Privacy Policy for Grounded.

Last updated: April 5, 2025

Your privacy is important to us. This Privacy Policy explains how Grounded (“Grounded”, “we”, “us”, or “our”) collects, uses, shares, and protects personal information when you use our website (https://getgetgrounded.io) and related services (collectively, the “Services”). It also describes your rights regarding your personal data and how you can exercise those rights. We are committed to processing your personal data in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

By using our Services, you agree to the collection and use of your information as described in this Privacy Policy. If you do not agree with our practices, please do not use the website or Services.

Introduction

We may collect various types of information from you, which can include:

Personal Information You Provide: Information you voluntarily provide to us through forms or interactions on our site. For example, when you subscribe to a newsletter, request information, or contact us, we may collect identifiers like your name, email address, phone number, or other contact details. We will also collect any messages or content you provide when you communicate with us (such as support inquiries or feedback).
Usage Data: Information automatically collected about your use of our website. This includes technical data such as your IP address, browser type, device type, operating system, referring URLs, pages viewed, and the dates/times of your visits. We also gather information on how you interact with our site, which helps us understand usage patterns.
Cookies and Tracking Technologies: We use cookies and similar tracking technologies (e.g., web beacons, pixels) to enhance your experience. Cookies are small text files placed on your device that allow us to recognize you on subsequent visits, remember your preferences, and analyze website traffic. You can control or disable cookies through your browser settings; however, note that some features of our site might not function properly if cookies are disabled. For more details, please see our Cookies notice (if available).

We limit the personal information we collect to what is necessary for the purposes set out in this policy. Where feasible, we may anonymize or aggregate data so that it does not identify you personally.

Information We Collect

We use the information we collect for the following purposes:

To Provide and Maintain Services: We process your personal information to operate the website and provide you with the features and services you request. For example, if you sign up for an account or newsletter, we use your email to send confirmations or updates. We also use personal data to respond to your inquiries, support requests, or feedback.
To Improve and Personalize Services: We use usage data and analytics to understand how users interact with our Services and to improve the content and functionality of our site. This helps us troubleshoot issues, perform data analysis, test new features, and enhance user experience. It is in our legitimate interest to analyze and improve our Services for our users.
Communication: We may use your contact information to send you administrative messages (such as service notifications, technical or security notices). With your consent, we may also send you promotional communications such as newsletters, special offers, or updates about new features. You can opt out of marketing emails at any time by clicking the unsubscribe link in those emails or contacting us.
Legal Compliance and Security: We may process personal data as required to comply with applicable legal obligations, such as financial reporting requirements or responding to lawful requests by public authorities. We also use data to enforce our Terms and Conditions, prevent fraud or other illegal activities, and protect the rights, property, and safety of Grounded, our users, or others.
Other Purposes with Consent: If we intend to use your information for a purpose that is not outlined in this Privacy Policy, we will explain that purpose at the time and, if required, obtain your consent.

How We Use Your Information

If you are located in the European Economic Area (EEA) or United Kingdom, we rely on the following legal grounds under the GDPR for processing your personal data:

Consent: For certain types of processing, we will seek your consent. For example, we will obtain your consent to send you marketing emails or to place non-essential cookies. You have the right to withdraw your consent at any time, which will not affect the lawfulness of processing based on consent before its withdrawal.
Performance of a Contract: We process personal data to perform our contractual obligations to you. For instance, when you sign up for an account or request a service, we need to use your information to provide those services (or to take steps at your request before entering into a contract).
Legitimate Interests: We process data as necessary for our legitimate interests, provided those are not overridden by your data protection rights. Our legitimate interests may include improving and securing our Services, communicating with you about our Services, and understanding how users interact with our website. When we rely on legitimate interests, we consider and balance any potential impact on you and your rights.
Legal Obligation: In some cases, we need to process personal data to comply with a legal obligation, such as maintaining proper business records, handling law enforcement requests, or complying with regulatory requirements.

Legal Bases for Processing (GDPR)

We do not sell or rent your personal information. We only share your information in the following circumstances:

Service Providers: We may share data with third-party companies and individuals that provide services on our behalf, such as website hosting, data analytics, email delivery, customer support, or other operational services. These service providers will access your information only to perform tasks for us and are obligated not to disclose or use it for other purposes. We ensure that any processors handling your data do so in compliance with applicable data protection laws and subject to contractual obligations to safeguard your information.
Legal Requirements: We may disclose your information if required to do so by law or in response to valid legal requests by public authorities (for example, a court order, subpoena, or government demand) . We may also disclose personal information if we believe in good faith that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend our rights or property, (iii) prevent or investigate possible wrongdoing in connection with the Services, or (iv) protect the personal safety of users or the public.
Business Transfers: If Grounded is involved in a merger, acquisition, sale of assets, bankruptcy, or reorganization, your personal information may be transferred to a successor or affiliate as part of that transaction. In such cases, we will ensure your data remains subject to confidentiality obligations and will provide notice before personal information is transferred and becomes subject to a different privacy policy.
With Your Consent: We will share your personal information with third parties outside of the above circumstances only with your consent. For example, if you agree to let us share your details with a partner for their own marketing, we will do so only with your explicit consent, and you are free to revoke such consent at any time.

