Privacy policy

This privacy policy explains how Grant Tracker collects, uses, and protects your personal data. Grant Tracker is operated by Paul Kilty as a sole trader, based in Brighton, United Kingdom.

If you have any questions about this policy or how we handle your data, please email hello@granttracker.co.uk.

Who we are

Grant Tracker is a service that helps UK charities, community interest companies, social enterprises, co-operatives, and impact-focused organisations discover and manage funding opportunities.

For the purposes of UK data protection law, the data controller is:

Paul Kilty, sole trader, trading as Grant Tracker
Email: hello@granttracker.co.uk

What data we collect

We collect the following categories of personal data:

Account data. When you create an account, we collect your first name, organisation name, email address, and an encrypted version of your password.

Profile data. When you complete your organisation profile, you may provide additional information including your organisation type, sectors and beneficiaries you serve, geographic focus, and information about your funding history. This data is used to match you with relevant funding opportunities.

Application data. If you apply to join the founding cohort, we collect the responses you provide on the application form, including your contact details and the information you share about your organisation and fundraising context.

Usage data. We collect aggregate, anonymised data about how the service is used, such as which pages are visited and which features are most useful. We use this to improve the service. We do not use this data to identify individual users.

Communications data. If you email us or respond to our messages, we keep a record of the correspondence.

We do not knowingly collect data from children, and the service is not directed at people under 18.

How we use your data

We use your personal data for the following purposes:

To provide the service. This includes creating and managing your account, matching you with funding opportunities based on your profile, sending you alerts about deadlines you have set, and storing the funding pipeline you build.

To communicate with you. This includes responding to your questions, sending occasional product updates, and contacting you for monthly cohort check-ins if you are a founding cohort member.

To improve the service. We use anonymised usage data to understand which features are working and where the product needs to improve.

To comply with our legal obligations. This includes responding to lawful requests from regulators and authorities, and maintaining records where required by law.

Legal basis for processing

Under UK GDPR, we rely on the following legal bases:

Contract. Most of our processing is necessary to provide the service you have signed up for. This covers account management, profile data, and the core matching and tracking functions.

Legitimate interests. We rely on legitimate interests for activities such as improving the service, responding to your enquiries, and contacting cohort members for feedback. We have considered the impact on you and believe these uses are proportionate.

Consent. Where you have given consent, for example to receive marketing communications or to allow analytics cookies, we rely on that consent. You can withdraw consent at any time.

Legal obligation. Where we are required by law to retain or disclose data, we rely on that legal obligation.

Who we share your data with

We share your data only with the following categories of recipient, and only as necessary:

Service providers. We use trusted third-party providers to run the service. These are:

• Supabase stores your account data, profile data, and pipeline data. Supabase is a data processor acting on our instructions. Their privacy policy is at supabase.com/privacy.
• Vercel hosts the website and processes the technical requests needed to load pages. Vercel acts as a data processor. Their privacy policy is at vercel.com/legal/privacy-policy.

We do not sell your personal data to anyone. We do not share your organisation's data with funders, other organisations, or third parties without your explicit permission.

Legal disclosures. We may disclose your data if required by law, court order, or to protect our legal rights, but only to the extent necessary.

Where your data is stored

Our service providers operate data centres in the United Kingdom, the European Union, and the United States. Where data is transferred outside the UK, the providers we use rely on appropriate safeguards such as Standard Contractual Clauses or UK Adequacy Decisions to ensure your data remains protected to UK GDPR standards.

How long we keep your data

We keep your account and profile data for as long as your account is active. If you close your account, we will delete or anonymise your personal data within 30 days, except where we are required by law to keep it for longer.

Application data from people who applied to the founding cohort but were not accepted is kept for up to 12 months in case future cohort spots open up, and then deleted.

Email correspondence is kept for up to 24 months unless there is a specific reason to retain it longer.

Cookies and analytics

We use a small number of essential cookies that are necessary for the service to work, such as remembering that you are signed in.

We may also use a privacy-respecting analytics tool to understand how the service is used in aggregate. If we do, we will ask for your consent through a cookie banner before any non-essential cookies are set, and you can change your choice at any time.

We do not use advertising cookies, third-party trackers, or session recording tools.

Your rights

Under UK GDPR, you have the following rights in relation to your personal data:

The right to be informed about how we use your data, which is the purpose of this policy.

The right of access. You can ask us for a copy of the personal data we hold about you.

The right to rectification. You can ask us to correct inaccurate or incomplete data.

The right to erasure. You can ask us to delete your data, subject to certain exceptions.

The right to restrict processing. You can ask us to limit how we use your data.

The right to data portability. You can ask us to provide your data in a portable format.

The right to object. You can object to processing based on legitimate interests.

The right to withdraw consent at any time, where we are relying on consent.

To exercise any of these rights, please email hello@granttracker.co.uk. We will respond within one month.

If you are not satisfied with how we have handled your data, you have the right to complain to the Information Commissioner's Office (ICO), the UK data protection regulator. You can contact them at ico.org.uk or on 0303 123 1113.

Changes to this policy

We may update this policy from time to time. If we make significant changes, we will let you know by email or through a notice on the service. The “last updated” date at the top of this page will always show when the policy was last changed.

Contact us

If you have any questions about this privacy policy or how we handle your data, please email hello@granttracker.co.uk.