Privacy Policy

Last updated: April 2025

1. Who We Are

UKGrantMatch operates ukgrantmatch.co.uk, a grant discovery platform for UK organisations. This policy explains how we collect, use, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR).

Contact: hello@ukgrantmatch.co.uk

2. Data We Collect

  • Account data: email address, organisation name, organisation type, password (hashed)
  • Profile data: organisation profiles you create including sector, region, contact details, and notes
  • Usage data: grants you save, alerts you set, searches you perform
  • Payment data: handled entirely by Paddle — we do not store card details
  • Technical data: IP address, browser type, device type, pages visited

3. How We Use Your Data

  • To provide and improve the UKGrantMatch service
  • To send grant alerts and deadline notifications you have opted into
  • To process payments and manage your subscription
  • To provide AI-powered grant recommendations based on your profiles
  • To send essential account communications (password resets, billing notices)

4. Legal Basis for Processing

We process your data under the following legal bases: Contract (to deliver the service you signed up for); Legitimate interests (to improve the service and prevent fraud); Consent (for marketing communications, where applicable).

5. Data Sharing

We do not sell your personal data. We share data only with:

  • Paddle — payment processing
  • Amazon Web Services — cloud hosting and database storage
  • OpenAI — AI features (grant recommendations, proposal letters). Only profile description data is shared, never personal contact details.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or financial compliance purposes.

7. Your Rights

Under UK GDPR you have the right to: access your data; correct inaccurate data; delete your data; restrict or object to processing; data portability. To exercise any of these rights, email us at hello@ukgrantmatch.co.uk.

8. Cookies

We use essential cookies only — for authentication and session management. We do not use tracking or advertising cookies.

9. Security

All data is transmitted over HTTPS. Passwords are stored as bcrypt hashes. Our database is hosted on AWS RDS with access restricted to our application servers only.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by email. The latest version is always available at ukgrantmatch.co.uk/privacy.