Legal

Privacy Policy

Effective date: July 4, 2026

This Policy explains what personal information Stewyrd collects, how we use and share it, how we protect it, and the privacy rights available to you — including rights for California residents.

1. Introduction & scope

This Privacy Policy explains how Stewyrd, Inc. (“Stewyrd,” “we,” “us”) collects, uses, discloses, and protects personal information in connection with our websites, the Stewyrd platform, and Stewyrd Advisory services (together, the “Services”).

Two roles are worth distinguishing. When we handle information about our own website visitors and account holders, we act as a “business” (controller). When we process documents and data a customer uploads to the platform (“Customer Content”) to provide the Services, we act as a “service provider” (processor) on that customer’s behalf and handle it under our agreement with them; if you are an individual whose information appears in a customer’s Customer Content, please direct privacy requests to that customer.

2. Information we collect

Information you provide

  • Account and contact information — name, work email, organization, role, and password credentials.
  • Customer Content — the grant agreements, contracts, spreadsheets, and other materials you upload or paste, and the records derived from them, which may contain personal information (for example, the name or contact details of a program officer or staff member).
  • Communications — messages you send us for support, sales, or advisory engagements.
  • Billing information — handled by our payment processor; we do not store full payment card numbers.

Information collected automatically

  • Usage and device data — pages viewed, actions taken, IP address, browser and device type, and timestamps, collected through logs and essential cookies to operate and secure the Services.

Under California law, the categories of personal information we may collect are: identifiers; customer records and commercial information; internet or network activity; geolocation inferred from IP; professional or employment information; and other information you include in Customer Content. We do not intentionally seek sensitive personal information, though it may appear within Customer Content you choose to upload.

3. How we use information

We use personal information to:

  • provide, operate, secure, and maintain the Services, including extracting obligations from documents and generating proposals for your review;
  • authenticate users, prevent fraud and abuse, and protect the Services and our customers;
  • provide support, respond to requests, and deliver advisory engagements;
  • send service, security, and transactional messages, and — where permitted — occasional product updates you can opt out of;
  • improve and develop our products, including using aggregated and de-identified data; and
  • comply with law and enforce our agreements.

4. AI & document processing

To read documents and generate proposals, we process Customer Content using our systems and third-party AI and cloud-infrastructure providers acting as our subprocessors under contractual confidentiality and data-protection obligations.

We do not sell Customer Content, and we do not permit our AI subprocessors to use Customer Content to train their general-purpose models beyond what is necessary to provide the Services to you. Proposals are generated for human review; a person on your team confirms high-stakes items before they enter your records. We maintain a current list of subprocessors, available on request, and we will make reasonable efforts to notify customers of material new subprocessors.

5. How we share information

We share personal information only as follows:

  • Subprocessors and service providers — cloud hosting, database, email, analytics, AI processing, and payment providers who process information on our behalf under contract and only to provide the Services.
  • Within your organization — with the users and administrators of your account, as the Services are designed to do.
  • Advisory engagements — with the Stewyrd Advisory personnel serving your organization, under confidentiality.
  • Legal and safety — when required by law, subpoena, or legal process, or to protect the rights, property, or safety of Stewyrd, our customers, or others.
  • Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.
  • With your direction or consent — as you request.

WE DO NOT SELL YOUR PERSONAL INFORMATION, AND WE DO NOT SHARE IT FOR CROSS-CONTEXT BEHAVIORAL ADVERTISING, as those terms are defined under California law.

6. Cookies & tracking

We use cookies and similar technologies that are strictly necessary to sign you in, keep the Services secure, and remember basic preferences, and we may use limited first-party analytics to understand and improve usage. We do not use third-party advertising or cross-site tracking cookies. You can control cookies through your browser, though disabling essential cookies may break the Services.

7. Data retention

We retain personal information for as long as your account is active and as needed to provide the Services, and thereafter as required to comply with legal obligations, resolve disputes, maintain security, and enforce our agreements. Customer Content is retained per our agreement with the customer; you can export your data at any time. Following account closure, we delete or de-identify Customer Content within 90 days, except for copies held in routine backups (which are purged on their normal cycle) and information we must retain to comply with law, resolve disputes, or enforce our agreements.

8. Security

We use technical and organizational measures designed to protect personal information, including encryption in transit, access controls scoped to each organization, and an append-only audit trail of changes to records. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If we become aware of a security breach affecting your personal information, we will notify you without undue delay and as required by law, so you can meet your own notification obligations.

9. Your California privacy rights

If you are a California resident, the California Consumer Privacy Act, as amended by the CPRA, gives you the following rights, subject to exceptions:

  • Right to know / access — the categories and specific pieces of personal information we have collected, the sources, purposes, and categories of recipients.
  • Right to delete — request deletion of personal information we collected from you.
  • Right to correct — request correction of inaccurate personal information.
  • Right to opt out of sale or sharing — we do not sell or share personal information for cross-context behavioral advertising, so there is nothing to opt out of.
  • Right to limit use of sensitive personal information — we do not use sensitive personal information to infer characteristics about you.
  • Right to non-discrimination — we will not discriminate against you for exercising your rights.

To exercise these rights, email privacy@stewyrd.com. We will verify your request using information associated with your account and respond within the time required by law. You may use an authorized agent to submit a request on your behalf with proof of authorization. If your information appears within a customer’s Customer Content, we will refer your request to that customer, who is the responsible party.

California “Shine the Light” (Civil Code § 1798.83): we do not disclose personal information to third parties for those third parties’ own direct marketing purposes.

10. Other U.S. state privacy rights

Residents of other U.S. states with comprehensive privacy laws (such as Virginia, Colorado, Connecticut, Utah, Texas, and Oregon) may have similar rights to access, correct, delete, and obtain a portable copy of their personal information, and to opt out of targeted advertising, the sale of personal information, or certain profiling. We do not sell personal information or use it for targeted advertising or such profiling. To exercise a right, contact us using the details below. If we deny your request, you may appeal by replying to our response, and we will inform you of our decision within the time the law allows.

11. Children’s privacy

The Services are intended for organizations and are not directed to children. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us personal information, contact us and we will delete it.

12. Data location & international users

We operate in the United States, and personal information is processed and stored in the United States and by our subprocessors. If you access the Services from outside the United States, you understand your information will be processed in the United States, where privacy laws may differ from those in your location.

13. Changes to this Policy

We may update this Policy from time to time. We will post the updated version with a new effective date and, for material changes, provide additional notice. Your continued use of the Services after the effective date constitutes acceptance.

14. Contact us

Questions or requests about your privacy? Contact Stewyrd, Inc. at privacy@stewyrd.com.