GrantMatch Privacy Policy

 

Protecting your privacy is important to GrantMatch. This Policy explains how we collect, use, store, share, and protect personal information. It applies to our website, the GrantMatch Hub, FAST, and any related services provided by GrantMatch (collectively, the “Services”). 

1. Your Consent

By using the Services, you consent to the collection, use, and disclosure of your personal information in accordance with this Policy. Where required by law (e.g., Quebec’s Law 25, GDPR), we will seek your express consent before collecting or using sensitive personal information or before using information for a new purpose. 

 

2. Information We Collect

Automatically Collected Information 

  • Internet Protocol (IP) address, browser type, operating system 
  • Date, time, and pages visited 
  • Referring website 
  • Cookies and similar technologies (used to remember preferences, improve usability, and analyze traffic) 

You may decline cookies in your browser settings; however, some features may not function properly. 

Personal Information You Provide 

  • Name, email, postal address, and phone number 
  • Company details (e.g., sector, size, region) 
  • Information provided when registering, subscribing, or communicating with us 

Information from Third Parties 

We may receive additional information about you from service providers or references, where permitted by law. 

 

3. How We Use Your Information

  • To provide, maintain, and improve our Services 
  • To respond to inquiries and support requests 
  • To create and manage user profiles and accounts 
  • To send updates, communications, and promotional content (you may opt out at any time) 
  • To comply with legal requirements and enforce agreements 
  • To analyze and improve user experience 

We do not sell personal information. 

 

4. Sharing and Disclosure

  • Service Providers: We share data with trusted vendors (e.g., hosting, HR, analytics) under strict contractual terms requiring equivalent privacy safeguards. 
  • Business Transfers: If GrantMatch undergoes a merger, acquisition, or sale, personal information may be transferred under confidentiality agreements. 
  • Legal Obligations: We may disclose information to legal authorities where required by law, subpoena, or court order. 
  • International Transfers: Data may be processed in Canada, the United States, or other jurisdictions where our service providers operate. When data is transferred outside your jurisdiction, we use contractual and organizational safeguards to ensure adequate protection. 

 

5. Storage, Security, and Encryption

  • Personal information is stored in secure systems (e.g., Heroku, AWS, BambooHR). 
  • Encryption: All personal data is encrypted in transit (TLS 1.2+) and at rest (AES-256 or equivalent). 
  • Access Controls: Role-based access and the principle of least privilege apply to all systems. 
  • Monitoring: Logs and alerts are maintained to detect unauthorized access or suspicious activity. 

 

6. Data Retention and Disposal

  • We retain personal information only as long as necessary to fulfill business purposes or meet legal/regulatory requirements. 
  • Retention timelines vary (e.g., client project data, employment records, tax-related information). 
  • Once data is no longer required, it is securely deleted from electronic systems or destroyed through secure shredding (for physical documents). 
  • Vendor systems (Heroku, AWS) follow industry-standard deletion protocols.

 

7. Your Rights

Depending on your jurisdiction (e.g., Canada’s PIPEDA, Quebec’s Law 25, EU GDPR), you may have the right to: 

  • Access and request a copy of your personal information 
  • Correct inaccuracies in your information 
  • Withdraw consent for processing (where consent is the legal basis) 
  • Request deletion of your information (subject to legal/contractual retention limits) 
  • Request information about data transfers outside your jurisdiction 

To exercise these rights, contact our Privacy Manager (see Section 10). 

 

8. Breach Notification and Incident Response

GrantMatch has an Incident Response Plan in place. If a breach of personal information occurs that creates a real risk of significant harm, affected individuals and regulators will be notified in accordance with applicable privacy laws (e.g., PIPEDA, Quebec Law 25, GDPR). 

 

9. Children’s Privacy

Our Services are not directed at children under 16. We do not knowingly collect personal information from children. 

 

10. Contact Information

Questions, requests, or complaints about this Policy or our data practices can be directed to: 

 

Privacy Manager, GrantMatch Corp. 
GrantMatch Corp. 
2275 Upper Middle Rd E, Oakville, ON L6H 0C3 
privacymanager@grantmatch.com 

 

If unresolved, you may contact the Office of the Privacy Commissioner of Canada or your applicable local regulator (e.g., Quebec’s Commission d’accès à l’information or EU Data Protection Authority). 

11. Updates to this Policy

This Policy may be updated from time to time. The most current version will always be available on our website. Where changes are material, we will provide appropriate notice (e.g., email or in-app notification). Continued use of our Services after changes take effect constitutes acceptance of the updated Policy. 

 

© 2025 GrantMatch Corp. All Rights Reserved.