Privacy Policy

Last Updated:

1. Introduction

Trellis ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service, which aggregates UK funding opportunities and matches them with companies using artificial intelligence.

By using Trellis, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

2. Information We Collect

2.1 Information You Provide to Us

We collect information that you provide directly to us, including:

  • Account Information: Email address, name (optional), and password when you create an account
  • Company Information: Company details, including company numbers, names, addresses, and other business information you add to your account
  • Funding Search Data: Criteria and preferences you set for funding searches, including uploaded files and notes
  • Profile Preferences: Theme preferences and other user settings
  • Communication Data: Information you provide when contacting us for support

2.2 Information We Collect Automatically

When you use Trellis, we automatically collect certain information, including:

  • Usage Data: Information about how you interact with our service, including pages visited, features used, and time spent
  • Device Information: Browser type, operating system, IP address, and device identifiers
  • Session Data: Login sessions, authentication tokens, and security-related information
  • Log Data: Server logs, error reports, and diagnostic information

2.3 Information from Third Parties

We may collect information from third-party sources, including:

  • Companies House: Public company information when you add companies to your account
  • 360Giving: Public grant data for companies that have received funding
  • Grant Providers: Public grant information from UKRI, NIHR, Catapult, and Innovate UK

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Provision: To provide, maintain, and improve our services, including grant matching and company management
  • Account Management: To create and manage your account, authenticate users, and process transactions
  • Personalization: To personalize your experience, including theme preferences and customized grant recommendations
  • AI-Powered Features: To provide AI-powered matching, analysis, and recommendations based on your company and search criteria
  • Communication: To send you service-related communications, including account confirmations, password resets, and important updates
  • Security: To detect, prevent, and address security issues, fraud, and unauthorized access
  • Analytics: To analyze usage patterns, improve our services, and develop new features
  • Legal Compliance: To comply with legal obligations and respond to legal requests

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We may share information with third-party service providers who perform services on our behalf, including:

  • Cloud hosting and infrastructure providers
  • Email service providers
  • Database and analytics services
  • AI service providers (for grant matching and analysis features)

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.2 Legal Requirements

We may disclose your information if required by law or in response to valid legal requests, including:

  • Court orders, subpoenas, or other legal processes
  • Government or regulatory requests
  • To protect our rights, property, or safety, or that of our users

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

4.4 With Your Consent

We may share your information with your explicit consent or at your direction.

5. Data Storage and Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (HTTPS/TLS)
  • Secure password storage using industry-standard hashing algorithms
  • Access controls and authentication mechanisms
  • Regular security assessments and updates
  • Secure session management with HttpOnly and Secure cookie flags

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Your data is stored on secure servers, and we retain your information for as long as necessary to provide our services and comply with legal obligations.

6. Your Rights Under GDPR

If you are located in the UK or EU, you have the following rights regarding your personal data:

  • Right of Access: You can request a copy of the personal data we hold about you
  • Right to Rectification: You can request correction of inaccurate or incomplete data
  • Right to Erasure: You can request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing: You can request that we limit how we use your data
  • Right to Data Portability: You can request a copy of your data in a machine-readable format
  • Right to Object: You can object to certain types of processing of your data
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time

To exercise these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within one month.

7. Data Retention

We retain your personal information for as long as necessary to:

  • Provide our services to you
  • Comply with legal obligations
  • Resolve disputes and enforce our agreements

When you delete your account, we will delete or anonymize your personal data, except where we are required to retain it for legal or legitimate business purposes.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

When we transfer data internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions, to protect your information in accordance with this Privacy Policy and applicable law.

9. Children's Privacy

Trellis is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information. For detailed information about our use of cookies, please see our Cookie Policy.

11. Third-Party Links

Our service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party sites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Through our Support page
  • Via email using the contact information provided in your account settings

For data protection inquiries or to exercise your GDPR rights, please clearly indicate that your request relates to data protection in your communication.

14. Supervisory Authority

If you are located in the UK or EU and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority:

By using Trellis, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of your information as described herein.