Worthy Grants Logo

Privacy Policy

Effective Date: 27 January 2026

1. Introduction

Voluntech Pty Ltd trading as Worthy and Worthy Grants ("we," , the "Company", "us," or "our") is committed to protecting the privacy of your personal information. This Privacy Policy is application and service specific, and explains how we collect, store, use, disclose, and protect your personal information in connection with your use of our grant writer application (the "Application"), accessible via https://app.worthygrants.com.au and our website https://www.worthygrants.com.au (the "Website"). This policy is administered with the intent of compliance with the Australian Privacy Act 1988 (Cth) ("Privacy Act") and the Australian Privacy Principles ("APPs") where applicable.

2. Our Status Under the Privacy Act

The Company has an annual turnover of less than $3 million and may have limited applicability of the Privacy Act 1988 (Cth) in Australia.

3. Contact Details

If you have any questions or concerns about this Privacy Policy or our handling of your personal information, please contact us at:

Voluntech Pty Ltd trading as Worthy
Suite 30, 3 Albert Coates Lane
Melbourne, VIC 3000
mail@worthygrants.com.au

4. Types of Personal Information We Collect and Store

We may collect and store the following types of personal information:

  • Identity Data: This may include your name, title, username, or similar identifier.
  • Contact Data: This includes your email address, telephone number, and billing/postal address (if provided).
  • Financial Data: Bank account and payment card details (if you purchase paid features of the application). This information is also shared with Stripe, our payment processor, to facilitate transactions.
  • Transaction Data: Details about payments to and from you and other details of products and services you have purchased from us.
  • Organisation Data: Information about the organisation you are affiliated with, including organisation name, Australian Business Number (ABN), incorporation details, and other organisational identifiers.
  • Organisational Documents: Documents that you upload or provide to us related to your organisation, such as annual reports, financial statements, strategic plans, letters of support, certificates of registration, tax status documentation, and other materials required for grant applications.
  • Technical Data: Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Application.
  • Usage Data: Information about how you use our Application, products, and services.
  • Application Data: Information you input into the Application related to grant applications, funders, preferences, project details, organisation information, and other relevant data.
  • Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties and your communication preferences.

We do not require or recommend the uploading of sensitive information that could identify an individual (as per the Privacy Act 1988 (Cth)) to the Application.

5. Website Analytics

We use Google Analytics, including advanced analytics features, to collect and analyse data about how visitors use our website. This includes demographic and interest data, which helps us to better understand our audience and tailor our content accordingly. We also use this information to improve our website and your experience. Google's ability to use and share information collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Service and the Google Privacy Policy. You can prevent Google Analytics from recognising you on return visits to this site by disabling cookies in your browser. You can also opt out of Google's personalised advertising by visiting Google's Ads Settings.

We may also use Vercel Analytics and Cloudflare Analytics for website performance monitoring, security purposes, and logging. These services help us understand website traffic patterns, detect security threats, and improve site performance. Vercel and Cloudflare collect technical information such as IP addresses, browser types, page views, and request data. This data is used solely for analytics, security monitoring, and service improvement purposes in accordance with their respective privacy policies.

6. How We Collect and Store Your Personal Information

We collect personal information in the following ways:

  • Directly from you: When you register for an account, use the Application, fill out forms, input data, make payments, contact us, or otherwise interact with our services.
  • Automatically: As you interact with the Application, we may automatically collect Technical Data and Usage Data using cookies, server logs, and other similar technologies.
  • From third parties: This may include payment providers if you use paid features.

Form Data Collection: When you submit information through forms on our Website or Application, we collect all information you provide including personal details, organisation information, project descriptions, financial information, and any other data you enter. This form data may be processed and stored by our service providers as outlined in Section 9 (Vendors and Overseas Disclosure).

Storage: We prioritise data processing and storage in Australia within the Application. Personal information collected within the Application is primarily stored and processed within Australia on Australian-hosted infrastructure. However, some personal information may be processed by overseas service providers as detailed in Section 9 (Vendors and Overseas Disclosure). We use a combination of technical, administrative, and physical safeguards to protect your data, including encryption at rest, multi-factor authentication and security certificates where practical.

7. Purposes for Collecting Personal Information

We collect your personal information for the following purposes:

  • To provide and maintain the Application and its features.
  • To process your payments and manage your account.
  • To improve the Application and develop new features.
  • To provide customer support and respond to your inquiries.
  • To personalise your experience within the Application.
  • To send you important notices and updates about the Application.
  • To conduct research and analysis to improve our services.
  • To comply with legal obligations.
  • To send you marketing communications, if you have opted in to receive them.
  • To generate content using AI based on your input or to recommend content or opportunities to you.

8. How We Use and Disclose Your Personal Information

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

We may disclose your personal information to:

  • Service providers: Third-party companies that provide services to us, such as hosting, data analysis, payment processing, and customer support. These providers are contractually obligated to protect your information and use it only for the purposes we specify.
  • Our employees and contractors: who need access to the information to perform their duties.
  • Legal and regulatory authorities: If required by law or to comply with a legal process, such as a court order or subpoena.
  • Business transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity.

