Privacy Policy

Last updated: April 21, 2026

Bespoke Grants ("Bespoke Grants," "we," "our," or "us") operates the website bespokegrants.ai and the related application (the "Service"). This Privacy Policy explains what information we collect, how we use it, and the choices you have.

This document is a starting template. You should have an attorney review it before publishing. It is not legal advice.

1. Information we collect

Account information. When you create an account we collect your email address. We do not collect passwords — authentication is handled through a magic link sent to your email.

Organization profile. You may voluntarily provide information about your nonprofit, including: organization name, website, EIN, mission statement, focus areas, populations served, service areas, annual budget range, and city and state. We use this information to match you with relevant funders and to tailor generated Letters of Inquiry.

Usage data. We collect information about how you use the Service, including: searches you run, funders you add to your pipeline, and Letters of Inquiry you draft. We use this to operate the Service and improve retrieval and ranking quality.

Payment data. If you purchase a paid plan, payment is processed by Stripe. We do not store your credit-card numbers. Stripe returns us a subscription identifier and a customer reference we associate with your account.

Error and performance data. We use Sentry to collect application error reports. These may include your user ID, the URL you were on, and a stack trace of the error, but are configured to omit form contents.

Cookies and similar technologies. We use a minimal set of cookies and browser storage required to keep you signed in. We do not use advertising cookies.

2. How we use information

To provide, operate, and maintain the Service.
To match your organization profile with funders in our database.
To generate drafts of outreach materials (including Letters of Inquiry) at your explicit request, using third-party large language models (see Section 4).
To enforce plan limits (e.g., daily LOI draft cap).
To detect and prevent abuse, fraud, and misuse of the Service.
To communicate with you about the Service and respond to support requests.

We do not sell your personal information or your organization profile to third parties.

3. Third-party services ("sub-processors")

We share the minimum information necessary with:

Supabase — database, authentication, and edge functions. Data is stored in Supabase's managed Postgres in the United States.
Stripe — payment processing.
Anthropic (Claude) — the large language model we use to rank funders and draft outreach materials. When you run a search or draft an LOI, the prompts we send include your search query, relevant portions of your organization profile, and publicly available funder metadata. Anthropic's API terms prohibit training on customer inputs.
Vercel — web hosting for the Service.
Sentry — error monitoring.
Google Maps Places API — for the service-area autocomplete in your profile.

4. AI-generated content

Parts of the Service (search ranking, LOI drafting) use third-party large language models. Generated content is a suggestion; you are responsible for reviewing and editing anything before you send it to a funder. Bespoke Grants makes no warranty as to the accuracy, tone, or effectiveness of generated content.

5. Data about funders and grants

Funder information in our database is derived from publicly available IRS filings (Form 990-PF and Form 990 Schedule I) published at apps.irs.gov/pub/epostcard/990/xml. We do not purchase funder contact information from commercial databases.

6. Retention

Account data is retained for as long as your account is active.
Pipeline and LOI drafts are retained for as long as your account is active or until you delete them.
Usage logs are retained for up to 24 months for abuse prevention and product improvement.
When you delete your account, we delete or anonymize your data within 30 days, except where we are required to retain it for legal or accounting reasons.

7. Your choices and rights

Access and correction. You can view and update your organization profile at any time in the Profile page.
Deletion. You can delete individual pipeline items and LOI drafts from within the Service. To delete your account entirely, email support@bespokegrants.ai.
Export. Email us and we'll provide your pipeline and LOI drafts in CSV or JSON.
California and EU residents. You may have additional rights under the CCPA, CPRA, or GDPR, including the right to know what personal information we hold about you, the right to have it deleted, and the right to non-discrimination for exercising these rights. Email us to exercise any of these rights.

8. Security

We protect your data with industry-standard practices, including encryption in transit (HTTPS), encryption at rest (Supabase/Postgres), row-level security policies that isolate your data from other customers, and principle-of-least-privilege access for our team. No method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

9. Children's privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13.

10. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you by email or through the Service before the changes take effect. Continued use of the Service after an update constitutes acceptance of the updated policy.

11. Contact

Questions or requests: support@bespokegrants.ai.