Privacy Policy

Last Updated: 19 Oct 2025

1. Introduction

Grantmaker is developed, maintained and owned by Deerleap Innovations Ltd. ("we", "us", "our", or "the Company"). We are committed to protecting your personal data and respecting your privacy.

This Privacy Policy explains how we collect, use, process, and protect your personal information when you use our SaaS platform at https://grantmaker.co.uk (the "Service"). This policy applies to all users of our Service.

Deerleap Innovations Ltd. is a limited company registered in England and Wales (Company Number: ) with our registered office at .

We are the data controller responsible for your personal data. This means we determine how and why your personal data is processed.

2. Legal Basis for Processing

We process your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We only process your personal data when we have a legal basis to do so:

Contract Performance: Processing necessary to provide our Service to you
Consent: You have given clear consent for specific processing activities
Legitimate Interests: Processing necessary for our legitimate business interests
Legal Obligation: Processing required to comply with the law

3. Information We Collect

3.1 Information You Provide to Us

Account Information:

Full name
Email address
Company name (if applicable)

Billing Information:

Billing address
Payment card information (processed securely by Stripe)
VAT number (if applicable)

Content and Usage Data:

Files, documents, and data you upload to the Service
Content you create, store, or share through the Service
Messages and communications sent through the Service
Settings and preferences

3.2 Information We Collect Automatically

Technical Information:

IP address
Browser type and version
Device type and operating system
Time zone setting and location
Browser plug-in types and versions
Pages visited and features used
Time and date of your visit
Referral source

Analytics Data:

Usage patterns and interactions with the Service
Session recordings and heatmaps
Performance metrics
Error logs and diagnostic data

3.3 Information from Third Parties

We may receive information from:

Payment processors (Stripe) regarding transaction status
Authentication services if you sign up using third-party accounts

4. How We Use Your Information

We use your personal data for the following purposes:

4.1 To Provide and Maintain Our Service

Create and manage your account
Process your subscription and payments
Provide customer support
Deliver the core functionality of our platform
Send service-related communications (updates, security alerts, etc.)

Legal Basis: Contract Performance

4.2 To Improve and Develop Our Service

Analyze usage patterns and user behavior
Conduct research and development
Test new features and functionality
Monitor and improve performance
Fix bugs and technical issues

Legal Basis: Legitimate Interests

4.3 To Communicate With You

Send you updates about the Service
Respond to your inquiries and support requests
Send marketing communications (with your consent)
Provide information about new features
Send administrative information

Legal Basis: Contract Performance, Consent (for marketing)

4.4 For Security and Fraud Prevention

Detect and prevent fraud
Monitor for security threats
Protect against malicious activity
Enforce our Terms of Service

Legal Basis: Legitimate Interests, Legal Obligation

4.5 To Comply With Legal Obligations

Respond to legal requests
Comply with applicable laws and regulations
Exercise or defend legal claims
Meet tax and accounting requirements

Legal Basis: Legal Obligation

5. AI and Large Language Model Processing

Our Service uses artificial intelligence and large language models (LLMs) provided by Anthropic, OpenAI, and Google to enhance functionality and provide intelligent features.

5.1 How AI Processes Your Data

When you use AI-powered features:

Your inputs and content may be processed by third-party LLM providers
Processing occurs to generate responses, suggestions, or insights
Data is processed according to our agreements with these providers

Legal Basis: Contract Performance (when necessary for Service functionality), Consent (for optional AI features)

We do not sell your personal data. We share your information only in the following circumstances:

6.1 Service Providers

We share data with trusted third-party service providers who process data on our behalf:

Stripe (Payment Processing)

Purpose: Process payments and manage subscriptions
Data Shared: Name, email, billing address, payment information
Location: EU/EEA
Legal Basis: Contract Performance

Amazon Web Services (AWS) (Cloud Hosting and Email)

Purpose: Host our platform and send transactional emails
Data Shared: All data stored on our platform
Location: EU (servers located in EU regions only)
Legal Basis: Contract Performance

Analytics

Purpose: Website analytics and user experience optimization
Data Shared: Usage data, session recordings, technical information
Location: USA (Standard Contractual Clauses apply)
Legal Basis: Consent

All service providers are contractually required to:

Keep your data secure
Use data only for specified purposes
Comply with data protection laws
Delete or return data when no longer needed

