FundMesa
Last updated: May 2026
FundMesa is a grant-management tool for nonprofits. When you create an account we store your name, email, hashed password (or your identity provider's user id if you sign in with a third party), and the organizations you belong to. When you use the product we store the grants, funders, deadlines, attachments, notes, and reports you enter — these are your organization's records and we treat them as such.
We use your data to operate the product: render your dashboard, send reminder emails you schedule, run AI extractions on documents you upload, deliver weekly digests if you opt in, and respond to support requests. We do not sell your data and we do not use the contents of your grants, funders, or attachments to train AI models.
Operating FundMesa requires sending your data through a small number of service providers — application hosting, the database, file storage, transactional email, and error monitoring. The complete list and what each one does is at /sub-processors. We post material changes there before they take effect.
Active data is retained for as long as your organization keeps its account. Soft-deleted records (the "Trash" view) are kept for restoration and then purged. If you delete your organization from Settings → Danger Zone, we hard-delete its database rows and stored files; activity-log entries are retained in scrubbed form (timestamps and action types, no identifying content) for our own audit purposes. Database backups age out on the provider's restore-window schedule (currently 7 days).
You can export your organization's data as JSON at any time from Settings → Data export. You can ask us to delete your personal account by emailing support@fundmesa.com. If you're the owner of an organization you can hard-delete the whole org from Settings → Danger Zone.
All traffic to FundMesa is encrypted in transit (HTTPS). Data at rest is encrypted by our database and storage providers. We use row-level security to keep one organization's records from being readable by any other. Our security practices and pre-launch audit are documented in our public SECURITY.md.
Privacy questions and data-deletion requests: support@fundmesa.com.