1. Who We Are
PULPA LLC is the data controller responsible for your personal data. We operate the PulpaGrants platform, which helps nonprofits, universities, and impact organizations discover and manage grant funding opportunities.
Contact: sales@pulpa.dev
Registered address: Ohio, USA
2. Data We Collect
We collect the following categories of personal data:
- Identity data: First name, last name, organization name, job title.
- Contact data: Email address, phone number.
- Usage data: Pages visited, time on site, browser type, IP address, referring URL.
- Form submissions: Any information you voluntarily submit through our lead forms or contact forms.
- Communications: Emails and messages you send us.
We do not collect sensitive personal data (e.g., health, racial origin, political opinions) unless you explicitly provide it.
3. How We Use Your Data
We use your personal data for the following purposes:
- To deliver the free guide and resources you requested.
- To send follow-up emails and educational content related to grant funding.
- To improve our website and services based on usage analytics.
- To respond to your inquiries and provide customer support.
- To comply with legal obligations.
- To prevent fraud and ensure the security of our platform.
4. Legal Basis for Processing (GDPR)
Under the GDPR, we rely on the following legal bases to process your personal data:
Consent (Art. 6(1)(a))
When you submit a form or subscribe to our communications, you provide explicit consent. You may withdraw consent at any time.
Legitimate interests (Art. 6(1)(f))
We process usage data to improve our services and prevent fraud, where our interests are not overridden by your rights.
Contract performance (Art. 6(1)(b))
When processing is necessary to deliver the service you requested.
Legal obligation (Art. 6(1)(c))
Where we are required to process data to comply with applicable law.
5. Data Sharing & Third Parties
We do not sell your personal data. We may share your data with trusted third-party service providers who assist us in operating our platform, subject to strict data processing agreements:
- Supabase: Database and authentication infrastructure (EU/US data centers).
- Resend: Transactional email delivery.
- Vercel: Website hosting and edge delivery.
- Analytics providers: Aggregated, anonymized usage analytics.
We may also disclose your data if required by law, court order, or to protect the rights and safety of our users.
6. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, or as required by law.
- Lead form submissions: retained for up to 3 years from the date of submission.
- Email communications: retained for up to 2 years.
- Usage/analytics data: retained in aggregated, anonymized form indefinitely.
When data is no longer needed, we securely delete or anonymize it.
7. Your Rights Under GDPR
If you are located in the European Economic Area (EEA) or the UK, you have the following rights regarding your personal data:
Right of access
Request a copy of the data we hold about you.
Right to rectification
Request correction of inaccurate or incomplete data.
Right to erasure
Request deletion of your personal data ("right to be forgotten").
Right to restrict processing
Request that we limit how we use your data.
Right to data portability
Receive your data in a structured, machine-readable format.
Right to object
Object to processing based on legitimate interests or for direct marketing.
Right to withdraw consent
Withdraw consent at any time without affecting prior processing.
Right to lodge a complaint
File a complaint with your local data protection authority.
To exercise any of these rights, contact us at sales@pulpa.dev. We will respond within 30 days.
9. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include:
- Encryption of data in transit (TLS/HTTPS).
- Encryption of data at rest.
- Access controls and authentication mechanisms.
- Regular security reviews and updates.
While we strive to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.
10. Children's Privacy
Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at sales@pulpa.dev and we will delete it promptly.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by updating the "Last updated" date at the top of this page and, where appropriate, by sending an email notification.
We encourage you to review this policy periodically. Your continued use of our services after any changes constitutes acceptance of the updated policy.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
You also have the right to lodge a complaint with your local supervisory authority. In the EU, you can find your national data protection authority at edpb.europa.eu.