Privacy Policy

Last updated: March 10, 2026

GradRoots is built for trust. This Privacy Policy explains how we collect, use, and protect information about you when you use our website and fundraising platform. If you have any questions, please reach out to us using the contact details at the end of this page.

Information we collect

The information we collect depends on how you interact with GradRoots—as a customer, team member, or donor engaging with an organization using our platform. In general, we collect:

  • Account information such as your name, email address, organization details, and role when you create or are invited to a GradRoots workspace.

  • Donor and supporter data including contact details, giving history, event participation, and related stewardship activity that you or your organization choose to store in GradRoots.

  • Usage and device data such as log data, browser type, approximate location, and how you interact with features in the product. We use this to improve reliability, security, and user experience.

  • Integrations and third-party data when you connect GradRoots to other systems (for example, CRMs, email providers, or data enrichment tools), subject to the permissions you grant.

How we use information

We use the information we collect to operate, secure, and improve GradRoots, and to support the organizations that rely on us. This includes:

  • Providing and maintaining the service, such as creating and managing workspaces, processing actions taken by users, and supporting fundraising workflows.

  • Improving the product by analyzing feature usage, performance, and reliability to make GradRoots more helpful, intuitive, and secure over time.

  • Communicating with you about product updates, security alerts, and support responses. You can manage most notification preferences within your account or by using unsubscribe links in emails.

  • Supporting compliance and security including auditing, monitoring for abuse, and meeting our legal obligations where applicable.

Legal bases for processing

Where data protection laws (such as the GDPR) apply, we process personal data under one or more of the following legal bases:

  • Contract – to provide GradRoots to you or your organization and fulfill our obligations under applicable terms.

  • Legitimate interests – to operate, secure, and improve our services in ways that are proportionate and do not override your rights and freedoms.

  • Consent – where required, for example for certain marketing communications or optional integrations. You may withdraw consent at any time.

  • Legal obligations – to comply with applicable laws, regulations, and valid legal requests.

How we share data

We do not sell personal data. We share information only in the limited circumstances described below:

  • Service providers that help us deliver GradRoots (for example, hosting, analytics, communications, and security). These providers are bound by contractual obligations to protect your data.

  • Workspace collaborators where your information is shared within your organization or with others you choose to collaborate with inside GradRoots.

  • Legal and safety requirements when we reasonably believe disclosure is necessary to comply with law, enforce our terms, or protect the rights, safety, and security of our users, donors, or the public.

  • Business transfers in connection with a merger, acquisition, financing, or sale of all or a portion of our business, subject to appropriate safeguards.

Data retention and security

We retain personal data for as long as it is reasonably necessary to provide GradRoots, support your organization's use of the platform, and meet our legal, accounting, or reporting obligations. When data is no longer needed, we take steps to delete or de-identify it.

Security is a core part of our design. GradRoots uses encryption in transit and at rest, granular access controls, and logging to help protect data. No system can be perfectly secure, but we continuously work to strengthen our protections and respond to potential issues.

Your rights and choices

Depending on where you live and how you interact with GradRoots, you may have rights over your personal data, such as:

  • Accessing or receiving a copy of your personal data.

  • Correcting inaccurate or incomplete information.

  • Requesting deletion of your personal data, subject to certain limitations.

  • Objecting to or restricting certain types of processing, including direct marketing.

  • Withdrawing consent where we rely on consent.

In many cases, we act as a processor on behalf of our customers. If you are a donor or supporter of an organization using GradRoots, we may ask you to contact that organization directly so they can exercise your rights within their account.

Children's data and policy changes

GradRoots is not directed to children under 16, and we do not knowingly collect personal data from children without appropriate consent where required. If you believe a child has provided us with personal data, please contact us so we can review and take appropriate action.

We may update this Privacy Policy from time to time as our product and regulatory landscape evolve. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you through the product or by email.

Contact us

If you have questions about this Privacy Policy or how GradRoots handles personal data, you can contact us at:

GradRoots
Privacy and Data Protection
privacy@gradroots.com

GRADROOTS

The future of foundation advancement. All your fundraising and outreach in one intelligent platform.

Platform

Company

© 2026 Gradroots. All rights reserved. Built to boost your team, not replace it.