Privacy Policy

    Effective Date: March 13, 2026

    SciRise, Inc. ("SciRise," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, share, and protect information when you use our foundation intelligence platform ("Service") available at scirise.ai.

    1. Information We Collect

    1.1 Account Information

    When you create an account, we collect:

    • Email address (used as your login identifier)
    • Name (first and last)
    • Organization name, city, state, and EIN (for nonprofits)
    • Institution affiliation and department (for universities)
    • Password (stored using industry-standard bcrypt hashing; we cannot view your password)

    1.2 User-Created Content

    As you use the Service, you may create content including:

    • Saved foundation portfolios and bookmarks
    • Notes, progress tracking, and application details for foundations
    • Funding priorities and associated keywords
    • Foundation assignments to team members
    • Feedback on recommendations (ratings and comments)
    • Custom opportunities

    1.3 Usage Data and Analytics

    We collect usage data to improve the Service:

    • Log information (access times, browser type, IP address)
    • Pages visited and features used
    • Events such as button clicks, feature interactions, and navigation patterns

    We use Google Analytics 4 (GA4) to collect this data in aggregate. GA4 may use cookies or similar technologies to track usage patterns. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

    1.4 Cookies

    The Service uses cookies for session management (to keep you logged in) and security (CSRF protection). These are essential cookies required for the Service to function. We also use Google Analytics cookies for usage analytics as described above.

    1.5 Information We Do Not Collect

    We do not collect or store protected health information (PHI), student education records, financial account numbers, or government-issued identification numbers.

    2. How We Use Your Information

    We use your information for:

    • Authenticating your identity and managing your account
    • Providing foundation matching, peer benchmarking, and portfolio features
    • Processing AI-powered features (application screening and board/staff connection analysis) when you use them
    • Sending transactional emails (account verification, password resets, and service notifications)
    • Monitoring and improving system performance and user experience
    • Responding to support requests

    We do not use your data for advertising, profiling, or sale to third parties.

    3. Third-Party Service Providers

    We share limited information with the following service providers, solely to operate the Service:

    • OpenAI: When you use AI-powered features (application process screening, board/staff connection analysis), relevant organizational context (organization name, mission, personnel names) is sent to OpenAI for processing. OpenAI processes this data under their API data usage policy and does not use it to train their models.
    • Stripe: If you subscribe to a paid plan, your email address and subscription details are processed by Stripe for payment. We do not store your credit card number. Stripe's privacy policy governs their handling of payment data.
    • SendGrid: Your email address is shared with SendGrid to deliver transactional emails (verification, password reset, notifications).
    • Supabase: Your account data and user content are stored in a PostgreSQL database hosted by Supabase.
    • Google Analytics: Anonymized usage events and page views are collected by Google Analytics 4 as described in Section 1.3.

    We do not sell, rent, or trade your personal information. We may disclose information if required to comply with legal obligations or to protect the rights, property, or safety of SciRise, the Service, or others.

    4. Public Data on the Platform

    The Service displays information about foundations, their grants, and their board members and officers. This data is derived from publicly available IRS tax filings (Forms 990 and 990-PF) and is not collected from users. Individuals named in foundation records are public figures appearing in tax filings, not users of the Service.

    5. Data Security

    We use reasonable administrative, technical, and physical safeguards to protect your information:

    • Passwords are stored using bcrypt hashing (we cannot view your password)
    • All communication is encrypted via HTTPS/TLS
    • Sessions are managed with encrypted cookies and CSRF protection
    • Authentication endpoints are rate-limited to prevent abuse

    6. Data Retention

    We retain your information as follows:

    • Account information and user content: Retained while your account is active and for a reasonable period after deletion to allow for account recovery.
    • AI response cache: AI-generated results are cached for up to 24 hours to avoid redundant processing, then automatically expired.
    • Usage analytics: Retained in aggregate form as governed by Google Analytics' data retention settings.

    7. Your Rights

    You have the right to:

    • Access: Request a copy of the personal information we hold about you.
    • Correction: Update or correct inaccurate account information through your account settings or by contacting us.
    • Deletion: Request deletion of your account and associated personal information by contacting support@scirise.ai.
    • Opt-out of analytics: Disable Google Analytics tracking using the browser opt-out add-on linked in Section 1.3.
    • Unsubscribe: Opt out of non-essential email communications using the unsubscribe link in any email or through your account settings.

    To exercise these rights, contact us at support@scirise.ai. We will respond within 30 days.

    8. Accessibility

    SciRise is committed to providing an accessible platform and strives to comply with WCAG 2.1 and Section 508 standards. Contact us at support@scirise.ai with any accessibility feedback.

    9. Regulatory Non-Applicability

    The Service is not intended to process student education records or other information regulated by FERPA, GLBA, HIPAA, or similar frameworks. Users should not upload or store such regulated information on the Service.

    10. International Users

    If you access the Service from outside the United States, your information may be transferred to and processed in the United States. By using the Service, you consent to this transfer. Our service providers may also process data in their respective jurisdictions as described in Section 3.

    11. Children's Privacy

    The Service is not intended for use by children under the age of 16. We do not knowingly collect personal information from children.

    12. Changes to This Policy

    We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. For material changes, we will notify you via email or a prominent notice on the Service. Your continued use of the Service after changes constitutes acceptance of the updated policy.

    13. Contact Us

    For questions, data requests, or privacy concerns, contact us at: support@scirise.ai

    Questions?