1. Introduction

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our grant application and project management platform ("Service"). We are committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR).

2. Data Controller

Data Controller: Vitor Bruno
Email: hello@vitorbruno.com
Data Protection Officer: hello@vitorbruno.com

3. Information We Collect

3.1 Personal Information

• Name and contact information (email, phone number);
• Organization details (organization number, address);
• User profile information (role, geographic location);
• Authentication credentials (managed by Firebase).

3.2 Application Data

• Grant proposals and applications;
• Project information and business cases;
• Risk analyses and assessments;
• Document uploads and generated content.

3.3 Usage Data

• Log data and access timestamps
• Feature usage patterns

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract: To provide and maintain our Service;
• Consent: When you explicitly consent to data processing;
• Legitimate Interest: For security, fraud prevention, and service improvement;
• Legal Obligation: To comply with applicable laws and regulations.

5. How We Use Your Information

• To provide, maintain, and improve our Service;
• To process grant applications and proposals;
• To generate AI-powered content and analyses;
• To send important service-related communications;
• To ensure security and prevent fraud;
• To comply with legal obligations.

6. Third-Party Services

We use the following third-party services that may process your data:

• Firebase (Google): Authentication and data storage. Data is stored in EU regions.Privacy Policy
• Stripe: Payment processing.Privacy Policy
• Resend: Email delivery service.Privacy Policy
• Google AI (Genkit): AI-powered content generation. Data is processed in EU regions.Privacy Policy

7. Data Storage and Location

Your data is stored in European Union (EU) data centers to ensure GDPR compliance. All data is encrypted in transit and at rest.

8. Data Retention

We retain your personal data for as long as necessary to:

• Provide our services to you;
• Comply with legal obligations;
• Resolve disputes and enforce agreements.

When you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal purposes.

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of Access: Request a copy of your personal data;
• Right to Rectification: Correct inaccurate or incomplete data;
• Right to Erasure: Request deletion of your data ("Right to be Forgotten");
• Right to Restrict Processing: Limit how we use your data;
• Right to Data Portability: Receive your data in a structured format;
• Right to Object: Object to processing based on legitimate interests;
• Right to Withdraw Consent: Withdraw consent at any time.

To exercise these rights, please contact us at hello@vitorbruno.com or use the data export and account deletion features in your settings.

10. Cookies

We use essential cookies for authentication and session management. You can manage cookie preferences through your browser settings.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption, access controls, and regular security assessments.

12. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at:

Email: hello@vitorbruno.com
Data Protection Officer: hello@vitorbruno.com