EcoGrant logo

Privacy Policy

This page explains what we collect, why we collect it, how we use and share it, and your choices. If local law is stricter, the stricter rule applies.

Effective:

Scope

This policy covers our public website and the contact functionality that routes inquiries to our team. It doesn’t cover third‑party sites that link here or services with their own privacy terms.

Data we collect

You provide

Contact details (name, email, phone, organization)

Messages and any files you attach

Collected automatically

IP address, device/browser info, referrer

Pages viewed and basic usage metrics

Bot‑protection signals (e.g., Turnstile verification result)

We treat anything that can reasonably identify a person as “personal data.” Don’t send sensitive info (e.g., SSNs) via open forms.

How we use data

Operate & respond. We use your details to reply and run the site.

Protect. We prevent spam, fraud, and abuse; and secure our systems.

Improve. We refine content and user experience.

Comply. We follow laws and enforce terms.

EEA/UK visitors: legal bases include legitimate interests (running a secure site), contract (responding to your requests), and consent where required.

How we share

We don’t sell personal information. We share only as needed to operate and secure the service.

Cloudflare — hosting, CDN, security, Turnstile
Resend — sends contact‑form emails to our team
Google Workspace — receives those emails via a Google Group
Law enforcement or regulators as required by law or to protect rights, safety, and security

Cookies & similar technologies

We use essential cookies and security tokens (e.g., Turnstile) to run and protect the site. We do not use third‑party advertising cookies. If we add analytics or new cookies, we’ll update this page.

“Do Not Track” (DNT): there’s no single standard for responses, so we don’t change behavior solely based on DNT signals.

Retention

We keep personal data only as long as needed for the purposes above, then delete or de‑identify it. Factors include legal requirements, security, and operational needs.

Security

We apply reasonable technical and organizational measures (TLS in transit, access controls, bot‑mitigation). No system is perfectly secure—please report suspected issues promptly.

Your rights

All users

Access, update, or delete your information

Opt out of non‑essential emails

EEA/UK (GDPR)

Object or restrict processing; data portability

Complain to a data protection authority

California (CPRA/CCPA)

Access, deletion, correction

Opt out of “sale” or “sharing” (cross‑context ads)—we don’t sell or share

To exercise rights, email hello@ecogrant.io. We may need to verify your identity to process requests.

International data transfers

We may process data in the United States and other locations where our providers operate. When required, we use appropriate safeguards (e.g., standard contractual clauses).

Children’s privacy

Our services aren’t directed to children under 13, and we don’t knowingly collect their personal information. If you believe a child provided information, contact us and we’ll delete it.

Changes to this policy

We’ll update this page when practices change and post a new effective date.

Contact us

Email: hello@ecogrant.io

For security or privacy questions, include “Privacy” in the subject.

Current processors

Provider Purpose Notes
Cloudflare Hosting, CDN, security, Turnstile Essential
Resend Transactional email Essential
Google Workspace Mail distribution Essential

If we add analytics or new vendors, we’ll list them here and update the effective date.

Back to top