Privacy Notice

Last Updated April 9, 2025

We regularly update our Privacy Notice and encourage you to read the latest version if you’d like to find out how we process your personal data.

‍

This Privacy Notice (the “Privacy Notice”) describes how Grant Assistant, Inc. (“Grant Assistant”, “we,” “our,” or “us”) obtains, uses and shares personal information and other information in connection with the operation of the site available at grantassistant.ai and with related services (collectively, the “Site”). 

Residents of California, Colorado, Connecticut, Virginia, or any other U.S. state with applicable state consumer privacy laws should also review our Privacy Notice for U.S. Consumers, which supplements this Privacy Notice.
‍
This Privacy Notice will help you understand:

1. Who we are and how to contact us (identity of the controller)
2. Who it applies and does not apply to (scope)
3. Why we collect and process your personal data (processing activities)
4. Third-party services relied on and intended international transfers of your data (transfers of data)
5. How we protect your data (technical and organizational measures)
6. Rights you can exercise with regards to your data and how to apply them (data subject rights)

‍

1. Who are we and how to contact us:

The entity responsible for your personal data is:

GrantAssistant Inc.
11428 Orchard Ln
Reston
VA 20190
United States of America

If you have additional questions or require more information about our data practices or our privacy policy, contact us directly : privacy@grantassistant.ai

‍

2. Scope of this Privacy Notice:

This privacy notice APPLIES to the following categories of data subjects:

1. visitors of our website (see section 3.1 below)
2. leads or customers (see section 3.2 below)
3. recipients of our newsletters (see section 3.3 below)

This notice DOES NOT APPLY to:

• End users of our technology - please contact the organization you are attached to as an employee or external party provided with the use of our technology to understand how your data is processed in the scope of using our tools.
• Our employees - Grant Assistant is a U.S. corporation organized in the State of Delaware, is not registered in the EU and does not have our staff in the EU.

‍

3. When and why we collect and process your data:

3.1 Visiting our website

‍

3.2 Prospective and existing customers

‍

3.3 Marketing and outreach activities

‍

4. Third-party services relied on and intended international transfers of your data:

4.1 Visiting our website

‍

4.2 Prospective and existing customers

‍

4.3 Marketing and outreach activities

‍

5. How we protect your data:

We use the following organisational, technical and administrative measures to protect personal data under our control.

• Access controls
  • Role-based permission assignments aligned with job responsibilities.
  • Electronic access control systems with individual credentials and robust authentication.
• Physical Security
  • Secure facility entry points requiring keycards or biometrics.
  • 24/7 on-site security, complemented by CCTV surveillance and intrusion detection.
  • Strict visitor protocols, including identification checks and supervised access.
• Pseudonymisation
  • Pseudonymization to minimize exposure of personal identifiers.
  • Tokenization of critical fields to reduce the risk of data misuse.
• Encryption
  • TLS (in transit).
  • AES-256 (at rest).
• Availability
  • Multiple network and power sources (UPS, backup generators).
  • High-availability server clusters with automatic failover.
  • Daily incremental and weekly full backups are stored off-site.
  • Biannual testing of comprehensive disaster recovery procedures.
  • Environmentally friendly fire suppression systems.
  • 24/7 real-time monitoring of system performance
  • Climate regulation for optimal operating conditions.
  • Early warning systems for critical environmental factors (e.g., temperature, humidity).
• Data privacy and confidentiality
  • Enforceable confidentiality agreements for employees and subcontractors.
  • Recurring staff training on GDPR obligations and data handling.
  • Documented protocols for secure transmission and storage of sensitive data.
  • Secure erasure or destruction of data upon contract completion, meeting legal requirements
• Data integrity and confidentiality
  • Formal plan for breach detection, containment, and notification.
  • Regular vulnerability scanning.
  • Regular assessments by certified internal specialists.
  • Prompt remediation of discovered vulnerabilities.
  • VPN access is supplemented by multi-factor authentication (MFA).
  • Ongoing updates to firewalls and intrusion prevention systems.
  • Defined user privileges (read, write, modify, delete) according to role.
  • Segregation of duties to reduce risks of unauthorized changes.
  • Comprehensive logs recording data access and system modifications.
  • Regular log reviews to identify anomalies or unauthorized activities.
  • Distinct environments for development, testing, and production.
  • Controlled release processes to minimize vulnerabilities during deployment.
  • Cryptographic checks to maintain data consistency.
  • Secure handling and certified disposal of physical media.
• Incident response
  • Development and maintenance of a comprehensive incident response plan specifically addressing data and AI systems.
  • Regular incident response drills to prepare for potential security incidents.
  • Affected systems are isolated promptly to prevent further damage.

If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us at privacy@grantassistant.ai.

‍

6. Exercising your data subject rights:

You have the following rights with respect to us regarding the data relating to you:

• Right to information about your stored personal data, its origin and possible recipients and the purpose of the data processing (Art. 15 GDPR);
• Right to rectification of inaccurate data (Art. 16  GDPR);
• Right to erasure of processed personal data, unless processed to fulfill a legal obligation or public interest (Art.17 GDPR), or there are statutory retention periods;
• Right to restriction of processing (Art. 18 GDPR);
• Right to data portability but only in instances where data is processed on the basis of consent or performance of a contract (Art. 20 GDPR).

You have the right to revoke your consent at any time. This means that we will no longer process the data based on this consent in the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

If we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time on grounds relating to your particular situation. If it is a matter of objecting to the processing of data for direct marketing purposes, you have a general right of objection, which will also be implemented by us without giving reasons.

If you wish to exercise your right of revocation or objection, it is sufficient to send an informal message to the above contact details.

Please get in touch using the following: privacy@grantassistant.ai.

When you submit your request through the email, you will receive a copy at the email address you indicate. We will strive to address your subject right request at the earliest but no later than within a month of receiving it.

If you are in the EU and have not received a response from us or are not satisfied with our response, you have the right to lodge a complaint with the data protection authority where you reside.