Back to App
Legal & Policies

Privacy Policy

Effective: March 1, 2025Last Updated: March 20, 2026Version 1

Privacy Policy

Company: RavDev Technologies, LLC Effective Date: March 1, 2025 Last Updated: April 4, 2026 Contact: legal@ravdevtech.com
This policy is provided for informational purposes. Consult legal counsel for jurisdiction-specific compliance.

1. Overview

RavDev Technologies, LLC ("RavDev", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use NextGen Grant OS and our related products and services ("Service").

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, organization name, role, and password (stored as a secure hash).
  • Profile Information: Professional background, funding preferences, and preferences you configure.
  • Customer Data: Documents, grant proposals, budgets, knowledge base content, and other data you upload or create within the Service.
  • Communications: Messages you send to our support team or through the Service.
  • Payment Information: Billing details collected and processed by Stripe, our payment processor. We do not store full payment card numbers.

2.2 Information Collected Automatically

  • Usage Data: Pages viewed, features used, actions taken, session duration, and frequency of use.
  • Log Data: IP address, browser type, operating system, referring URLs, and error logs.
  • Device Information: Device type, screen resolution, and browser capabilities.
  • Cookies and Similar Technologies: See our Cookie Policy for details.

2.3 Information from Third Parties

  • Single Sign-On (SSO): If your organization uses SSO, we receive authentication assertions from your identity provider, which may include your name, email, and organizational role.
  • Payment Processors: Stripe provides us with transaction status and customer IDs. We do not receive full card details.
  • AI Providers: We send content to AI model providers (OpenAI, Anthropic, optionally Azure OpenAI) for processing. When a local/on-premises AI provider is configured, content is processed entirely within your infrastructure. See Section 5 for details.

3. How We Use Your Information

We use collected information to:

  • Provide the Service: Authenticate you, process your requests, generate AI-assisted content, and deliver features.
  • Improve the Service: Analyze usage patterns, identify bugs, and develop new features.
  • Billing and Administration: Process payments, send invoices, and manage your subscription.
  • Communications: Send transactional emails (account activity, subscription updates), security alerts, and, with your consent, product updates and marketing communications.
  • Security: Detect, investigate, and prevent fraud, abuse, and security incidents.
  • Legal Compliance: Meet our obligations under applicable laws and regulations.

4. Legal Bases for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal bases for processing include:

PurposeLegal Basis
Providing the ServiceContract performance
Billing and subscription managementContract performance
Security and fraud preventionLegitimate interests
Product improvement and analyticsLegitimate interests
Marketing communicationsConsent
Legal complianceLegal obligation

5. Information Sharing and Disclosure

We do not sell your personal information. We share information only as follows:

5.1 Service Providers (Subprocessors)

We share data with trusted third-party providers who help us operate the Service:

  • Hosting & Infrastructure: Amazon Web Services / AWS (EKS, RDS, ElastiCache, S3, CloudFront — application hosting, database, and infrastructure)
  • Payment Processing: Stripe, Inc. (payment processing)
  • AI Processing: OpenAI, LLC and Anthropic, PBC (AI model inference for grant writing assistance)
  • Error Monitoring: Sentry, Inc. (application error monitoring and performance tracking)
  • Email: Transactional email delivery providers

All subprocessors are contractually obligated to protect your data and process it only on our instructions. See our Subprocessor List for the current list.

5.2 Business Transfers

If RavDev Technologies is involved in a merger, acquisition, or sale of all or substantially all of its assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

5.3 Legal Requirements

We may disclose information if required by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

5.4 With Your Consent

We may share information for other purposes with your explicit consent.

6. Data Retention

We retain personal information for as long as your account is active or as needed to provide the Service. Specific retention periods:

  • Account Data: Retained for the life of the account and 90 days after termination
  • Customer Data (proposals, documents): Retained for the life of the account and 90 days after termination
  • Usage Logs: Up to 365 days
  • Billing Records: 7 years (required for financial compliance)
  • Security Logs and Audit Trails: Up to 365 days
  • Deleted Content: Removed from production systems within 30 days; from backups within 90 days

7. Data Security

We implement industry-standard technical and organizational security measures including:

  • TLS encryption for all data in transit
  • AES-256 encryption for sensitive data at rest
  • Role-based access control (RBAC) with least-privilege principles
  • Multi-factor authentication (MFA) support
  • Regular security assessments and vulnerability scanning
  • Access logging and anomaly detection

No security measure is perfect. In the event of a data breach affecting your rights, we will notify you in accordance with applicable law.

8. Your Privacy Rights

Depending on your location, you may have the following rights:

8.1 Rights Available to All Users

  • Access: Request a copy of personal information we hold about you.
  • Correction: Request correction of inaccurate information.
  • Deletion: Request deletion of your personal information (subject to legal retention requirements).
  • Portability: Request your data in a structured, machine-readable format.

8.2 Additional Rights for EEA/UK Residents (GDPR)

  • Restriction: Request restriction of processing in certain circumstances.
  • Objection: Object to processing based on legitimate interests.
  • Withdrawal of Consent: Withdraw consent at any time where processing is consent-based.
  • Lodge a Complaint: File a complaint with your supervisory authority.

8.3 Additional Rights for California Residents (CCPA/CPRA)

  • Know: Know what personal information we collect and how it is used.
  • Delete: Request deletion of personal information.
  • Opt-Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising.
  • Non-Discrimination: Exercise privacy rights without receiving discriminatory service.

To exercise your rights, contact us at legal@ravdevtech.com or support@ravdevtech.com. We will respond within 30 days (or 45 days for complex requests).

9. Cookies

We use cookies and similar tracking technologies. For details on what cookies we use and how to manage your preferences, see our Cookie Policy.

10. International Data Transfers

RavDev Technologies is based in the United States. If you access the Service from outside the US, your information may be transferred to and processed in the United States and other countries where our service providers operate.

For transfers of personal data from the EEA, UK, or Switzerland to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms.

11. Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected such information, please contact us at legal@ravdevtech.com.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated by email or by a prominent notice in the Service at least 30 days before the change takes effect. We will seek your consent for material changes where required by law.

13. Contact Information

RavDev Technologies, LLC

Privacy Team Email: legal@ravdevtech.com General Inquiries: info@ravdevtech.com Support: support@ravdevtech.com

For EEA/UK data protection inquiries, please use the subject line: "GDPR Data Subject Request."