Privacy Policy
Last Updated: May 4, 2026
1. Who We Are and What This Covers
This Privacy Policy describes how NorthGrants (“we,” “us,” “our”) collects, uses, stores, and discloses personal information when you use our website at northgrants.ca (the “Service”).
We are based in British Columbia, Canada. This policy is designed to comply with:
- The federal Personal Information Protection and Electronic Documents Act (PIPEDA)
- British Columbia’s Personal Information Protection Act (PIPA)
- Canada’s Anti-Spam Legislation (CASL) for any commercial emails we send you
2. What We Collect
Information you give us directly when you submit our intake form:
- Business name
- Your name and email address
- Province
- Industry
- Annual revenue range
- Number of employees
- Business description and goals
Information about your interaction with the Service:
- IP address (used for rate-limiting and security; stored in server logs)
- Browser type and version, approximate timestamp of visit
- Links you click in emails we send (for delivery confirmation; no third-party tracking pixels)
Payment information (Pro subscribers only): We do not store your credit card or banking information. All payments are processed by Stripe. We receive only a confirmation that your payment succeeded, your subscription status, and the last four digits of your card for reference.
We do not collect:
- Social Insurance Numbers
- Government-issued ID numbers
- Banking credentials
- Any special-category personal information (health, religion, political views, etc.)
3. Why We Collect It
We use your information only for the purposes you would reasonably expect:
- To deliver your free grant report, matching your business against our program database and producing a personalized report
- To produce application frameworks, when you request them, using your business information to tailor the framework to your context
- To send service-related emails, your report, your frameworks, billing receipts, account notifications, important service changes
- To prevent abuse, rate limiting, fraud detection, enforcing our Terms
- To improve the Service, only in anonymized and aggregated form (e.g., “most-matched programs this month,” “province-level lead mix”) with no personally identifying information
We will not use your information for any other purpose without your consent.
4. Who We Share It With
We share your personal information only in the following limited circumstances:
Service providers that help us operate the Service (“data processors”):
| Provider | What they receive | Why | Where data is stored |
|---|---|---|---|
| Anthropic (Claude AI) | The contents of your intake form (business details, goals) | To generate the written portions of your report and application frameworks | United States |
| Stripe (Pro subscribers only) | Name, email, billing details | To process subscription payments | United States / Canada |
| Our email infrastructure (cPanel SMTP / email provider) | Your email address and the report/framework contents | To deliver emails to you | Canada |
| Our hosting provider (cPanel) | All data submitted, server logs | Website hosting | Canada |
Each provider is contractually bound (via their standard terms of service) to use your information only to provide services to us.
Legal requirements: We may disclose information if required by law, court order, or legitimate government request, or to protect our rights, property, or safety.
Business transfers: If NorthGrants is ever sold, merged, or its assets acquired, your information may be transferred as part of that transaction. You will be notified in advance if this happens.
We do not sell your information. We do not share your information with advertisers, marketers, or data brokers.
5. Cross-Border Transfers
Some of our service providers (notably Anthropic and Stripe) are based in the United States. This means your personal information may be processed outside of Canada and subject to the laws of other jurisdictions, including lawful access requests by foreign governments. By using the Service, you consent to this cross-border processing.
6. How Long We Keep It
- Intake form submissions: Retained indefinitely to support customer service requests (e.g., “can you resend my report”) and to improve matching accuracy in aggregate. You can request deletion at any time (see Section 8).
- Server logs (IP, user agent): 90 days
- Payment records (Pro subscribers): 7 years, as required by Canadian tax law
- Email correspondence: Indefinitely, unless you request deletion
7. How We Protect It
- All data transmission is encrypted in transit (HTTPS/TLS)
- Our WordPress installation is behind a reputable Canadian cPanel host with standard security hardening
- Access to your data is limited to the operator of NorthGrants (currently one person)
- API keys and credentials are stored in server-side configuration, not exposed to users
No system is perfectly secure. If we become aware of a breach affecting your information, we will notify you and the Privacy Commissioner of Canada as required by PIPEDA.
8. Your Rights
Under PIPEDA and BC PIPA, you have the right to:
- Access, request a copy of the personal information we hold about you
- Correction, request that we correct inaccurate information
- Deletion, request that we delete your information (we will comply unless we are legally required to retain it, e.g., for tax records)
- Withdraw consent, stop receiving emails, cancel your subscription, or ask us to stop processing your information
- Complain, contact our Privacy Officer below, and if unsatisfied, escalate to the Office of the Privacy Commissioner of Canada (priv.gc.ca) or the Office of the Information and Privacy Commissioner for BC (oipc.bc.ca)
To exercise any of these rights, email privacy@northgrants.ca. We will respond within 30 days.
9. Cookies and Tracking
We use a minimum of cookies:
- A session cookie to support form submissions
- Standard WordPress cookies if you ever log into an admin area (you won’t, unless you’re us)
We do not use:
- Google Analytics or similar third-party analytics on the public site
- Advertising pixels (Facebook, Google Ads, etc.)
- Cross-site tracking
If we add analytics in the future, we’ll update this policy and use a privacy-respecting provider (e.g., Plausible, Fathom) that does not use cookies or track individuals.
10. Email and CASL Compliance
All commercial emails we send to you (including your report and framework deliveries) include:
- Our identity and contact information
- A clear unsubscribe link (for marketing emails)
Transactional emails (your report, your framework, billing receipts) are sent under the implied consent that arises when you request them. You can still ask us to delete your record at any time.
11. Children
NorthGrants is for business owners. We do not knowingly collect information from anyone under 18. If we learn we have, we will delete it.
12. Changes to This Policy
If we make material changes, we will notify Pro subscribers by email and post the updated policy with a revised “Last Updated” date.
13. Privacy Officer and Contact
Questions, requests, or complaints:
Privacy Officer: Devin Waugh
Email: privacy@northgrants.ca
For unresolved privacy complaints, you may contact:
- Office of the Privacy Commissioner of Canada, priv.gc.ca / 1-800-282-1376
- Office of the Information and Privacy Commissioner for BC, oipc.bc.ca / 250-387-5629