Privacy Policy
1. Introduction
Grantias (“we,” “our,” or “us”) is a cloud-based AI platform headquartered in Tallinn, Estonia, dedicated to assisting individuals and organizations in developing and managing EU-funded and international projects.
This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website, applications, and services (“Services”).
We are committed to ensuring transparency, fairness, and accountability in all data processing activities, in full compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR), the Estonian Personal Data Protection Act, and other relevant international privacy laws.
​
2. Data Controller
GRANTIASHUB OÜ
Registered Office: Harju maakond, Tallinn, Lasnamäe linnaosa, Sepapaja tn 6, 15551 (Tallinn, Estonia)
Email: info@grantias.com
Website: www.grantias.com
​
3. Data We Collect
​
We collect data in order to deliver, improve, and secure our Services. The categories of data we may process include:
3.1. Information You Provide Directly
-
Account Data: Name, email address, organization, and password.
-
Project Data: Descriptions, objectives, budgets, and other materials you enter into Grantias modules (Maxim, Commo, Lucil, Proxi).
-
Payment Data: When applicable, billing details, tax numbers, and transaction records.
-
Communication Data: Feedback, support requests, and correspondence with our team.
3.2. Automatically Collected Information
-
Usage Data: Log files, pages visited, clicks, time spent, and feature interactions.
-
Device Data: IP address, browser type, operating system, and device identifiers.
-
Cookies and Tracking: Session cookies, analytics cookies, and preference storage.
3.3. AI Interaction Data
When you use AI modules (proposal generation or refinement), we may store:
-
Your prompts and generated outputs to improve service performance.
-
Metadata (timestamps, session IDs, usage statistics).
We do not use your content to train external AI models unless explicitly consented.
​
4. Legal Basis for Processing
Grantias processes personal data based on one or more of the following lawful grounds under Article 6 of the GDPR:
-
Consent (Art. 6(1)(a)): When you voluntarily share data or accept cookies.
-
Contractual Necessity (Art. 6(1)(b)): To provide you with requested Services.
-
Legal Obligation (Art. 6(1)(c)): To comply with tax, accounting, or regulatory requirements.
-
Legitimate Interest (Art. 6(1)(f)): For security, analytics, and service optimization.
5. Purpose of Processing
Your data is used strictly for:
-
Delivering and maintaining the Grantias platform and AI modules.
-
Managing user accounts, authentication, and billing.
-
Enhancing AI model performance and interface usability.
-
Responding to customer inquiries and technical support requests.
-
Monitoring system security and detecting fraud or misuse.
-
Complying with legal obligations and audits.
6. Data Retention
We retain personal data only as long as necessary:
-
User accounts: Retained until you delete or request removal.
-
Project data: Retained for up to 24 months after inactivity unless renewed.
-
Analytics and logs: Stored for up to 12 months for security and diagnostics.
After expiration, data is securely deleted or anonymized.
7. Data Sharing and International Transfers
Grantias does not sell personal data.
We may share limited data with:
-
Service Providers: For hosting, analytics, and secure payments (AWS, Stripe).
-
Legal Authorities: When required by law or for legal proceedings.
-
Affiliated Partners: Under strict confidentiality agreements for project collaboration.
If data is transferred outside the European Economic Area (EEA), we ensure compliance through Standard Contractual Clauses (SCCs) and equivalent safeguards.
8. Cookies and Tracking Technologies
Grantias uses cookies to enhance functionality and analyze usage.
Types include:
-
Essential Cookies: Required for login and session management.
-
Preference Cookies: Save user settings.
-
Analytics Cookies: Track performance and engagement metrics (Google Analytics).
You can manage or disable cookies through your browser settings at any time.
9. Data Security
We implement robust organizational and technical measures, including:
-
SSL/TLS encryption for all communications.
-
Secure password hashing and encrypted data storage.
-
Regular security audits and vulnerability testing.
-
Access controls and staff confidentiality training.
Despite best efforts, no system is entirely immune to breaches; in such cases, users will be promptly notified in accordance with GDPR Articles 33–34.
10. Your Rights
Under GDPR, you have the following rights:
-
Access: Request a copy of your personal data.
-
Rectification: Correct inaccuracies or incomplete information.
-
Erasure (“Right to be Forgotten”): Request deletion of your data.
-
Restriction: Limit how your data is used.
-
Data Portability: Receive data in a structured, machine-readable format.
-
Objection: Withdraw consent or object to certain processing activities.
Requests can be submitted to info@grantias.com. We respond within 30 days.
11. Third-Party Services
Our Services may integrate with or link to external tools such as:
-
Google Drive, Dropbox, Notion, and other productivity services.
-
OpenAI or other AI model providers for text generation.
These third parties operate under their own privacy policies. We encourage reviewing their respective terms before connection.
12. Children’s Data
Grantias is not designed for individuals under 16 years old.
We do not knowingly collect or process children’s personal data.
If you believe a minor has submitted data, contact us for immediate deletion.
13. Policy Updates
We may periodically update this Privacy Policy to reflect changes in technology, legislation, or our practices.
All revisions will be posted with an updated “Effective Date.”
Significant updates will be communicated via email or in-app notification.
14. Contact
For privacy concerns, data access requests, or complaints, please contact:
Data Protection Officer – Grantias
Email: info@grantias.com
Mail: Tallinn, Estonia