Your Privacy
Matters to Us
We're committed to protecting your personal data and being completely transparent about how we collect, use, and safeguard your information.
Last Updated: 10 August 2025
Privacy-First Principles
Secure by Design
Data encrypted in transit and at rest with enterprise-grade security
Transparent
Clear information about what data we collect and how we use it
GDPR Compliant
Full compliance with European data protection regulations
Your Control
Full rights to access, modify, or delete your personal data
What Data We Collect & Why
Information You Share
Waitlist & Contact
Email, name, company details for service delivery and updates
Service Information
Company documents, business details needed for grant applications
Communications
Email exchanges, support requests, and project discussions
Analytics & Performance
Website Usage
Pages visited, time spent, interactions to improve user experience
Technical Data
Browser type, device info, IP address for security and functionality
Cookies
Essential for functionality, analytics for improvements, preferences storage
Trusted Third-Party Services
We work with carefully selected partners to provide the best service. All have strong privacy protections and data processing agreements.
PostHog Analytics
EU-based website analytics and user behavior tracking
Data: Anonymized usage analytics
Hetzner Hosting
German cloud hosting for our platform and data storage
Data: All platform data
Google Gemini AI
AI-powered content generation for grant applications
Data: Company documents for AI processing
GetWaitlist
Waitlist management and email collection
Folk CRM
Customer relationship management and email marketing
Stripe Payments
Secure payment processing (when payment systems go live)
International Data Transfers
For services outside the EU (like Google Gemini), we ensure appropriate safeguards including Standard Contractual Clauses (SCCs), adequacy decisions, and additional technical measures to protect your data.
Complete Control Over Your Data
Under GDPR, you have comprehensive rights over your personal data. We make it easy to exercise them.
Access
See what data we have about you and get a copy
Rectify
Correct any inaccurate or incomplete information
Erase
Request deletion of your personal data
Portability
Get your data in a portable, machine-readable format
Object
Object to certain types of data processing
Restrict
Limit how we process your data in certain situations
Withdraw
Withdraw consent for data processing at any time
Complain
Lodge a complaint with data protection authorities
Exercise Your Rights
Contact us to exercise any of these rights. We'll respond within 30 days.
Email: mark@granthero.io
(Mark as "Data Protection Request")
How Long We Keep Your Data & Security Measures
Data Retention Periods
Waitlist Data
3 YearsFrom last interaction or until unsubscribed
Active Customer Data
Service + 7 YearsDuring relationship plus UK business requirements
Project Data
7 YearsAfter project completion for legal compliance
Analytics Data
2 YearsWebsite usage and performance analytics
Security Protections
Encryption
All data encrypted in transit (TLS) and at rest (AES-256)
Access Controls
Restricted access on need-to-know basis with multi-factor authentication
Regular Audits
Ongoing security reviews and vulnerability assessments
Staff Training
Regular privacy and security training for all team members
Incident Response
Procedures for handling any security breaches or incidents
About Cookies & Tracking
We use cookies to improve your experience, analyze usage, and remember your preferences. Here's exactly what we use and why.
Essential Cookies
Required for basic website functionality. Cannot be disabled.
Session Management
Keeps you logged in and maintains your session
Security
Protects against CSRF attacks and fraud
Analytics Cookies
Help us understand how visitors use our website to improve user experience.
PostHog Analytics
EU-based, privacy-focused website analytics
Usage Patterns
Page views, clicks, time spent on pages
Preference Cookies
Remember your settings and preferences for a better experience.
Theme Settings
Remember your preferred theme and layout
Language
Store your language preference
Managing Cookies
You can control cookies through your browser settings. Note that disabling certain cookies may affect website functionality. Most browsers allow you to refuse cookies or delete existing ones through their privacy settings.
Questions? We're Here to Help
Contact Grant Hero
Company Details
Company: Grant Hero Ltd
Registration: 15529017
Address: 73 Reigate Road, Reigate, RH2 0RE, UK
Email: mark@granthero.io
General Privacy Questions
Email us about this policy or our data practices
Data Protection Requests
Mark your email as "Data Protection Request" - we'll respond within 30 days
Legal & Compliance
Data Protection Authority
If you wish to lodge a complaint:
UK: Information Commissioner's Office (ICO) - ico.org.uk
EU: Your local data protection authority
Policy Updates
We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email and website notifications.
Children's Privacy
Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children.
By using our website and services, you acknowledge that you have read and understood this Privacy Policy.
We're committed to protecting your privacy and being transparent about our data practices. Questions? Just ask.