Privacy Policy

Last updated: March 8, 2026

NeuralGrant, Inc. (“NeuralGrant,” “we,” “us”) operates the NeuralGrant platform at neuralgrant.com. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our Service or interact with our website.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, and authentication credentials via Google OAuth or email/password (powered by Firebase Authentication).

1.2 Waitlist Information

If you join our waitlist, we collect your email address and optionally your organization name and role.

1.3 Organization Data

When you use the Service, you may provide your nonprofit's EIN, organization name, and mission description. We use this to retrieve and analyze publicly available IRS 990 filing data associated with your organization.

1.4 Usage Data

We collect information about how you interact with the Service, including chat messages and queries sent to our AI, search history, features used, session duration, and credit consumption.

1.5 Billing Data

We store your subscription plan, credit balance, and transaction history. Payment processing is handled by our third-party payment processor; we do not store full credit card numbers.

1.6 Technical Data

We automatically collect your IP address, browser type and version, device information, operating system, and referring URLs when you access the Service.

2. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process your queries through our AI models to generate grant intelligence
  • Manage your account, subscription, and credit balance
  • Send transactional communications (account confirmations, billing receipts, service updates)
  • Send marketing communications about NeuralGrant (with your consent; you may opt out at any time)
  • Analyze usage patterns to improve the platform
  • Detect, prevent, and address fraud, abuse, and security issues
  • Comply with legal obligations

3. Artificial Intelligence & Data Processing

The Service uses artificial intelligence, including Google Gemini, to analyze data and generate grant intelligence outputs. When you interact with the Service:

  • What data goes to the AI: Your queries, organization information, and relevant IRS 990 data are sent to AI models for processing
  • AI-generated outputs: The AI produces funder matches, peer benchmarks, readiness scores, and strategy recommendations based on your inputs and public data
  • Training data: Your personal data and chat inputs are not used to train our AI models. We may use anonymized, aggregated usage patterns to improve the Service
  • Automated processing: The Service uses automated processing to generate intelligence outputs. These outputs are informational and do not constitute automated decision-making that produces legal or similarly significant effects

You are interacting with an AI system when using the NeuralGrant chat interface and analysis features, not a human advisor.

4. Public IRS 990 Data

The Service analyzes IRS Form 990 tax filings, which are public records available under IRC Section 6104. This includes nonprofit financial data, officer and director information, program descriptions, and (for private foundations) grant recipient details. We do not disclose Schedule B contributor information for non-private foundations.

5. How We Share Your Information

We share your information with the following categories of recipients:

  • Infrastructure providers: Google Cloud Platform (hosting, Firestore database, Firebase Authentication, BigQuery data warehouse, Cloud Functions)
  • AI providers: Google Gemini for AI-powered analysis
  • Payment processors: For subscription billing and credit purchases
  • Analytics providers: To understand Service usage and performance
  • Legal compliance: When required by law, subpoena, or court order, or to protect our rights, safety, or property

We do not sell your personal information. We do not share your personal information for targeted advertising purposes.

6. Data Retention

We retain your account information for as long as your account is active. Chat session data is retained to provide continuity in your research. Billing records are retained for a minimum of 24 months for compliance purposes. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

7.1 All Users

  • Access and download your personal data
  • Correct inaccurate personal data
  • Delete your account and personal data
  • Opt out of marketing communications

7.2 California Residents (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect, the right to delete, the right to correct, and the right to opt out of the sale or sharing of personal information. We do not sell personal information. To exercise your rights, contact us at marko@neuralgrant.com. We will respond within 45 days.

7.3 Colorado Residents

Colorado residents have rights under the Colorado Privacy Act and the Colorado AI Act, including the right to access, correct, delete, and opt out of targeted advertising and profiling. We disclose our use of AI in Section 3 above as required by the Colorado AI Act.

7.4 Other US State Privacy Laws

Residents of Virginia, Connecticut, Utah, Oregon, Texas, Montana, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Tennessee, Minnesota, Maryland, Indiana, Kentucky, and Rhode Island may have similar rights under their respective state privacy laws. Contact us to exercise any applicable rights.

7.5 European Economic Area (GDPR)

If you are located in the EEA, you have rights under the General Data Protection Regulation including the right to access, rectification, erasure, data portability, restriction of processing, and the right to object to automated decision-making. Our legal basis for processing is contract performance (to provide the Service), legitimate interest (to improve the Service), and consent (for marketing). You may contact us or your local data protection authority to exercise your rights.

8. Cookies & Tracking

We use essential cookies for authentication and session management. We may use analytics cookies to understand how the Service is used. You can control cookie preferences through your browser settings. We honor Global Privacy Control (GPC) signals.

9. Data Security

We implement industry-standard security measures including encryption in transit (TLS) and at rest, Firebase Authentication for secure access, role-based access controls, and regular security reviews. While we take reasonable measures to protect your data, no method of transmission or storage is 100% secure.

10. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

11. International Data Transfers

Your data is processed and stored in the United States on Google Cloud Platform infrastructure. If you access the Service from outside the US, your information will be transferred to and processed in the US. For EEA users, we rely on Standard Contractual Clauses as our legal mechanism for data transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 30 days before they take effect. The “Last updated” date at the top reflects the most recent revision.

13. Contact Us

For questions about this Privacy Policy or to exercise your privacy rights, contact us at: