Security & privacy
Your business data, handled like it matters
Businesses tell us their turnover, plans and funding needs. That deserves plain answers about where the data goes — here they are, without the legal fog.
Our practices
What we do — and deliberately don't do
We collect only what the product needs
Your audit answers (sector, size, location, funding goals), contact details, and — if you create an account — saved grants, drafts and monitoring preferences. No documents are required to run an audit.
Your data is not sold or shared for marketing
Audit answers are used to run your matches, generate your report and contact you about your audit. That's it. No reselling, no third-party marketing lists.
Access is controlled by design
Account data is isolated per user with database-level row security — one user can never read another's saved grants, drafts or alerts. Admin access is restricted and credential-protected.
Infrastructure
The platform runs on established cloud providers with encryption in transit (HTTPS everywhere). Data is stored in the UK/EU region. Full subprocessor list available on request.
Retention and deletion
Ask us to delete your data and we will remove your account, audits and drafts. Retention periods for lead records are being formalised — contact us for the current position.
Questions answered by a person
Data questions go to info@ymequity.com and are answered directly — not by an autoresponder.
Privacy notice
The formal bit, kept readable
GrantFlow Intelligence processes business and contact information you provide in order to assess grant eligibility, deliver audit reports, provide account features, and respond to enquiries. Lawful basis: performing the service you've requested, and legitimate interest in following up your enquiry. You can request access, correction or deletion of your data at any time.
Data controller: GrantFlow Intelligence (registered company details to be confirmed). Contact for data questions: info@ymequity.com. If you're unhappy with how we've handled your data, you can complain to the ICO (ico.org.uk).
Questions
Security & privacy FAQs
Do I need to upload documents to use GrantFlow?
No. The audit runs on a questionnaire alone. If you later use application support, you choose what to share and when.
Who can see my audit results?
You, and the GrantFlow team for the purpose of preparing your report and follow-up. Nobody else.
Is my data used to train AI models?
No. AI is used to analyse your answers against published scheme criteria at the time of your audit — your data isn't used to train models.
Can I get my data deleted?
Yes — email info@ymequity.com from the address you used and we'll remove your account and associated records.
Are you ISO/Cyber Essentials certified?
We don't currently claim any certifications. If that changes, it will be verifiable here — we'd rather show nothing than badges that don't stand up.