Privacy Policy

Effective Date: November 7, 2025

Version 1.0

1. Overview

This Privacy Policy describes how GROVE ("Grove", "we", "us") collects, uses, shares, and safeguards personal data when you interact with our platform and related services (the "Services"). Our approach prioritizes necessity, transparency, security, and user choice.

2. Data We Collect

We process only the data required to operate and improve the Services. This may include:

  • Account Data: Name, company identifiers, role, email address.
  • Usage Metrics: Page views, feature activations, search queries, interaction patterns.
  • Subscription & Billing: Plan tier, renewal status, payment references (via Stripe – we do not store full card data).
  • Communications: Messages, support tickets, feedback entries.
  • Technical Diagnostics: IP address, user agent, device/browser metadata, timestamps, error traces.

We may aggregate or anonymize data for analytics. Aggregated data cannot be used to identify you.

3. How We Use Data

  • Deliver core functionality (secure login, multi‑tenant routing).
  • Personalize views and surface relevant business assets.
  • Measure reliability and improve performance.
  • Detect fraud, abuse, or security anomalies.
  • Respond to user questions and support cases.
  • Manage subscriptions, entitlements, and billing operations.

We do not use personal data for invasive profiling.

4. Legal Bases

Depending on jurisdiction, processing may rely on:

  • Performance of a Contract: To provide purchased or registered features.
  • Legitimate Interests: Securing systems, enhancing usability, preventing misuse.
  • Consent: Optional newsletters or non‑essential tracking.
  • Legal Obligations: Tax, audit, regulatory disclosures.

5. Data Sharing

We never sell personal data. We disclose data only to vetted service providers (e.g., infrastructure, payment, logging, analytics) under strict contractual safeguards. Access is role‑based and minimized.

6. International Transfers

Some processors may operate globally. Where cross‑border transfer rules apply, we implement safeguards such as standard contractual clauses or equivalent mechanisms to ensure adequate protection.

7. Data Retention

Retention periods align with functional necessity and legal requirements. When data is no longer needed, we delete or anonymize it. Anonymized metrics may be kept for longitudinal analysis.

8. Security

Security layers include encrypted transport, access controls, monitoring, and periodic review. No system is infallible; we iterate continuously to reduce risk and respond quickly to incidents.

9. Your Rights

You may, subject to local law, request to:

  • Access a summary or copy of personal data.
  • Rectify inaccurate information.
  • Erase data (where not legally required to retain).
  • Restrict or object to certain processing.
  • Receive data in portable format.
  • Withdraw consent for optional features.

Submit requests via the Contact link; we aim to respond promptly and within statutory timelines.

10. Third-Party Links & Integrations

External links or embedded integrations operate under their own privacy terms. We recommend reviewing those policies before submitting personal data. We are not responsible for external practices.

11. Policy Updates

We revise this Policy when functionality, regulation, or risk posture changes. The Effective Date and Version identify the latest edition. Material updates may be highlighted in‑app or via notice.

12. Contact

Questions, concerns, or rights requests? Use the Contact link in the footer. Provide sufficient detail so we can verify identity and respond efficiently.