Skip to main content
GrantPipe logo

Legal

Privacy Policy

Effective date: 28 May 2026

1. Who we are & our role

GrantPipe is a donor management and grant compliance platform for nonprofits, operated by Ventora Labs, a Wyoming corporation ("GrantPipe", "we", "us"). You can reach us at privacy@grantpipe.com or by mail at Ventora Labs, a Wyoming corporation, Sheridan, Wyoming.

We play two distinct roles depending on the data involved:

  • As a controller for the data we collect to run our business — your account details, billing information, marketing-list signups, and product analytics. This policy explains that processing.
  • As a processor for the records your organization enters into the app about its own donors, contacts, funders, grants, and uploaded documents. Your organization is the controller of that data and decides how it is used. Our handling of it is governed by our agreement with your organization (including any Data Processing Agreement), not by this policy.

2. What we collect

Account & identity data. Name, email address, hashed password (or a Google sign-in identifier if you use Google SSO), profile image URL if provided, and email-verification status.

Organization data. Organization name, EIN, address, time zone, fiscal-year settings, logo, plan and subscription status, and team membership/role/permission records.

Billing data. Subscription plan, billing cycle, status, and Stripe customer/subscription identifiers. Card and payment details are entered directly with our payment processor (Stripe) and are not stored on our servers.

Session & device data. Authentication session tokens, and the IP address and user-agent associated with a session.

Usage & activity data. Onboarding and in-app guide progress, an activity/audit log of changes you make, notifications, saved views, and import history.

Support & communications. Feedback you submit and emails we exchange with you.

External reviewer data. If your organization invites an auditor, funder, or board member to review evidence, we store that reviewer's name and email and an access log for their review sessions (IP and user-agent are stored only as a salted hash).

Marketing-list data. If you request a resource or join a list on our marketing site, we collect your email, optional first name, the page you came from, marketing campaign (UTM) parameters, and a consent timestamp.

Customer-controlled records (we process, not control). The donor/contact details, donation history, funder contacts, grant records, and documents your organization uploads. These may contain personal information about your organization's own constituents. We process them only to provide the service. Documents you upload may be sent to our AI extraction provider to auto-populate grant fields (see Sub-processors). Do not upload special-category/sensitive personal data unless your agreement with us permits it.

3. How and why we use data, and our legal bases

Where the UK/EU GDPR applies, we rely on the following legal bases (Art. 6(1) GDPR):

  • Performance of a contract — to create and operate your account, provide the service, process subscriptions, and provide support.
  • Legitimate interests — to secure the service, prevent fraud and abuse, maintain audit logs, understand product usage, and improve GrantPipe (balanced against your rights).
  • Consent — to send marketing emails and resource downloads when you opt in; you can withdraw consent at any time.
  • Legal obligation — to meet tax, accounting, and other legal requirements.

4. Sub-processors

We use the following service providers to operate GrantPipe. Each receives only the data needed for its function. This list reflects our configuration as of the effective date and may change as the service evolves.

  • Neon — managed PostgreSQL database hosting (US region).
  • Cloudflare — application/API hosting (Pages, Workers), file storage (R2) for uploaded documents, marketing-list storage (D1), and bot/abuse protection (Turnstile).
  • Stripe — subscription billing and payment processing.
  • Resend — transactional and nurture email delivery.
  • Google — optional Google single sign-on (OAuth).
  • PostHog — product analytics.
  • Sentry — error and performance monitoring.
  • OpenRouter — AI model access used to extract structured fields from grant documents you choose to process.

We do not sell your personal information.

5. International transfers

Our infrastructure and several sub-processors are located in the United States, so personal data may be transferred to and processed in the US. Where data is transferred out of the UK/EEA, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK Addendum) with the relevant provider.

6. Data retention

We keep account, organization, and customer-entered records for as long as your account is active. Many records use soft deletion, meaning they are marked deleted and removed from normal use but may persist in backups for a limited period before being purged. When your account is closed, we delete or anonymize personal data within a reasonable period, except where we must retain it to meet legal, tax, accounting, or audit obligations, or to resolve disputes. Marketing-list data is kept until you unsubscribe or request deletion.

7. Security

We take reasonable measures to protect personal data. Measures currently in place include:

  • Encryption of data in transit using TLS.
  • Passwords stored only as salted hashes (we never store plaintext passwords); optional Google SSO.
  • Per-organization data isolation (multi-tenant scoping) and role-based access controls.
  • External-reviewer access via expiring, revocable, hashed tokens, with an access audit log.
  • Signed, time-limited links for sensitive downloads.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Your rights

Under the UK/EU GDPR, you may have the right to access, correct, delete, restrict, or object to our processing of your personal data, to data portability, and to withdraw consent. You also have the right to lodge a complaint with your local data protection authority.

Under the California Consumer Privacy Act (CCPA/CPRA), California residents may have the right to know what personal information we collect and how we use and disclose it, to access and delete it, to correct inaccuracies, and to opt out of "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under the CPRA. We will not discriminate against you for exercising these rights.

To exercise any of these rights, email privacy@grantpipe.com. If we process data on behalf of your organization (as a processor), we will refer your request to that organization. You can unsubscribe from marketing emails at any time using the link in any such message.

9. Children

GrantPipe is a business tool not directed to children. We do not knowingly collect personal information from children under 13 (or under 16 in the EEA/UK). If you believe a child has provided us personal information, contact us and we will delete it.

10. Cookies and analytics

We use cookies that are necessary for authentication and to keep you signed in. We use PostHog for product analytics to understand how the site and app are used, and Cloudflare Turnstile to protect public forms from abuse. We do not use advertising cookies or cross-site advertising tracking.

11. Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the effective date above and, where appropriate, notify you. This policy is governed by the laws of Wyoming, without regard to conflict-of-laws rules.

12. Contact

Questions or requests about this policy or your data: email privacy@grantpipe.com or write to us at Ventora Labs, a Wyoming corporation, Sheridan, Wyoming.