9. Vendors and Overseas Disclosure

We use several overseas service providers to help us deliver our services. Your personal information may be transferred to and processed by these providers as follows:

  • Stripe: A US-based company used for payment processing. Your financial information (such as credit card details) will be transmitted to and processed by Stripe in the United States to complete your transactions.
  • Airtable: A US-based company that provides database services. When you populate contact forms on our website, this information may be stored and processed by Airtable in the United States.
  • Slack: A US-based product owned by Salesforce that provides messaging services. Some of your information may be shared with Slack when you interact with our customer support form or when we process your form submissions internally.
  • AWS: A global database and technological infrastucture provider. Our application (app.worthygrants.com.au) uses AI processing hosted on AWS infrastructure in Australia.
  • Supabase: A global database service provider. Our application (app.worthygrants.com.au) stores user data on Supabase infrastructure based in Australia.
  • Cloudflare: A global hosting and security service provider. Our Application and Website use Cloudflare for security and analytics.
  • Vercel: A global hosting and techngological infrastructure provider. We use Vercel to serve webpage content for both our Application and Website. Vercel uses a global content distribution network with Application functions served from Australia.
  • Sendgrid: A US-based email marketing service provider. We use Sendgrid as part of our authentication process, to send you email notifications and updates about the Application.
  • SideGuide Technologies Inc.: A US-based data extraction and processing service provider used for analysing and processing web-based content and files.
  • Google: A global provider of search, advertising, and other services. We use Google as part of our website analytics and search functionality.
  • Microsoft: A global provider of cloud and application services. We use Microsoft for email hosting, productivity and storage.

These service providers comply with leading data protection standards and have implemented safeguards to protect your information. They may adhere to international frameworks and they have their own policies governing how they handle personal data.

Please note that this list of service providers is not intended to be exhaustive and may change over time as we update our systems and services.

By using our Application and services, you consent to the transfer of your information to overseas providers for the purposes described in this Privacy Policy.

10. Chrome Extension

This section outlines how Worthy Grants collects, uses, and shares your information when you use our Chrome extension.

What Information We Collect

  • User authentication information: When you log in to the Worthy Grants platform using the extension, we collect your email address and password to verify your identity.
  • Selected grant information: The extension allows you to select, extract and add grant questions and requirements from web portals. We collect this selected text to help you easily insert it into your Worthy Grants account.
  • Browser information: The extension collects some basic information about your browser, such as your browser version, timezone, default region and language.
  • Location: We ask you to confirm your location, which we collect, after relying on the Browser Information above.

How We Use Your Information

  • Authentication: We use your email address and password to verify your identity and ensure that you are authorised to access the Worthy Grants platform.
  • Grant creation: We use the selected grant information to help you create and manage your grant applications on the Worthy Grants platform.
  • Improvement: We may use your browser information to improve the performance and functionality of the extension.

Information We Share

When you use the Chrome extension, we do not share your personal information with any third party. Your information is transmitted to the Worthy Grants platform and is governed by this Privacy Policy in entirety, not just this section.

Security

We take reasonable steps to protect your information from unauthorised access, use, or disclosure, this includes HTTPS transmission of information. However, no method of transmission or storage is 100% secure, and we cannot guarantee the absolute security of your information.

11. Accessing and Correcting Your Personal Information

You have the right to:

  • Access the personal information we hold about you.
  • Request correction of any inaccurate or incomplete information.

To exercise these rights, please contact us using the contact details provided above. We will endeavour to respond to your request within a reasonable timeframe, usually within 10 business days.

12. Complaints

If you believe that we have breached the Australian Privacy Principles or mishandled your personal information, you can lodge a complaint with us by contacting us using the details provided above. We will investigate your complaint and respond to you within a reasonable timeframe, usually within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Office of the Australian Information Commissioner (OAIC)
GPO Box 5218 Sydney NSW 2001
Phone: 1300 363 992
Website: www.oaic.gov.au

13. Data Retention

We will retain your personal information for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. When determining the appropriate retention period, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process your personal information, and whether we can achieve those purposes through other means, as well as applicable legal requirements.

14. Data Security

We have implemented technical and organisational security measures where appropriate to protect your personal information from unauthorised access, use, disclosure, alteration, or destruction. These measures include encryption at rest, encryption in transit, multi-factor authentication, access controls, training, and business continuity measures where practical.

15. Data Breach Response

In the event of a data breach that could result in serious harm to individuals whose personal information is involved, we will:

  • Contain the breach and conduct a preliminary assessment
  • Evaluate the risks associated with the breach
  • Notify affected individuals and the Office of the Australian Information Commissioner (OAIC) if required under the Notifiable Data Breaches scheme
  • Take steps to remediate the breach and prevent future incidents

16. Collection Notices

In addition to this Privacy Policy, we may provide specific collection notices at the time we collect personal information. These notices provide more detailed information about how we will use the particular information being collected, who may receive it, and whether it will be disclosed overseas.

17. Availability of Policy

This Privacy Policy is available on our website. Physical copies can be provided upon request by contacting us using the details in Section 3.

18. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website or within the Application. We encourage you to review this Privacy Policy periodically.