🔒 Transparency Dashboard

We don't just promise privacy—we prove it. See exactly how we handle your data with monthly reports, security scans, and compliance metrics.

Our Zero Spam Guarantee

✅

No Email Spam

Only grant matches and deadline reminders you opt into

✅

No Data Selling

We will NEVER sell your data to third parties

✅

GDPR/CCPA Ready

Built for compliance from day one

✅

Monthly Reports

Published openly for full transparency

Monthly Transparency Reports

January 2025

Latest

Published: January 1, 2025

Data sales:0 (NEVER)

Security scans:✅ Passed

Export requests:Handled within 24hr

View Full Report →

February 2025

Report will be published February 1, 2025

March 2025

Report will be published March 1, 2025

Security & Encryption

🔒

Encryption in Transit

✓TLS 1.3 for all connections

✓HTTPS-only across entire platform

✓Perfect Forward Secrecy enabled

✓HSTS (HTTP Strict Transport Security)

🔐

Encryption at Rest

✓AES-256 database encryption (Supabase)

✓Encrypted backups with automatic rotation

✓Bcrypt password hashing (never plain text)

✓Encrypted file storage for documents

🛡️

Access Controls

✓Row-Level Security (RLS) in PostgreSQL

✓Least-privilege access for all systems

✓API key rotation every 90 days

✓Multi-factor authentication for admin access

🔍

Monitoring & Logging

✓All data access logged with audit trail

✓Real-time intrusion detection

✓Automated alerting for anomalies

✓90-day log retention for forensics

Automated Security Scanning

✅

All Scans Passed

Last run: December 14, 2025 • Runs before every deployment

Security Check	Tool	Results	Status
Secret Detection	Gitleaks	149 commits scanned, 0 secrets found	✅ Passed
Static Analysis (SAST)	Semgrep	198 security rules, 0 critical findings	✅ Passed
Dependency Vulnerabilities	Trivy	0 high/critical vulnerabilities	✅ Passed
Database Security	Supabase Test	258 tests passed, no schema errors	✅ Passed
Code Quality	Biome (Ultracite)	Linting & formatting enforced	✅ Passed

Continuous Security: These scans run automatically on every git commit via pre-push hooks, and again before every deployment. Failed scans block deployment until issues are resolved.

Compliance & Standards

🇪🇺

GDPR Ready

✓ Data protection by design
✓ 72-hour breach notification
✓ Right to deletion & portability
✓ Privacy impact assessments

🇺🇸

CCPA/CPRA Compliant

✓ No data sales (ever)
✓ Enhanced protections for minors
✓ Opt-out mechanisms
✓ Annual privacy audits

👶

COPPA Compliant

✓ Age verification required
✓ Parental consent (ages 13-15)
✓ No accounts under 13
✓ Enhanced student protections

🏛️

State Privacy Laws

✓ Virginia VCDPA
✓ Colorado CPA
✓ Connecticut CTDPA
✓ Universal opt-out (GPC)

🔒

Security Standards

✓ OWASP Top 10 coverage
✓ SOC 2 Type II (in progress)
✓ NIST framework alignment
✓ Regular penetration testing

📊

Transparency

✓ Monthly public reports
✓ Open-source security configs
✓ Real-time status page
✓ Incident disclosure policy

Privacy & Security Updates

Read our latest posts about privacy, security, and how we're building a trustworthy platform:

View Privacy & Security Blog →

How We're Different

🔒 Privacy by Design

We built privacy into our architecture from day one, not retrofitted it later. Row-level security, encryption, and access logging are core features.

📊 Radically Transparent

We publish monthly reports showing exactly how many emails we send, data requests we handle, and security scans we run. No hiding.

✅ User Control

You control what emails you receive, when, and how often. Export or delete your data anytime. No hoops to jump through.

🎯 Student-First

We're here to help students find funding, not to sell their data. Our business model is subscriptions, not surveillance.

Questions About Privacy?

We're committed to being transparent and answering your questions. Read our privacy policy or reach out directly.

Read Privacy Policy Contact Us