your data you can complain to the UK Information Commissioner's Office (ico.org.uk). We'd appreciate the chance to put things right first — please reach us at [privacy@your-domain].
11. Changes
If we change this policy we will update the effective date above and, for material changes affecting data we control, give account holders reasonable notice.