Privacy policy
How Nordbrief collects, uses, and protects your data. No surveillance capitalism. No data brokering. Just what the service needs to function.
Nordbrief does not sell data, run ads, or train models on your grant content. If that ever changes, every user will be notified individually.
Nordbrief is operated by Impact Node Oy, a Finnish limited company. The controller for your personal data is Impact Node Oy.
Impact Node Oy
c/o Nordbrief
Helsinki, Finland
privacy@nordbrief.fi
Account data
Email, name, and authentication credentials. Stored hashed and encrypted.
Grant content
Application drafts, budgets, notes, and progress data you enter. Belongs to your organisation, not us.
Usage data
Anonymous product analytics to improve the service. No third-party tracking pixels.
Cookies
Essential cookies only for authentication and preferences. Optional analytics with explicit consent.
Under GDPR you have the following rights regarding your personal data:
- Right to access your data
- Right to rectify inaccurate data
- Right to erasure (right to be forgotten)
- Right to data portability
- Right to object to processing
- Right to restrict processing
To exercise any of these rights, contact us at privacy@nordbrief.fi. We respond within 30 days.
We retain your data as long as your account is active. After account closure, personal data is deleted within 90 days unless legal obligations require longer retention. Grant content is retained according to your organisation's instructions.
We use a small number of EU-based sub-processors for hosting, authentication, and analytics. See our sub-processors page for the full list with data handling details.
We will notify you of material changes to this policy via email at least 30 days before they take effect.
Last updated: 20 April 2026