Privacy Policy

    Last updated: February 24, 2026

    1. Introduction

    Welcome to Gratefully. We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you about how we look after your personal data and tell you about your privacy rights and how the law protects you.

    2. Data We Collect

    We may collect, use, store and transfer different kinds of personal data about you:

    • Identity Data: first name, last name, username
    • Contact Data: email address, telephone numbers
    • Technical Data: IP address, browser type, device information
    • Usage Data: information about how you use our platform
    • Organization Data: nonprofit organization details and mission information
    • Website Content Data: publicly available content from your organization's website(s), including pages, posts, brand messaging, and other public-facing materials, collected as part of our content personalization service

    3. How We Use Your Data

    We will only use your personal data when the law allows us to. Most commonly, we will use your personal data to:

    • Provide and improve our AI-driven nonprofit insights platform
    • Communicate with you about our services
    • Analyze platform usage and improve user experience
    • Comply with legal obligations
    • Personalize AI-generated content to reflect your organization's brand voice, mission, and activities, by analyzing publicly available content from your website(s)

    4. Website Scanning & Content Use

    As part of our service, Gratefully periodically scans and indexes the publicly accessible pages and content of your organization's website(s). This allows our AI systems to generate content and insights that accurately reflect how your organization communicates with its audience. Specifically, we may collect and process:

    • Page text, headings, and article content
    • Blog posts, news updates, and event announcements
    • Mission statements, program descriptions, and impact reports
    • Publicly visible social proof, testimonials, and calls to action

    We do not access password-protected areas, donor databases, internal documents, or any non-public portions of your website. Content collected through website scanning is used exclusively to power the personalization features of our platform and is not sold or shared with third parties for any other purpose.

    You may request that we stop scanning your website at any time by contacting us. Please note that opting out may reduce the quality of AI-generated content personalization within your account.

    5. Cookies & Tracking

    We use cookies and similar tracking technologies to track activity on our platform and hold certain information. Cookies are files with small amounts of data that may include an anonymous unique identifier. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. If you do not accept cookies, some portions of our platform may not function properly.

    We use the following types of cookies:

    • Strictly Necessary Cookies: required for the platform to function
    • Analytics Cookies: help us understand how users interact with our platform
    • Preference Cookies: remember your settings and personalization choices

    6. Data Security

    We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.

    7. Data Retention

    We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. Website content data collected through scanning is refreshed periodically and prior versions are not retained indefinitely.

    8. Your Rights

    Under certain circumstances, you have rights under data protection laws in relation to your personal data:

    • Request access to your personal data
    • Request correction of your personal data
    • Request erasure of your personal data
    • Object to processing of your personal data
    • Request restriction of processing your personal data
    • Request transfer of your personal data
    • Right to withdraw consent
    • Request that we cease scanning your organization's website and delete any indexed content

    9. Third-Party Services

    Our platform may contain links to third-party websites and integrations with third-party services. We are not responsible for the privacy practices of those third parties and encourage you to review their privacy policies. We do not sell your personal data or your organization's website content to any third party.

    10. Changes to This Privacy Policy

    We may update this privacy policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the platform after any changes constitutes acceptance of the updated policy.

    11. Contact Us

    If you have any questions about this privacy policy or our privacy practices, please contact us through our contact form or email us at legal@gratefully.io.