Privacy Policy

1. Introduction

FaithStack LLC ("we," "our," or "us") operates Grants Quest (https://grants.quest), a platform helping churches, ministries, and nonprofits discover and apply for grants. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We respect your privacy and are committed to protecting your personal data. This policy will inform you about your privacy rights and how the law protects you.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Name and email address
• Password (stored securely using industry-standard hashing)
• Organization name and role

2.2 Organization Profile Data

To provide grant matching services, we collect:

• Organization name, EIN, and legal status
• Mission statement and programs
• Annual budget and staff size
• Geographic location and focus areas
• Grant history and documents you upload

2.3 Payment Information

Payment processing is handled by Stripe. We do not store your full credit card number, expiration date, or CVV. Stripe's privacy policy governs their use of your data. We retain only transaction IDs and billing history for your records.

2.4 Usage Data

We automatically collect:

• IP address and browser type
• Pages viewed and features used
• Search queries and grant interactions
• Device information and operating system

3. How We Use Your Information

We use your information to:

• Provide Services: Match your organization with relevant grants, track applications, and generate AI-assisted content
• Process Payments: Handle subscriptions and billing through Stripe
• Communicate: Send deadline reminders, grant alerts, and service updates
• Improve: Analyze usage patterns to enhance our platform and AI matching
• Support: Respond to inquiries and provide customer assistance
• Comply: Meet legal obligations and protect our rights

4. Data Sharing

We do not sell your personal information. We share data only with:

• Stripe: Payment processing
• Cloudflare: Infrastructure, security, and content delivery
• AI Providers: To power grant matching and writing assistance (data is not used to train models)
• Legal Requirements: When required by law or to protect rights and safety

5. Your Rights (GDPR & CCPA)

You have the right to:

• Access: Request a copy of your personal data
• Correct: Update inaccurate or incomplete information
• Delete: Request erasure of your personal data
• Export: Receive your data in a portable format
• Object: Opt out of certain processing activities
• Withdraw Consent: Revoke previously given consent

To exercise these rights, contact us at legal@grants.quest. We will respond within 30 days.

6. Cookies

We use essential cookies for authentication and security. Optional analytics cookies are only set with your consent. See our Cookie Policy for details.

7. Data Security

We protect your data using:

• TLS/SSL encryption for all data in transit
• Encrypted storage for sensitive data at rest
• Regular security audits and vulnerability testing
• Access controls and authentication requirements
• Cloudflare's enterprise security infrastructure

8. Data Retention

We retain your data as follows:

• Account Data: Until you delete your account, plus 30 days for recovery
• Application Data: 7 years for compliance and reporting purposes
• Payment Records: 7 years as required by financial regulations
• Usage Logs: 90 days for security and analytics

9. Children's Privacy

Grants Quest is not intended for users under 13 years of age. We do not knowingly collect information from children. If you believe a child has provided us with personal data, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email and/or a prominent notice on our website at least 30 days before the changes take effect.

11. Contact Us

For privacy-related inquiries, contact our Data Protection team: