Skip to main content
JS Grants and Compliance Consulting

Privacy Policy

Effective: March 21, 2026

JS Grants & Compliance Consulting LLC (“JSGC,” “we,” “us,” or “our”) operates the Grant Readiness System at app.jsgrantconsulting.com and the marketing website at jsgrantconsulting.com (collectively, the “Service”). This Privacy Policy describes how we collect, use, disclose, and protect personal information when you use the Service.

1. Information We Collect

1.1 Information You Provide

  • Assessment responses: Answers to compliance assessment questions about your organization's grant management practices. These responses relate to your organization, not to you personally.
  • Contact information: Name, email address, organization name, and message content when you submit a contact form or subscribe to updates.
  • Account information: Email address and authentication credentials when you create an account.
  • Payment information: Processed by Stripe, Inc. We do not store credit card numbers, bank account numbers, or other payment instrument details on our servers. We receive from Stripe a transaction confirmation, payment amount, and the last four digits of the payment method for record-keeping.

1.2 Information Collected Automatically

  • Device and browser data: Browser type, operating system, screen resolution, language preference, and referring URL.
  • Usage data: Pages visited, features used, time spent on pages, and navigation patterns. Collected via Vercel Analytics using privacy-preserving methods that do not use cookies or collect personally identifiable information.
  • IP address: Collected at the server level for security, rate limiting, and abuse prevention. Not used for advertising or cross-site tracking. IP addresses are not stored in assessment records.

1.3 Cookies and Similar Technologies

We use essential cookies required for the Service to function: session management, authentication tokens, and privacy preference storage. We do not use advertising cookies, cross-site tracking pixels, or third-party advertising networks.

2. How We Use Your Information

  • Deliver the Service: Score your compliance assessment, generate reports, provide recommendations, and fulfill purchases.
  • Communicate with you: Respond to contact form submissions, send purchase confirmations, deliver assessment results, and provide requested follow-up.
  • Improve the Service: Analyze aggregate usage patterns to improve assessment quality, user experience, and compliance content accuracy.
  • Security and fraud prevention: Protect against unauthorized access, abuse, and fraudulent transactions.
  • Legal compliance: Comply with applicable laws, regulations, and legal processes.

Marketing communications are optional and require separate consent. If Global Privacy Control (GPC) is detected or you opt out via California Privacy Rights, marketing processing is disabled.

3. How We Use Artificial Intelligence

Your compliance score, section analysis, compliance flags, and product recommendations are calculated by JSGC's deterministic scoring algorithms. No AI model is involved in scoring or generating recommendations.

Where AI is used: When available, an AI language model (Claude, developed by Anthropic, PBC) formats a plain-language executive summary at the top of your results. This summary restates your score data in readable narrative form. It does not affect your score or recommendations.

What we send to the AI: De-identified score data only: numerical scores, tier labels, and detected compliance patterns. We do not transmit your name, email address, EIN, assessment answers, financial account information, or any other personally identifiable information to the AI system.

How Anthropic handles your data: De-identified score data is processed subject to Anthropic's privacy policy. JSGC does not use your data to train AI models.

No automated decision-making with legal effect: The assessment generates compliance recommendations but does not make legally binding decisions about your organization. All significant compliance decisions should be reviewed by a qualified professional.

Learn more about how the assessment works.

4. Information Sharing and Disclosure

We do not sell your personal information. We share information only in the following circumstances:

  • Service providers: We use third-party services to operate the platform: Vercel (hosting and analytics), Supabase (database), Stripe (payment processing), Resend (transactional email), and Anthropic (AI executive summary formatting). Each provider processes data under their own privacy policies and our data processing agreements.
  • Legal requirements: We may disclose information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

5. Data Retention

  • Assessment data: Retained for the duration of your account or subscription. Anonymous aggregate assessment data may be retained indefinitely for Service improvement.
  • Contact submissions: Retained until the inquiry is resolved, then archived for up to 3 years for business records.
  • Payment records: Transaction records retained as required by tax and financial reporting obligations (typically 7 years).
  • Privacy choice records: Opt-out preferences are retained for as long as the preference is active and for 24 months after withdrawal.

6. Data Security

We implement technical and organizational measures to protect your information, including:

  • Encryption in transit (TLS/HTTPS) and at rest for stored data.
  • Row-level security policies in our database to ensure users can only access their own data.
  • Rate limiting and input validation on all API endpoints.
  • No storage of payment card data on our servers (handled entirely by Stripe).
  • Assessment responses stored without direct identity linkage by default. Email identity is stored separately when you choose to provide it.

No system is perfectly secure. If you become aware of a security vulnerability, please contact us immediately at the address below.

7. Your Rights

7.1 All Users

You may:

  • Request access to the personal information we hold about you.
  • Request correction of inaccurate personal information.
  • Request deletion of your personal information, subject to legal retention requirements.
  • Withdraw consent for marketing communications at any time.

7.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to know: Request disclosure of the categories and specific pieces of personal information we have collected.
  • Right to delete: Request deletion of your personal information.
  • Right to opt out of sale/sharing: We do not sell personal information. You can manage your preferences at California Privacy Rights.
  • Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.
  • Global Privacy Control: We honor GPC signals as a valid opt-out request per California law.

To exercise any of these rights, contact us using the information in Section 10.

8. Children's Privacy

The Service is designed for organizations managing federal grant funds. It is not directed at children under 13 (or 16 in certain jurisdictions). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Service or by email if you have an account. The “Effective” date at the top of this page indicates when the policy was last revised. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

For privacy-related questions, data access requests, or to exercise your rights:

We will respond to verifiable requests within 45 days, as required by applicable law.