This Privacy Policy explains how GrantsForGlobal ("we," "us," or "our") collects, uses, shares, and protects your personal information when you use our grant discovery platform (the "Services"). It applies to everyone who visits our website or creates an account — whether you're on the Free Account Dashboard or a Premium Membership.

As a growing company, we try to collect only what we need to run the Platform well, and we aim to be transparent about it. This Policy is designed with privacy laws such as India's Digital Personal Data Protection Act, the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA) in mind, even where they may not all directly apply to us.

3.1 Information you give us:
• Account details: first name, last name, email address, phone number, username, and password
• Organization details: organization name, country, and areas of focus
• Payment details: billing information needed to process Premium Membership payments (handled securely by Stripe — we don't store your full card number)
• Anything you send us: support tickets, messages, feedback, or survey responses

3.2 Information we collect automatically:
• Usage data: pages visited, searches performed, grants viewed or saved, feature usage
• Technical data: IP address, browser type, device type, and operating system
• Approximate location based on your IP address or selected country
• Cookies and similar technologies, as described in Section 7

3.3 Information from third parties:
• Payment confirmation from our payment processor (Stripe)
• Publicly available grant and funder information we use to build our database

We rely on the following legal grounds to process your Personal Data:

4.1 Contract: To create your account, run your dashboard, and deliver the Services you've signed up for.
4.2 Legitimate Interest: To keep the Platform secure, improve our features, and understand how the Services are used.
4.3 Legal Obligation: To comply with tax, accounting, and other legal requirements.
4.4 Consent: For optional things like marketing emails — you can withdraw this consent at any time.

5.1 To run the Platform:
• Create and manage your account
• Power your personalized dashboard and grant recommendations
• Process Premium Membership payments and renewals
• Send deadline alerts and notifications you've signed up for

5.2 To improve the Platform:
• Understand which features are useful (and which aren't)
• Fix bugs and build new features
• Keep our grant database accurate and up to date

5.3 To communicate with you:
• Respond to support requests
• Send account and billing notifications
• Send product updates or grant news, where you've opted in

5.4 To stay safe and compliant:
• Detect and prevent fraud, abuse, or security issues
• Enforce our Terms of Service
• Meet legal and regulatory obligations

6.1 Service Providers: We share data with a small number of trusted providers who help us run the Platform, such as:
• Stripe, for secure payment processing
• Cloud hosting and infrastructure providers, to host our website and database
• Email delivery providers, to send account and notification emails
• Analytics providers, to understand how the Platform is used

6.2 Legal Reasons: We may share data if required by law, court order, or to protect our rights, users, or the public.

6.3 Business Changes: If GrantsForGlobal is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction, subject to this Policy.

6.4 International Transfers: Our team and service providers may be located in different countries. Where we transfer data internationally, we take reasonable steps to keep it protected.

We do not sell your Personal Data.

We take reasonable steps to protect your Personal Data, including:

8.1 Encrypting data in transit using HTTPS/TLS.
8.2 Limiting access to personal data to team members who need it to do their jobs.
8.3 Using secure, established third-party providers (like Stripe) for payment processing, so we never see your full card details.
8.4 Regularly reviewing and improving our security practices as we grow.

No system is 100% secure, but if we ever become aware of a data breach affecting your Personal Data, we'll notify you and relevant authorities as required by law.

Depending on where you're located, you may have rights including:

10.1 Access: Ask what Personal Data we hold about you.
10.2 Correction: Ask us to fix inaccurate data.
10.3 Deletion: Ask us to delete your account and Personal Data.
10.4 Portability: Ask for a copy of your data in a usable format.
10.5 Objection: Object to certain uses of your data.
10.6 Withdraw Consent: Withdraw consent for anything you previously agreed to.

To exercise any of these rights, email us at grantsforglobal@gmail.com. We'll respond within 30 days.

12.1 India: As a company based in India, we aim to handle Personal Data in line with the Digital Personal Data Protection Act, 2023, and other applicable Indian laws.

12.2 GDPR (EU/UK users): If you're located in the EU or UK, you have rights under the General Data Protection Regulation, including those described in Section 10.

12.3 CCPA (California users): If you're a California resident, you have rights under the California Consumer Privacy Act, including the right to know what data we collect and to request its deletion. We do not sell Personal Data.

12.4 Other regions: If local laws in your country give you additional rights, we'll honor them where reasonably possible.