Legal

Privacy policy

How Nordbrief collects, uses, and protects your data. No surveillance capitalism. No data brokering. Just what the service needs to function.

Honest note

Nordbrief does not sell data, run ads, or train models on your grant content. If that ever changes, every user will be notified individually.

01Data controller

Nordbrief is operated by Impact Node Oy, a Finnish limited company. The controller for your personal data is Impact Node Oy.

Impact Node Oy

c/o Nordbrief

Helsinki, Finland

privacy@nordbrief.fi

02What we collect
Account dataEmail, name, and authentication credentials. Stored hashed and encrypted.
Grant contentApplication drafts, budgets, notes, and progress data you enter. Belongs to your organisation, not us.
Usage dataAnonymous product analytics to improve the service. No third-party tracking pixels.
CookiesEssential cookies only for authentication and preferences. Optional analytics with explicit consent.
03Your rights

Under GDPR you have the following rights regarding your personal data:

  • Right to access your data
  • Right to rectify inaccurate data
  • Right to erasure (right to be forgotten)
  • Right to data portability
  • Right to object to processing
  • Right to restrict processing

To exercise any of these rights, contact us at privacy@nordbrief.fi. We respond within 30 days.

04Data retention

We retain your data as long as your account is active. After account closure, personal data is deleted within 90 days unless legal obligations require longer retention. Grant content is retained according to your organisation's instructions.

05Sub-processors

We use a small number of EU-based sub-processors for hosting, authentication, and analytics. See our sub-processors page for the full list with data handling details.

06Changes

We will notify you of material changes to this policy via email at least 30 days before they take effect.

Last updated: 20 April 2026

Read our privacy policy