Last updated: March 2, 2026 | Effective from: March 2, 2026
This Privacy Policy describes how GrantSense AI, operated by Ataur Rahman from L24 A South Ex. Delhi - 110049, collects, uses, stores, protects, and discloses personal and organizational information when you use our web-based Software-as-a-Service (SaaS) platform. This policy applies to all users of the GrantSense AI platform, including visitors, registered Free Plan users, and paid Pro Plan subscribers. By accessing or using GrantSense AI, you consent to the data practices described in this policy. This policy is drafted in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 of India.
1.1 Information You Provide Directly: When you create an account on GrantSense AI, we collect the following information that you voluntarily provide: (a) Email Address: Collected during the registration process for account creation, authentication via One-Time Password (OTP), and communication purposes. This is the only mandatory personal information required. (b) Organization Name: The name of your NGO or non-profit organization as registered with the relevant authorities. (c) DARPAN Unique ID: Your organization unique identification number as assigned by the NITI Aayog NGO DARPAN portal, if applicable. (d) Sector of Operation: The primary sector in which your organization operates, such as Education, Healthcare, Rural Development, Women Empowerment, etc. (e) State and District: The geographic location of your organization primary operations, selected from our database of 36 Indian states and union territories and 770+ districts. (f) Phone Number: Optional contact number for your organization. (g) Organization Description: A brief description of your organization mission, activities, and focus areas. (h) Payment Information: When purchasing the Pro Plan, payment is processed entirely through Razorpay. We do not directly collect, store, or have access to your credit card numbers, debit card numbers, UPI PINs, net banking passwords, or any other sensitive financial information. All payment data is handled by Razorpay in compliance with PCI DSS standards.
1.2 Information Collected Automatically: When you use GrantSense AI, we automatically collect certain technical and usage information: (a) Log Data: Server logs that include your IP address, browser type and version, operating system, referring URL, pages visited within the platform, timestamps of access, and response codes. (b) Device Information: General information about the device used to access the platform, including device type (desktop, mobile, tablet), screen resolution, and browser language settings. (c) Usage Data: Information about how you interact with the platform, including grant searches performed, filters applied, proposals generated, pages viewed, features used, and time spent on different sections of the platform. (d) Cookies: Essential session cookies for authentication and maintaining your logged-in state. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. Details about our cookie usage are provided in Section 7 of this policy.
1.3 Information Generated by Our Service: During your use of GrantSense AI, the following information is generated and stored: (a) AI-Generated Proposals: The text content of grant proposals generated by our AI system based on your organizational profile and the selected grant requirements. (b) Eligibility Scores: Numerical scores indicating your organization match percentage with specific grants, calculated based on your profile data and grant criteria. (c) Submission History: Records of which grants you have explored, saved, or for which you have generated proposals.
We use the information collected for the following purposes: (a) Service Delivery: To provide and maintain the GrantSense AI platform, including user authentication, profile management, grant discovery, eligibility scoring, and AI proposal generation. Your organizational profile data is essential for our AI to generate relevant and customized grant proposals. (b) Communication: To send you transactional emails including OTP codes for authentication, subscription confirmation, payment receipts, and important service announcements. Pro Plan subscribers may also receive grant deadline reminders and new grant notifications relevant to their sector and location. (c) Service Improvement: To analyze aggregate usage patterns and identify areas for platform improvement. This includes understanding which features are most used, which grant categories are most searched, and how users navigate the platform. We use this data in aggregated, anonymized form and do not perform individual user profiling for purposes other than service delivery. (d) Customer Support: To respond to your queries, troubleshoot technical issues, and provide assistance with platform features. (e) Legal Compliance: To comply with applicable Indian laws, regulations, legal processes, or government requests, including the Information Technology Act, 2000 and related rules. (f) Security: To detect, prevent, and address technical issues, fraud, unauthorized access, and other security threats to the platform and its users.
3.1 Storage Location: All user data is stored on servers located within the territory of India, in compliance with data localization requirements. Our database files are stored on secure cloud infrastructure with encryption at rest and in transit. 3.2 Retention Period: Active account data is retained for as long as your account remains active. If you cancel your Pro Plan, your data is retained for 12 months after the subscription expires to allow for potential re-subscription. For accounts that remain inactive (no login) for a continuous period of 24 months, we may send a reminder email and, if the account remains inactive for an additional 6 months, archive or delete the account data. Payment transaction records are retained for a minimum of 8 years in compliance with Indian tax and financial regulations. Server logs are retained for 90 days and then automatically purged.
