Privacy Policy for Grantigo AB
Introduction

Grantigo ("we", "us") is committed to protecting your personal privacy. This Privacy Policy explains how we collect and use your personal data. It also describes your rights in relation to us and how you can exercise those rights. The policy applies to you when you create an account with us, visit our website, or otherwise come into contact with us.
Data Controller

Grantigo
Corporate Identity Number: 559539-2753
Address: Teknikringen 7, Linköping
Email: contact@grantigo.se

Grantigo is the data controller for the processing of your personal data in accordance with this policy.
What is personal data?

Personal data is any information that can be directly or indirectly linked to a living natural person. This includes, for example, names, personal identity numbers, email addresses, and researcher IDs, but also information about your education or professional role if it can be linked to you.
Where do we obtain your data?

We collect personal data about you in the following ways:

Data you provide to us: When you create an account, fill in your profile, upload a business plan, or contact our support.

Data from other sources: In order to match you with relevant grants, we may in some cases retrieve and supplement information from public registers, authorities, and other open sources ("web scraping") to keep our database of grants and applicants updated.


What personal data do we process and why?

Below we describe the purposes for which we process your personal data, the type of data involved, and the legal basis we rely on.

To manage your user account and deliver the service We process your data so that you can create an account, log in, and use our services in accordance with our Terms of Use.

Personal Data: Name, email address, phone number, address, age.

Legal Basis: Performance of a contract. The processing is necessary for us to deliver the service to you.

To match you with grants For our service to function, we analyze your profile to find relevant grants that fit your specific situation (e.g., based on education or geography).

Personal Data: Job title, level of education, graduation year, work experience, institution/company, and information in any business plans.

Legal Basis: Performance of a contract. The matching process is the core of our service.

For secure identification (Applies to Researchers and Farmers) For certain user categories, specifically researchers and farmers (sole proprietorships), secure identification is required to match against specific requirements of grant providers and to prevent misuse.

Personal Data: Personal identity number and/or Researcher ID (e.g., ORCID).

Legal Basis: Performance of a contract and a clearly motivated purpose for secure identification.

For support and communication To help you with technical problems and send important information about your account or the service.

Personal Data: Name, email, phone number, and case history.

Legal Basis: Performance of a contract (for account information) and Legitimate interest (to provide good service).


Note on company data: Information relating to legal entities (e.g., limited liability company registration numbers and general corporate plans) is normally not covered by GDPR, but is handled with confidentiality and high security in our systems.

To improve and develop the service (Feedback) We value your opinions. If you choose to submit feedback or suggestions to us, we process this to analyze how the service is used and to develop new features.

Personal Data: Any information you write in the free text field, as well as your User ID if you are logged in.

Legal Basis: Legitimate interest. Our interest in improving our services is deemed to outweigh the privacy intrusion, as the data primarily relates to your experience of the service and is purged regularly.

AI Chatbot and Virtual Advice


When you use our AI-based chatbot, we process the information you enter into the chat interface (free text) as well as technical logs (timestamp, IP address). The purpose is to provide quick guidance and answer questions about grants.

Important: Please avoid entering sensitive personal data (e.g., regarding health, ethnicity, or political views) in the chat. The data is processed by our AI provider (OpenAI in the USA) but is not retained to train their models (Zero Data Retention).

Who do we share the information with?

Service Providers (Data Processors): We share information with selected companies that help us deliver the service, such as providers of IT operations, server hosting, support systems, and AI services for matching. These companies may only process your data in accordance with our instructions and may not use it for their own purposes.
Where do we process your data?

Where do we process your personal data? We strive to ensure that all processing takes place within the EU/EEA. Our primary IT operations are located in Sweden.

However, for specific services, such as AI-based matching, data may be processed by providers in the USA (e.g., OpenAI). In these cases, we ensure the protection of your data by verifying that the provider is certified under the EU-US Data Privacy Framework.

How long do we keep the data?

We retain your personal data for as long as it is necessary for the purposes for which it was collected.

Active account: Data is stored as long as you have an account with us.

Closed account: If you choose to close your account, your data will be deleted or anonymized within 30 days.

Bookkeeping: Data required by the Bookkeeping Act (e.g., payment history) is stored for 7 years, even if you have closed your account.


Your Rights

According to the General Data Protection Regulation (GDPR), you have several rights regarding your personal data:

Right of access (Subject Access Request): You have the right to request an extract free of charge showing what personal data we have registered about you.

Right to rectification: You have the right to have incorrect data corrected or incomplete data supplemented.

Right to erasure ("The right to be forgotten"): You can request that we delete your personal data if it is no longer needed for the purpose, or if you withdraw your consent. (Note that we may have the right to deny your request if there are legal obligations, e.g., the Bookkeeping Act, preventing us).

Right to restriction: You have the right to demand that the processing of your data be restricted for a certain period (e.g., if you believe a piece of data is incorrect).

Right to data portability: You have the right to receive the data you have provided to us in a structured format in order to transfer it to another service.

Right to object: You have the right to object to processing based on a balancing of interests or direct marketing.


Do you want to exercise any of these rights? Contact us at contact@grantigo.se.If you believe that we are handling your personal data incorrectly, you also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY).
Cookies and similar technologies

We use cookies at Grantigo to ensure the service functions securely.

What is a cookie? A cookie is a small text file stored on your device when you visit our website.

Which cookies do we use?

Necessary cookies (Authentication): Currently, we only use cookies that are strictly necessary for you to be able to log in and remain logged in. These cookies do not require consent as the service cannot function without them. They are deleted automatically when you log out.

Analytics and tracking: We currently use no cookies for analysis (e.g., Google Analytics) or marketing. If we introduce such tools in the future, we will inform you and ask for your consent via a cookie banner before they are activated.


You can manage cookies yourself in your browser settings, but please keep in mind that if you block our necessary cookies, you will not be able to log in.
Contact

If you have questions about this privacy policy or our processing of your personal data, you are welcome to contact us.

Grantigo AB Email: contact@grantigo.se