Privacy Policy

This website and our applications are operated by Graond Ltd, a private limited company registered in England and Wales. We are committed to protecting and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Our registered office is located at Your Registered Office Address, London, United Kingdom. For any data-related enquiries, you may contact our Data Privacy Lead at hello@graond.com.

We process various categories of personal data depending on your interaction with our platform. This data is essential for the provision of our services and the security of our infrastructure.

• Identity Data: Full name, professional title, and account credentials.
• Contact Data: Email address, physical business address, and telephone numbers.
• Financial Data: Bank account and payment card details (processed securely via Stripe).
• Technical Data: IP addresses, login data, browser type/version, time zone settings, operating system, and platform telemetry.
• Usage Data: Granular information on how you navigate our apps, feature engagement, and session duration.
• Marketing Data: Your preferences in receiving marketing from us and our third parties.

Our website uses cookies to distinguish you from other users. This helps us provide you with a high-fidelity experience and allows us to improve our site.

• Strictly Necessary Cookies: Required for the operation of our website (e.g., session management).
• Analytical/Performance Cookies: Allow us to recognise and count the number of visitors and see how they move around the platform.
• Functionality Cookies: Used to recognise you when you return, enabling personalised content.
• Targeting Cookies: Record your visit and the links you followed to make our advertising more relevant.

We may share your personal data with the following categories of third parties for the purposes outlined in this policy:

• Service Providers: Cloud hosting (e.g., Vercel, AWS), email delivery services, and customer support tools.
• Professional Advisers: Lawyers, bankers, auditors, and insurers providing consultancy services.
• Regulators: HM Revenue & Customs and other authorities who require reporting of processing activities in certain circumstances.
• Payment Processors: All financial transactions are handled by Stripe; we do not store raw card data on our servers.

We have implemented state-of-the-art security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way. We limit access to your personal data to those employees, agents, contractors, and other third parties who have a business "need to know". They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

Our services are not intended for children under the age of 13. We do not knowingly collect data relating to children. If we become aware that we have collected personal data from a child without verification of parental consent, we take immediate steps to remove that information from our servers.

As part of our global 'Product Lab' model, your personal data may be processed by our team in Bangladesh or stored on servers located outside the UK. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• Standard Contractual Clauses: We use specific contracts approved by the UK Information Commissioner’s Office (ICO).
• Adequacy Decisions: We only transfer data to countries that have been deemed to provide an adequate level of protection for personal data.
• Intra-Group Agreements: We have strict data sharing agreements between our UK entity and our global labs.

Under the UK GDPR, you have significant rights in relation to your data:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of any incomplete or inaccurate data.
• Right to Erasure: Request the deletion of your data where there is no good reason for us continuing to process it.
• Right to Object: Object to processing where we are relying on a legitimate interest.
• Right to Data Portability: Request the transfer of your data to you or a third party.