EuroGrant
HomeEventsServicesExpertsPricingAboutBlogContact

Categories

Erasmus+ ProgramsHorizon EuropeAI & Funding Application SupportCERV ProgrammeEU Grant ManagementPartnership Development

Free Tools

Budget PlannerFREEAction ExplorerFREEEligibility CheckerFREEProject Results DBFREEPartner FinderFREEKA ComparisonFREEIdea GeneratorFREEPIF AnalyzerFREEFunding DatabaseFREETÜBİTAK Programme FinderFREEKOSGEB Support FinderFREEINTERREG Programme FinderFREEADB Eligibility CheckerFREEAgricultural Products Promotion (AGRIP)FREEJustice Programme (JUST)FREEDigital Europe ProgrammeFREEEuropean Defence Fund (EDF)FREEDevelopment Agency FinderFREECountry-Specific ProjectsFREE

Pro — Planning & Analysis

AI Abstract GeneratorPROConsortium BuilderPROWP PlannerPROTimeline GeneratorPROEvaluation AssessmentPROSMART ObjectivesPROImpact FrameworkPROPartner CompatibilityPRORisk RegisterPROHorizon Europe PlannerPROCERV Project DesignerPROCreative Europe PlannerPROAsia-Pacific Funding PlannerPROIPA III CBC DesignerPRO

Pro — Writing & Quality

Dissemination PlanPROLanguage CheckerPRONeeds AnalysisPROSustainability PlanPROQuality Score CalculatorPROAll Pro Tools →

Language

Log InSign Up
Back to Home

Privacy Policy

Last updated: April 2026

Your privacy matters. This policy explains how EuroGrant Consulting collects, uses, and protects your personal data in full compliance with the EU General Data Protection Regulation (GDPR — Regulation 2016/679) and the ePrivacy Directive.

1. Data Controller

EuroGrant Consulting is a service operated by Kodvalley, MB ("we", "us", "our"), a small partnership registered in Lithuania, which acts as the data controller responsible for your personal data processed through this website and our services.

Legal entity: Kodvalley, MB · JAR code: 306329532 · Registered address: Laisvės pr. 60-1107, LT-05120 Vilnius, Lithuania

Contact: [email protected] · +370 659 95 038

You have the right to lodge a complaint with your national supervisory authority at any time. A list of EU data protection authorities is available at: edpb.europa.eu

2. Data We Collect and Why

We collect only the minimum data necessary for the purposes described below (data minimisation principle, Art. 5(1)(c) GDPR):

  • Account data (name, email, organisation): To create and manage your account, deliver services, and communicate with you. Legal basis: contract performance (Art. 6(1)(b) GDPR).
  • Transaction data (subscription plan, payment status, order reference): To fulfil your subscription and comply with financial record-keeping obligations. We do not store card details — payments are processed by Stripe Inc. (PCI-DSS Level 1 certified). Legal basis: contract performance + legal obligation (Art. 6(1)(b)(c) GDPR).
  • Usage data (tool interactions, login timestamps, IP address, browser type): To ensure platform security, prevent fraud, and improve our services. Legal basis: legitimate interests (Art. 6(1)(f) GDPR).
  • Communication data (inquiry form submissions, support messages): To respond to your enquiries. Legal basis: legitimate interests (Art. 6(1)(f) GDPR).
  • AI tool inputs (text you enter into our AI-powered tools): Processed transiently to generate outputs. We do not store AI tool inputs beyond the session unless you explicitly save them. Legal basis: contract performance (Art. 6(1)(b) GDPR).
  • Cookie data: See Cookie Policy below.

3. Legal Bases for Processing (GDPR Art. 6)

  • Art. 6(1)(a) — Consent: Marketing emails, non-essential cookies (opt-in only; you may withdraw at any time)
  • Art. 6(1)(b) — Contract performance: Account management, service delivery, subscription billing
  • Art. 6(1)(c) — Legal obligation: Tax records, financial reporting (7-year retention per EU accounting directives)
  • Art. 6(1)(f) — Legitimate interests: Security, fraud prevention, analytics, service improvement

4. Data Retention

  • Account data: Retained until account deletion + 30 days (for recovery purposes)
  • Transaction and billing records: 7 years (EU accounting and tax law obligation)
  • Inquiry/support data: 2 years from last contact
  • Session tokens: 30 days from last login
  • AI tool inputs: Session only (not persisted unless saved by user)
  • Server logs (IP, access): 90 days

5. Your Rights Under GDPR

You have the following rights, exercisable free of charge by contacting [email protected]. We will respond within 30 days (Art. 12 GDPR):

  • Right of access (Art. 15): Obtain a copy of your personal data
  • Right to rectification (Art. 16): Correct inaccurate or incomplete data
  • Right to erasure (Art. 17): Request deletion of your data ("right to be forgotten"), subject to legal retention obligations
  • Right to restriction (Art. 18): Limit how we process your data
  • Right to data portability (Art. 20): Receive your data in a machine-readable format
  • Right to object (Art. 21): Object to processing based on legitimate interests
  • Right to withdraw consent (Art. 7(3)): Withdraw marketing consent at any time without affecting prior processing
  • Right to lodge a complaint: Contact your national data protection authority

6. Third-Party Processors

We use the following sub-processors, each bound by GDPR-compliant Data Processing Agreements (DPAs):

  • Stripe Inc. (USA) — Payment processing. Transfers covered by EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs). PCI-DSS Level 1 certified.
  • EuroGrant Platform (hosting infrastructure) — EU-based servers. Encrypted at rest and in transit.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

7. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), we ensure adequate safeguards through Standard Contractual Clauses (SCCs) as approved by the European Commission (Commission Decision 2021/914/EU) or other appropriate transfer mechanisms.

8. Security Measures

We implement appropriate technical and organisational measures (Art. 32 GDPR) including:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • bcrypt password hashing (never stored in plaintext)
  • Role-based access controls and principle of least privilege
  • Regular security reviews and vulnerability assessments

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours (Art. 33 GDPR) and affected individuals without undue delay (Art. 34 GDPR).

9. AI-Powered Tools — Special Notice

Our platform includes AI-powered tools (Project Idea Generator, PIF Analyzer, Abstract Generator, etc.). When you use these tools:

  • Text inputs are processed to generate outputs and are not stored beyond the session unless you explicitly save them
  • Outputs are AI-generated suggestions and do not constitute professional advice
  • Do not enter special categories of personal data (Art. 9 GDPR) into AI tools (e.g., health data, political opinions, ethnic origin)
  • Do not enter personal data of third parties without their consent

EuroGrant Consulting · [email protected]