Security & Data Privacy
Your grant data is yours.
Proposals are sensitive — unannounced ideas, budgets, partners, and the words you sweated over. We never sell it, never share it, and never use it to train AI models. Here is how we keep it safe.
Encrypted, always
Your drafts and uploads are encrypted in transit and at rest with industry-standard encryption.
Never trains AI
Your proposals are never used to train AI models — not ours, not anyone's.
Yours to delete
Delete your data whenever you want. We keep only what the law requires us to.
EU-based, GDPR-first
Operated from Estonia, in the EU. GDPR is the baseline, not an add-on.
Your data belongs to you
Everything you put into Joltoo — your RFPs, drafts, answers, and uploads — is yours. We use it only to give you the result you asked for. We never sell it, never share it with other customers, and never repurpose it.
There is no secondary use of your work: no aggregating, anonymizing, or mining it to improve our product. Full stop.
AI that doesn't learn from you
Joltoo's writing help is powered by leading, enterprise-grade AI. Under the terms we operate on, your content is not used to train AI models. Your proposals help you win funding — they don't become training data for anyone.
Encryption
All traffic between you and Joltoo is encrypted in transit, and everything we store — documents, drafts, and account data — is encrypted at rest, using strong, industry-standard encryption.
Where your data lives
Joltoo is operated by Waveup OÜ, a company registered in Estonia, in the EU. We take an EU-first approach to hosting and storage, and we work only with reputable, security-vetted infrastructure providers under data-protection agreements.
Access and separation
Your organization's data is kept separate from every other customer's, and access inside your team is limited by role. Sign-in is protected with email verification and secure password handling.
Your rights and data deletion
Under GDPR you can ask to access, correct, export, or delete your personal data. You can remove your content from your account at any time, and you can close your account and ask us to erase your data entirely.
Deletion is permanent and can't be undone. We keep a limited set of records only where the law requires it — for example, billing and tax history.
We also respect the obligations of US institutions, including schools handling student records under FERPA. If your organization has specific data-handling needs, get in touch and we'll work with you.
Compliance
As an EU company, Joltoo is built around GDPR from the ground up. We don't claim certifications we don't hold — if you need specifics for procurement or a vendor review, ask and we'll tell you exactly where we stand.
Reporting a security issue
Found a security problem? We want to hear about it. Email hello@joltoo.com with the subject “Security report” and enough detail to reproduce it. Please give us a reasonable window to fix it before sharing it publicly — we won't pursue researchers who report in good faith.