GRAIN respects your privacy and aims to be compliant with the European Union General Data Privacy Regulation. This document explains how we do this.

Data collection

We use Google Analytics [1] to track aggregate (not personally identifiable) information about our website traffic. This allows us to draw up annual statistics about the number of unique visitors to the site, pages most visited, documents most downloaded, the countries that users are browsing from, etc. We share such statistics with our funders and the public in our annual activity report, as it helps us account for our work to those who support us.

When you subscribe to one of our mailing lists, you are asked to give an email address for delivery. We do not use your address for any other purpose. You may cancel your subscription at any time by clicking ”unsubscribe” at the footer of the email.

We offer basic social media services that allow you to share material from our site on your own accounts at Facebook [2] or Twitter [3]. We also offer Disqus [4] as a mechanism for the public to post comments about our articles. But we do not collect personal information through any of these services.

Sometimes people send us their CV when they offer to volunteer or when they respond to a job offer that GRAIN circulates. In these cases, we keep the CV on file for two years at our coordination office [5] in Barcelona, Spain, and then delete it.


This site uses a cookie to remember your language preference. (This being a trilingual website, if you want to open it in your preferred language each time you visit, the cookie will facilitate that.) The other cookies we use are required for the functioning of the site and can be consulted below. That’s all our cookies do. We do not collect any personally identifiable information or track you or advertise. Cookies are managed in your browser’s settings, and that's where they can be manually disabled for this site.


From time to time, we may invite people who use our services to answer an online survey or questionnaire. We appreciate your participation as it helps us improve our work. Any data collected through these forms is used only for the purpose stated.


When you make a donation to GRAIN on this site, Stripe [6] and Donorbox [7] will process the payment. If you are based in the European Economic Area, your personal data will be transferred in this process to the United States in line with the GDPR’s standard contractual clauses for personal data transfer to third countries. Stripe’s existing measures include the EU Commission’s approved Standard Contractual Clauses (SCCs) to accommodate international data transfers. GRAIN collects no personal data nor payment information through the services of these companies.

Sister sites

GRAIN helps run two other web sites: and The same privacy provisions apply to those sites. One difference is that they are open-publishing, meaning anyone can register and publish relevant information on them. If you register, you must create a login and give us an email address. This is strictly for the purpose of identifying you as a contributor to the site and may be changed or deleted by the user at any time.

Storage and transfer

Our web servers are located in Ireland [8] and Canada [9]. Our mailing lists are hosted in Germany (EU) [10]. Any personal data collected through our websites or email services are held by our web developer in the Philippines, while data collected about people who apply to work with us are held in our office in Spain. GRAIN does not use, share, rent, transfer or sell your information with anyone except as described in this privacy policy.

Changes in our policy

We may revise this policy from time to time. Any changes will be announced on GRAIN’s homepage for one week.


If you have any questions about GRAIN’s privacy policy, please contact us at [email protected].

Cookies details





Saves the current user language preference



Google Analytics session data to determine unique users



Google Analytics session data to determine unique users



Google Analytics session data to determine unique users


Disqus widget

Third-party cookie requests session data only when user comments using Disqus.



Cloudflare security settings on a per-client-basis

[1] Google Inc: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

[2] Facebook: 1 Hacker Way, Menlo Park, CA 94025, USA

[3] Twitter: 1355 Market Street Suite 900. San Francisco, CA 94103, USA

[4] Disqus: 301 Howard Street, Suite 300, San Francisco, CA 94105, USA

[5] GRAIN: Girona, 25, ppal. 08010 Barcelona, Spain

[6] Stripe: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, United States

[7] Donorbox: Rebel Idealist LLC, 5 3rd St, Suite 900, San Francisco, CA 94103, United States

[8] Spiral Limited; 3rd Floor, 60 Great Victoria Street, Belfast, BT2 7ET, N Ireland

[9] Speedyrails; 449 Sussex Drive Unit 201, Ottawa, ON K1N 6Z4, Canada

[10] phpLists: Unit 15 Marston Business Park, Lower Hazeldines, Marston Moretaine, Bedfordshire, MK43 0XT, United Kingdom. Company number 07582966