Privacy Policy

Last updated: 20 February 2026

Fundermatcher ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use the Fundermatcher platform, website at fundermatcher.com, and related services (the "Service").

This policy is written in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller

The data controller for the personal data processed through the Service is Gradingly Limited (trading as NoviumAI), a company registered in England & Wales under company number 12771192, with registered address at Gradingly Office, Lavant House, West Lavant, United Kingdom, PO18 9AB.

If you have any questions about how we handle your data, contact us at:

Email: support@fundermatcher.com

2. What Data We Collect

2.1 Account Data

When you create an account, we collect:

  • Your email address (used for authentication and communication).

2.2 Organisation Data

During onboarding and use of the Service, you may provide:

  • Charity name, charity registration number, and location.
  • Description of your charity's work, mission, and activities.
  • Organisation legal status, annual income, primary focus, and target population.
  • Services offered, values, and unique positioning.

2.3 Uploaded Documents

You may upload documents such as annual reports, strategic plans, and other files (PDF, DOCX, TXT, up to 20 MB). These are stored securely and processed to build your charity profile.

2.4 Chat and Application Content

When you use the AI assistant, we store your chat messages, grant application drafts, and related content to provide the Service and maintain your conversation history.

2.5 Payment Data

Payment card details are collected and processed directly by Stripe. We do not store your card numbers. We receive from Stripe your subscription status, plan type, and customer ID.

2.6 Usage Data

We automatically collect:

  • Pages visited, features used, and actions taken within the Service.
  • Browser type, device type, and operating system.
  • IP address and approximate location.
  • Referring website and how you found us.

3. How We Use Your Data

We use your data for the following purposes:

PurposeLegal Basis
Providing the Service (matching, AI chat, profile generation)Performance of contract
Processing your uploaded documents to build your charity profilePerformance of contract
Processing payments and managing subscriptionsPerformance of contract
Sending you service-related emails (magic links, account updates)Performance of contract
Improving the Service and fixing bugsLegitimate interest
Product analytics (understanding how the Service is used)Legitimate interest
Preventing fraud and abuseLegitimate interest
Complying with legal obligationsLegal obligation

4. Third-Party Data Processors

To provide the Service, we share your data with trusted third-party processors in the following categories. Each operates under its own privacy policy and data processing terms:

CategoryPurposeData Shared
Cloud infrastructureDatabase, authentication, file storageAll account, organisation, and content data
AI servicesAI matching, profile generation, chat, document analysis, grant writing assistanceOrganisation descriptions, uploaded documents, chat messages
Web research servicesReal-time web research about fundersSearch queries (funder names, charity context)
Payment processingSecure payment handlingEmail address, payment details (handled directly by provider)
Product analyticsUnderstanding how the Service is usedUsage data, anonymised interaction events
Public registersCharity register lookup and verificationCharity registration number (public data returned)

Important: When your data is sent to AI providers, it is processed on their servers to generate responses. We select providers that commit to not using customer data for model training, but we encourage you to review their respective privacy policies. As stated in our Terms of Use, do not enter sensitive or highly personal information into the Service.

5. International Data Transfers

Some of our third-party processors are based outside the UK (primarily in the United States). Where data is transferred outside the UK, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office.
  • The provider's compliance with applicable data protection frameworks.

6. Data Retention

We retain your data as follows:

  • Account and organisation data: Retained for as long as your account is active. Deleted within 90 days of account closure upon request.
  • Chat messages and application drafts: Retained for as long as your account is active. You can delete individual chats from your account.
  • Uploaded documents: Retained for as long as your account is active. Deleted upon account closure or upon request.
  • Payment records: Retained for 7 years as required by UK tax and accounting regulations.
  • Usage analytics: Aggregated and anonymised data may be retained indefinitely. Identifiable usage data is retained for up to 24 months.

7. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data (subject to legal retention requirements).
  • Right to restrict processing: Request that we limit how we use your data in certain circumstances.
  • Right to data portability: Request your data in a structured, commonly used, machine-readable format.
  • Right to object: Object to processing based on legitimate interest, including profiling.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at support@fundermatcher.com. We will respond within one month.

8. Cookies and Tracking

We use the following types of cookies and similar technologies:

  • Essential cookies: Required for authentication and basic functionality (e.g., session tokens). These cannot be disabled.
  • Analytics cookies: Used to understand how the Service is used. These help us improve the product.

We do not use advertising cookies or share data with advertising networks.

9. Data Security

We take reasonable technical and organisational measures to protect your data, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest.
  • Passwordless authentication to eliminate password-related vulnerabilities.
  • Row-level security in our database, ensuring organisations can only access their own data.
  • Regular security reviews of our infrastructure and third-party providers.

No system is completely secure. If you believe your account has been compromised, contact us immediately at support@fundermatcher.com.

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

We encourage you to contact us first at support@fundermatcher.com so we can try to resolve your concern directly.

13. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us at:

Email: support@fundermatcher.com