6.2 Legal Requirements

We may disclose your information:

To comply with legal obligations
To respond to valid legal requests from authorities
To protect our rights, property, or safety
To enforce our Terms of Service
In connection with legal proceedings

6.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your personal data may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

We may share your information for other purposes with your explicit consent.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Account Data: Retained while your account is active and for 30 days after account deletion (to allow for account recovery)

Billing Data: Retained for 7 years to comply with tax and accounting regulations

Usage Data: Retained for up to 2 years for analytics and service improvement

AI Processing Data: Processed in real-time; temporary retention by AI providers for up to 30 days for abuse monitoring only

Support Communications: Retained for 3 years

Marketing Data: Retained until you withdraw consent or for 2 years of inactivity

After the retention period, we securely delete or anonymize your personal data.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

Technical Measures:

Encryption in transit (TLS/SSL)
Encryption at rest
Secure password hashing
Regular security testing and audits
Firewalls
Secure backup systems

Organizational Measures:

Access controls and authentication
Employee training on data protection
Data protection policies and procedures
Regular security reviews
Incident response procedures

9. International Data Transfers

All our primary servers are located in the European Union, and we do not routinely transfer data outside the EU/EEA.

However, some of our service providers are located in the United States. When we transfer data to these providers, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs): Approved by the European Commission
Data Processing Agreements: Ensuring GDPR-compliant data processing
Additional Security Measures: As required by GDPR

You have the right to request information about these safeguards by contacting us.

10. Your Rights

Under UK GDPR and Data Protection Act 2018, you have the following rights:

10.1 Right of Access

You can request a copy of your personal data we hold about you.

10.2 Right to Rectification

You can correct inaccurate or incomplete personal data.

10.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data in certain circumstances.

10.4 Right to Restrict Processing

You can request that we limit how we use your personal data.

10.5 Right to Data Portability

You can receive your personal data in a structured, commonly used format and transfer it to another service.

10.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Where we rely on consent, you can withdraw it at any time.

10.8 Right Not to Be Subject to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that significantly affects you.

10.9 How to Exercise Your Rights

You can exercise these rights through your account settings or by contacting us at hello@grantmaker.co.uk.

Account Settings Allow You To:

Update your account information
Change your email preferences
Delete your account
Export your data
Manage cookie preferences

We will respond to your request within one month. In complex cases, we may extend this by two additional months.

11. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us, and we will delete such information.

12. Marketing Communications

With your consent, we may send you marketing communications about our Service, features, promotions, and updates.

You can opt out at any time by:

Clicking "unsubscribe" in any marketing email
Updating preferences in your account settings
Contacting us at hello@grantmaker.co.uk

We will always send you essential service-related communications regardless of marketing preferences.

13. Cookies

We use cookies and similar tracking technologies. For detailed information, please see our Cookies Policy.

14. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will:

Update the "Last Updated" date
Notify you by email or through a prominent notice on our Service
Obtain your consent if required by law

We encourage you to review this Privacy Policy periodically.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Deerleap Innovations Ltd.
Email: hello@grantmaker.co.uk
Address:

17. Complaints

You have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO)
Website: https://ico.org.uk/
Telephone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would appreciate the opportunity to address your concerns before you contact the ICO, so please contact us first.

Privacy Policy

Last Updated: 19 Oct 2025

1. Introduction

Grantmaker is developed, maintained and owned by Deerleap Innovations Ltd. ("we", "us", "our", or "the Company"). We are committed to protecting your personal data and respecting your privacy.

Deerleap Innovations Ltd. is a limited company registered in England and Wales (Company Number: ) with our registered office at .

We are the data controller responsible for your personal data. This means we determine how and why your personal data is processed.

2. Legal Basis for Processing

Contract Performance: Processing necessary to provide our Service to you
Consent: You have given clear consent for specific processing activities
Legitimate Interests: Processing necessary for our legitimate business interests
Legal Obligation: Processing required to comply with the law

3. Information We Collect

3.1 Information You Provide to Us

Account Information:

Full name
Email address
Company name (if applicable)

Billing Information:

Billing address
Payment card information (processed securely by Stripe)
VAT number (if applicable)

Content and Usage Data:

Files, documents, and data you upload to the Service
Content you create, store, or share through the Service
Messages and communications sent through the Service
Settings and preferences

3.2 Information We Collect Automatically

Technical Information:

