← Back to Documentation
Privacy Policy
Last updated:
1. What We Collect
When you use Grovyl, we collect the following:
| Data Type | Examples | Purpose |
| Account info | Email, name | Authentication, communication |
| Client data | Client names, contact info | Core app functionality |
| Campaign data | Names, budgets, metrics, tasks | Core app functionality |
| SOPs & checklists | Workflow documents, templates | Core app functionality |
| Usage data | Pages visited, features used | Product improvement |
| Feedback | Bug reports, suggestions | Product improvement |
2. How We Store Your Data
Your data is stored in Supabase, a hosted PostgreSQL database. Supabase provides encryption at rest, automated backups, and SOC 2 compliance.
Where your data lives:
- Database: Supabase (AWS us-east-1 region)
- Hosting: Cloudflare Pages (global CDN)
- Email: Resend (transactional emails only)
- Payments: Stripe (when billing is active)
Backup policy:
- Supabase provides automatic daily backups
- Backups are retained for 7 days on the free plan
- We do not maintain additional backups beyond Supabase's default
3. How We Protect Your Data
- Encryption: All data is encrypted in transit (TLS) and at rest
- Access controls: Row Level Security (RLS) ensures you can only access your own data
- Authentication: Supabase Auth with secure session management
- No sharing: We do not sell, share, or rent your data to third parties
- Minimal access: Only the app owner can access the database for support and maintenance
4. Who Can Access Your Data
| Who | Access | Why |
| You | Full access to your workspace | Using the app |
| Invited team members | Your workspace (role-based) | Collaboration |
| Grovyl (app owner) | Technical support only | Bug fixes, support requests |
| Supabase | Infrastructure only | Hosting and database |
| Third parties | No access | We do not sell data |
5. Third-Party Services
These services process data on our behalf:
Each provider has its own privacy policy governing how they handle data.
6. Beta Program Data
During the beta period, we may collect additional data to improve the product:
- Feedback: Bug reports, feature requests, and suggestions you submit
- Usage patterns: Which features you use and how often
- Performance data: Error logs, load times, and technical issues
This data is used solely for product improvement and is not shared with third parties.
7. Your Rights
You have the right to:
- Access — View all data stored in your account
- Export — Download your data in standard formats
- Delete — Request permanent deletion of your account and all data
- Correct — Update or correct inaccurate data
- Restrict — Limit how we process your data
To exercise any of these rights, email ">.
8. Data Retention
- Active accounts: Data is retained while your account is active
- Account deletion: All data is permanently deleted within 30 days
- Beta feedback: Retained indefinitely (anonymized) for product improvement
- Backups: Supabase retains backups for 7 days (auto-purged)
9. Cookies & Tracking
- Essential cookies: Used for authentication and session management
- No analytics: We do not use Google Analytics, Facebook Pixel, or similar tracking
- No ads: We do not serve ads or use ad trackers
- localStorage: Used for app preferences and offline data
10. Children's Privacy
Grovyl is not intended for users under 18. We do not knowingly collect data from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification. The "Last updated" date at the top reflects the most recent revision.
12. Contact
Questions about this Privacy Policy? Contact us:
Email: contact@grovyl.com
Website: grovyl.com
This Privacy Policy was last reviewed on . This document is not a substitute for legal advice. Consult a qualified attorney for your specific situation.