4.1 We Do Not Sell Your Data: GrantSense AI does not sell, rent, lease, or trade your personal or organizational information to any third party for marketing, advertising, or any commercial purpose. This is an absolute policy with no exceptions. 4.2 Third-Party Service Providers: We share limited data with the following third-party service providers who process data on our behalf and are bound by contractual data protection obligations: (a) Razorpay (Payment Gateway): Receives your email address and payment amount for transaction processing. Razorpay is PCI DSS compliant and operates under its own privacy policy. (b) Resend (Email Service): Receives your email address for delivering transactional emails, OTP codes, and notifications. (c) AI Model Providers (OpenRouter, Groq, Google AI, Together AI, Cerebras, SambaNova, Novita): Receive the text prompt containing your organizational details and grant requirements for proposal generation. We do not send your email address or payment information to AI providers. The prompts sent to AI providers contain only the information necessary for proposal generation. 4.3 Legal Requirements: We may disclose your information if required to do so by law, court order, legal process, or government authority request. We may also disclose information if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. 4.4 Business Transfer: In the event that GrantSense AI undergoes a merger, acquisition, or sale of all or substantially all of its assets, user data may be transferred as part of the transaction. In such event, we will provide notice on our platform and via email to registered users before personal data is transferred and becomes subject to a different privacy policy.
We implement industry-standard security measures to protect your data from unauthorized access, alteration, disclosure, or destruction. These measures include: (a) Encryption: All data transmitted between your browser and our servers is encrypted using TLS 1.2/1.3 (Transport Layer Security) with 256-bit encryption. Database files are encrypted at rest using AES-256 encryption. (b) Authentication: We use OTP-based passwordless authentication, eliminating the risks associated with password storage, password reuse, and brute-force attacks. Session tokens are stored as HTTP-only, secure, same-site cookies to prevent cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. (c) Access Control: Access to user data within our systems is restricted to authorized personnel only on a need-to-know basis. All administrative access is logged and monitored. (d) Regular Backups: Automated daily backups of all data with encrypted storage and a retention period of 30 days. (e) Security Monitoring: Continuous monitoring for unusual access patterns, potential security threats, and vulnerabilities. While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to implementing and maintaining reasonable security practices as required by Indian law.
Under the Digital Personal Data Protection Act, 2023 and other applicable Indian laws, you have the following rights regarding your personal data: (a) Right to Access: You have the right to request access to the personal data we hold about you. You can view most of your data directly through your dashboard profile and settings. For a complete data export, contact support@grantsense.com. (b) Right to Correction: You have the right to request correction of inaccurate or incomplete personal data. You can update your organizational profile directly through the dashboard, or contact us for assistance. (c) Right to Erasure: You have the right to request deletion of your personal data. Upon receiving a verified deletion request, we will delete your personal data within 30 days, except where retention is required by law (such as payment records for tax compliance). (d) Right to Withdraw Consent: You can withdraw your consent for data processing at any time by deleting your account through the Settings page or by contacting us. Withdrawal of consent may result in the inability to use certain or all features of the platform. (e) Right to Grievance Redressal: You have the right to lodge a complaint with the Data Protection Board of India if you believe your data protection rights have been violated. (f) Right to Nominate: You have the right to nominate another individual to exercise your data protection rights in the event of your death or incapacity, as provided under the Digital Personal Data Protection Act, 2023.
GrantSense AI uses only essential cookies that are strictly necessary for the functioning of the platform. We do not use any non-essential cookies, tracking cookies, advertising cookies, or analytics cookies from third parties. The cookies we use are: (a) Session Cookie: An HTTP-only, secure cookie that maintains your authenticated session after you log in. This cookie expires when you log out or after 7 days of inactivity. (b) This cookie does not track your browsing activity on other websites, does not store personal information, and cannot be accessed by third-party scripts. You can configure your browser to reject cookies, but this will prevent you from using the authenticated features of GrantSense AI.
GrantSense AI is designed for use by registered non-governmental organizations and non-profit entities managed by adults. The platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a minor, we will take immediate steps to delete such data. If you are a parent or guardian and believe that your child has provided personal data to GrantSense AI, please contact us at support@grantsense.com.
While all primary user data is stored on servers within India, certain processing activities may involve cross-border data transfer to our third-party AI model providers whose servers may be located outside India. When such transfers occur, only the minimum necessary data (organizational profile details and grant requirements for proposal generation) is transmitted, and no sensitive personal data (email, payment information) is included. We ensure that any cross-border data transfer is conducted in compliance with the applicable provisions of the Digital Personal Data Protection Act, 2023 and the Information Technology Act, 2000.
We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or platform features. When we make material changes to this policy, we will: (a) Update the "Last updated" date at the top of this page. (b) Send an email notification to all registered users at least 15 days before significant changes take effect. (c) Display a prominent notice on the platform for at least 7 days after the update. Your continued use of GrantSense AI after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you should discontinue use of the platform and request deletion of your account.
In accordance with the Information Technology Act, 2000 and the rules made thereunder, the details of the Grievance Officer for GrantSense AI are as follows:
Name: Ataur Rahman. Designation: Founder and Grievance Officer. Address: L24 A South Ex. Delhi - 110049. Email: support@grantsense.com. Response Time: The Grievance Officer will acknowledge your complaint within 24 hours and resolve it within 30 days from the date of receipt of the complaint, in accordance with the applicable rules. Business Hours: Monday to Saturday, 10:00 AM to 6:00 PM IST (excluding public holidays).