IP address
Browser type and version
Device type and operating system
Time zone setting and location
Browser plug-in types and versions
Pages visited and features used
Time and date of your visit
Referral source

Analytics Data:

Usage patterns and interactions with the Service
Session recordings and heatmaps
Performance metrics
Error logs and diagnostic data

3.3 Information from Third Parties

We may receive information from:

Payment processors (Stripe) regarding transaction status
Authentication services if you sign up using third-party accounts

4. How We Use Your Information

We use your personal data for the following purposes:

4.1 To Provide and Maintain Our Service

Create and manage your account
Process your subscription and payments
Provide customer support
Deliver the core functionality of our platform
Send service-related communications (updates, security alerts, etc.)

Legal Basis: Contract Performance

4.2 To Improve and Develop Our Service

Analyze usage patterns and user behavior
Conduct research and development
Test new features and functionality
Monitor and improve performance
Fix bugs and technical issues

Legal Basis: Legitimate Interests

4.3 To Communicate With You

Send you updates about the Service
Respond to your inquiries and support requests
Send marketing communications (with your consent)
Provide information about new features
Send administrative information

Legal Basis: Contract Performance, Consent (for marketing)

4.4 For Security and Fraud Prevention

Detect and prevent fraud
Monitor for security threats
Protect against malicious activity
Enforce our Terms of Service

Legal Basis: Legitimate Interests, Legal Obligation

4.5 To Comply With Legal Obligations

Respond to legal requests
Comply with applicable laws and regulations
Exercise or defend legal claims
Meet tax and accounting requirements

Legal Basis: Legal Obligation

5. AI and Large Language Model Processing

Our Service uses artificial intelligence and large language models (LLMs) provided by Anthropic, OpenAI, and Google to enhance functionality and provide intelligent features.

5.1 How AI Processes Your Data

When you use AI-powered features:

Your inputs and content may be processed by third-party LLM providers
Processing occurs to generate responses, suggestions, or insights
Data is processed according to our agreements with these providers

Legal Basis: Contract Performance (when necessary for Service functionality), Consent (for optional AI features)

We do not sell your personal data. We share your information only in the following circumstances:

6.1 Service Providers

We share data with trusted third-party service providers who process data on our behalf:

Stripe (Payment Processing)

Purpose: Process payments and manage subscriptions
Data Shared: Name, email, billing address, payment information
Location: EU/EEA
Legal Basis: Contract Performance

Amazon Web Services (AWS) (Cloud Hosting and Email)

Purpose: Host our platform and send transactional emails
Data Shared: All data stored on our platform
Location: EU (servers located in EU regions only)
Legal Basis: Contract Performance

Analytics

Purpose: Website analytics and user experience optimization
Data Shared: Usage data, session recordings, technical information
Location: USA (Standard Contractual Clauses apply)
Legal Basis: Consent

All service providers are contractually required to:

Keep your data secure
Use data only for specified purposes
Comply with data protection laws
Delete or return data when no longer needed

6.2 Legal Requirements

We may disclose your information:

To comply with legal obligations
To respond to valid legal requests from authorities
To protect our rights, property, or safety
To enforce our Terms of Service
In connection with legal proceedings

6.3 Business Transfers

We may share your information for other purposes with your explicit consent.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Account Data: Retained while your account is active and for 30 days after account deletion (to allow for account recovery)

Billing Data: Retained for 7 years to comply with tax and accounting regulations

Usage Data: Retained for up to 2 years for analytics and service improvement

AI Processing Data: Processed in real-time; temporary retention by AI providers for up to 30 days for abuse monitoring only

Support Communications: Retained for 3 years

Marketing Data: Retained until you withdraw consent or for 2 years of inactivity

After the retention period, we securely delete or anonymize your personal data.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

Technical Measures:

Encryption in transit (TLS/SSL)
Encryption at rest
Secure password hashing
Regular security testing and audits
Firewalls
Secure backup systems

Organizational Measures:

Access controls and authentication
Employee training on data protection
Data protection policies and procedures
Regular security reviews
Incident response procedures

9. International Data Transfers

All our primary servers are located in the European Union, and we do not routinely transfer data outside the EU/EEA.

However, some of our service providers are located in the United States. When we transfer data to these providers, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs): Approved by the European Commission
Data Processing Agreements: Ensuring GDPR-compliant data processing
Additional Security Measures: As required by GDPR

You have the right to request information about these safeguards by contacting us.

