Privacy Policy

Last updated: 13 June 2026

1. Who we are

SmartGrants LeadFlow is operated by Solutions Intelligentes SmartGrants Sougou Inc. ("SmartGrants", "we", "us"), a corporation registered in Quebec, Canada, with registered address 1436 MacKay, Montreal, QC, H3G 2H8, Canada. SmartGrants LeadFlow ("the Platform") is the AI-powered B2B prospecting and outreach service operated at leadflow.smartgrants.io.

For data submitted by tenants (their account information, sender configurations and campaign content), SmartGrants is the data controller. For prospect data that a tenant sources and processes through the Platform, the tenant is the controller and SmartGrants acts as a processor under a written Data Processing Addendum (DPA).

Contact: privacy@smartgrants.io · 1436 MacKay, Montreal, QC, H3G 2H8, Canada.

2. Scope of this Policy

This Policy applies when:

  • you visit leadflow.smartgrants.io or our marketing properties;
  • you create a tenant account, start a free trial, or pay for a subscription;
  • you connect a Google account to send email through the Platform;
  • you use the Platform to source, enrich, validate or contact B2B prospects.

3. Personal data we process

3.1 Data you give us directly

  • Account data: name, work email, organization, password (hashed).
  • Billing data: billing contact, address, tax identifiers and transaction history (full card numbers are held by our PCI-compliant payment processor, not by SmartGrants).
  • Sender configuration: Google OAuth tokens authorizing the Platform to send email on your behalf, plus your configured signature, CC and reply-to addresses.
  • Communications: messages you send us via email, chat or support tickets.

3.2 Data processed on behalf of tenants

  • Prospect profile data: name, work email, job title, company, LinkedIn URL, and other professional information sourced from Apollo or supplied by the tenant.
  • Campaign content: the personalized email body, subject line, send timestamp, delivery status and any tenant-defined merge fields.
  • Workflow metadata: n8n execution logs, retry counts, success/failure markers and audit entries.

4. How and why we use personal data

  • Provide the Platform — account provisioning, hosting, support, billing. Legal basis: performance of contract.
  • AI personalization — generate email drafts using Anthropic Claude based on prospect data the tenant has sourced. Documented in §5 below. Legal basis: processor instructions.
  • Send email — deliver tenant-authored outreach to prospects via the tenant's connected Gmail account. Legal basis: tenant instruction.
  • Security, fraud prevention, audit logging — legitimate interests.
  • Billing, accounting, tax compliance — legal obligation.
  • Marketing about our own services — consent or legitimate interests with opt-out.

5. How we use Artificial Intelligence

5.1 What AI does on the Platform

  • Email personalization: Anthropic Claude generates a custom email body for each prospect based on their public professional context plus your campaign brief.
  • Prospect summarization: condenses sourced prospect profiles into short structured summaries that help your team prioritize outreach.

5.2 What AI does NOT do

  • No training on your data. Tenant data sent to Anthropic via the commercial Claude API is not used to train their foundation models — this is the contractual default of the commercial Anthropic API tier we use.
  • No data sales. We do not sell personal data and do not share it for cross-context behavioral advertising.
  • No autonomous sending without your account. Email is only ever sent through your own connected Google account, under your scoped OAuth grant.

5.3 AI sub-processors

We use Anthropic, PBC (Claude API, US region) for personalization. Inputs/outputs are retained by Anthropic for a limited period in line with their commercial API terms (currently up to 30 days), and are not used for model training.

6. Who we share personal data with

  • Sub-processors: Supabase (database and authentication), Cloudflare (edge hosting), n8n (workflow execution), Apollo (B2B data enrichment), Anthropic (AI personalization), Google (email delivery via OAuth), Stripe (payments).
  • Professional advisers under duties of confidentiality.
  • Authorities where required by law or court order. We notify the affected tenant where lawful.
  • Corporate transactions in connection with a merger, financing or sale, subject to confidentiality and continuity of this Policy.

7. International data transfers

Personal data may be processed in Canada (SmartGrants operations) and the United States (Anthropic, Google, Apollo, Stripe, Cloudflare and Supabase as applicable). For EEA/UK transfers we rely on the EU Standard Contractual Clauses and the UK International Data Transfer Addendum, plus technical and organizational safeguards (encryption, access control, audit logging).

8. Data retention

  • Active accounts: data is retained for the duration of your subscription.
  • After termination: tenant data is returned or deleted within 60 days, except where retention is required by law (accounting, tax).
  • AI provider retention: Anthropic retains commercial API inputs/outputs for up to 30 days.
  • Billing records: retained as required by applicable tax law (typically 6–10 years).

9. Your rights

Depending on your jurisdiction (GDPR, UK GDPR, Quebec Law 25, PIPEDA, CPRA), you have rights to access, correct, delete, port, restrict or object to the processing of your personal data, and to withdraw consent. To exercise any of these rights, contact privacy@smartgrants.io. If you are a prospect contacted via a campaign, please reach out to the tenant who initiated the campaign in the first instance — they are the controller — and we will assist them in responding.

10. Security

See our Security page for the full list of safeguards: TLS 1.2+ in transit, AES-256 at rest, Supabase Row-Level Security for tenant isolation, OAuth-only Gmail integration, audit logging and continuous vulnerability scanning.

11. Cookies

See our Cookie Policy.

12. Changes to this Policy

We will post material changes on this page and notify tenants by email at least 14 days before they take effect.

13. Contact

Questions about this Policy or our processing: privacy@smartgrants.io.