10. Your Rights

Under UK GDPR and Data Protection Act 2018, you have the following rights:

10.1 Right of Access

You can request a copy of your personal data we hold about you.

10.2 Right to Rectification

You can correct inaccurate or incomplete personal data.

10.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data in certain circumstances.

10.4 Right to Restrict Processing

You can request that we limit how we use your personal data.

10.5 Right to Data Portability

You can receive your personal data in a structured, commonly used format and transfer it to another service.

10.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Where we rely on consent, you can withdraw it at any time.

10.8 Right Not to Be Subject to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that significantly affects you.

10.9 How to Exercise Your Rights

You can exercise these rights through your account settings or by contacting us at hello@grantmaker.co.uk.

Account Settings Allow You To:

Update your account information
Change your email preferences
Delete your account
Export your data
Manage cookie preferences

We will respond to your request within one month. In complex cases, we may extend this by two additional months.

11. Children's Privacy

12. Marketing Communications

With your consent, we may send you marketing communications about our Service, features, promotions, and updates.

You can opt out at any time by:

Clicking "unsubscribe" in any marketing email
Updating preferences in your account settings
Contacting us at hello@grantmaker.co.uk

We will always send you essential service-related communications regardless of marketing preferences.

13. Cookies

We use cookies and similar tracking technologies. For detailed information, please see our Cookies Policy.

14. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will:

Update the "Last Updated" date
Notify you by email or through a prominent notice on our Service
Obtain your consent if required by law

We encourage you to review this Privacy Policy periodically.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Deerleap Innovations Ltd.
Email: hello@grantmaker.co.uk
Address:

17. Complaints

You have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO)
Website: https://ico.org.uk/
Telephone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would appreciate the opportunity to address your concerns before you contact the ICO, so please contact us first.

Privacy Policy

1. Introduction

2. Legal Basis for Processing

3. Information We Collect

3.1 Information You Provide to Us

3.2 Information We Collect Automatically

3.3 Information from Third Parties

4. How We Use Your Information

4.1 To Provide and Maintain Our Service

4.2 To Improve and Develop Our Service

4.3 To Communicate With You

4.4 For Security and Fraud Prevention

4.5 To Comply With Legal Obligations

5. AI and Large Language Model Processing

5.1 How AI Processes Your Data

6. How We Share Your Information

6.1 Service Providers

6.2 Legal Requirements

6.3 Business Transfers

6.4 With Your Consent

7. Data Retention

8. Data Security

9. International Data Transfers

10. Your Rights

10.1 Right of Access

10.2 Right to Rectification

10.3 Right to Erasure ("Right to be Forgotten")

10.4 Right to Restrict Processing

10.5 Right to Data Portability

10.6 Right to Object

10.7 Right to Withdraw Consent

10.8 Right Not to Be Subject to Automated Decision-Making

10.9 How to Exercise Your Rights

11. Children's Privacy

12. Marketing Communications

13. Cookies

14. Third-Party Links

15. Changes to This Privacy Policy

16. Contact Us

17. Complaints

Privacy Policy

1. Introduction

2. Legal Basis for Processing

3. Information We Collect

3.1 Information You Provide to Us

3.2 Information We Collect Automatically

3.3 Information from Third Parties

4. How We Use Your Information

4.1 To Provide and Maintain Our Service

4.2 To Improve and Develop Our Service

4.3 To Communicate With You

4.4 For Security and Fraud Prevention

4.5 To Comply With Legal Obligations

5. AI and Large Language Model Processing

5.1 How AI Processes Your Data

6. How We Share Your Information

6.1 Service Providers

6.2 Legal Requirements

6.3 Business Transfers

6.4 With Your Consent

7. Data Retention

8. Data Security

9. International Data Transfers

10. Your Rights

10.1 Right of Access

10.2 Right to Rectification

10.3 Right to Erasure ("Right to be Forgotten")

10.4 Right to Restrict Processing

10.5 Right to Data Portability

10.6 Right to Object

10.7 Right to Withdraw Consent

10.8 Right Not to Be Subject to Automated Decision-Making

10.9 How to Exercise Your Rights

11. Children's Privacy

12. Marketing Communications

13. Cookies

14. Third-Party Links

15. Changes to This Privacy Policy

16. Contact Us

17. Complaints