Data Sharing and Disclosure

Grounded is based in a jurisdiction that may not have equivalent data protection laws as your home country. If you are accessing our Services from the EEA, UK, or other regions with laws governing data collection and use, please note that your personal information may be transferred to, and processed in, countries outside of your home jurisdiction. In particular, our website servers or service providers may be located in countries such as the United States or other jurisdictions that do not provide the same level of data protection as the laws in your country.

Whenever we transfer personal data out of the EEA/UK, we take steps to ensure appropriate safeguards are in place to protect your information. For example, we may use the European Commission’s Standard Contractual Clauses (SCCs) or other approved mechanisms to ensure that your personal data is afforded an adequate level of protection . We may also rely on an EU adequacy decision (where the destination country is recognized as having adequate data protection) or obtain your explicit consent for specific transfers.

By using our Services or submitting your information, you consent to this transfer, storage, and processing of your information in countries outside of your own. We will take all measures reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

International Data Transfers

We retain personal information only for as long as necessary to fulfill the purposes for which we collected it, including for business or legal purposes. Specifically:

Personal Data: We will keep your personal information (such as your account or contact details) for as long as you have an account or active relationship with us. If you close your account or withdraw your consent (where applicable), we will delete or anonymize your personal data within a reasonable period after the end of our relationship, unless a longer retention period is required or permitted by law (for example, for legal compliance, tax, or accounting reasons).
Usage Data: We generally retain usage data for a shorter period of time for internal analysis. Usage data (analytics logs, server logs) may be kept for a period (e.g., 90 days up to a few years) as needed for purposes such as improving the Services and strengthening security. If we are required by law or legitimate business need to retain usage data for a longer period (for instance, to investigate fraud or troubleshoot issues), we will do so in a secure manner.

Once the applicable retention period expires, or if you request deletion of your data, we will either delete your personal information or anonymize it so it can no longer be associated with you. If immediate deletion is not possible (for example, because the data is stored in backup archives), we will securely store the data and isolate it from further processing until deletion is feasible .

Data Retention

If you are in the EEA, UK, or certain other jurisdictions, you have legal rights with respect to your personal data. Subject to applicable law and certain exceptions, these rights may include:

Right of Access: You have the right to request confirmation of whether we are processing your personal data, and if so, to request a copy of the data we hold about you, as well as supplementary information about how that data is used .
Right of Rectification: You have the right to ask that we correct or update any inaccurate or incomplete personal information we hold about you. We will rectify such data without undue delay.
Right to Erasure: You have the right to request deletion of your personal data in certain circumstances. This right, also known as the “right to be forgotten,” applies, for example, if the data is no longer necessary for the purposes it was collected, you withdraw consent (where the processing was based on consent), or you object to processing and we have no overriding legitimate grounds to continue. Please note that we may need to retain certain information as required by law or for legitimate business purposes.
Right to Restrict Processing: You have the right to request that we limit the processing of your personal data in certain situations – for instance, if you contest the accuracy of the data, or if the processing is unlawful and you prefer restriction over deletion. When processing is restricted, we will still store your information but will not use it further until the restriction is lifted.
Right to Data Portability: You have the right to obtain your personal data that you have provided to us in a structured, commonly used, and machine-readable format, and to have that data transmitted to another data controller where technically feasible. This right applies when the processing is based on your consent or a contract and is carried out by automated means .
Right to Object: You have the right to object to our processing of your personal data when that processing is based on legitimate interests, including profiling based on legitimate interests. If you make such an objection, we will evaluate whether our legitimate grounds for processing outweigh your privacy rights and if not, we will cease the processing in question. You also have an unconditional right to object to the processing of your personal data for direct marketing purposes, which we will always honor.
Right Not to be Subject to Automated Decisions: You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects or similarly significant effects for you, unless it is necessary for entering into or performing a contract, is authorized by law, or you have given your explicit consent. Grounded does not currently engage in solely automated decision-making that has legal or significant effects on individuals.

To exercise any of these rights, please contact us at info@getgrounded.io with your request. We may ask you to verify your identity before fulfilling the request (to protect your privacy and security). We will respond to your request within the timeframes required by applicable law (typically within one month for GDPR-related requests, with the possibility of an extension if the request is complex).

Please note that some rights may be limited under local law. For example, we might not be able to delete certain data if we are required to keep it by law, or we may refuse to comply with a request if it is manifestly unfounded or excessive. If we decline your request, we will explain the reasons, subject to any legal or regulatory limitations.

If you believe that our processing of your personal data infringes the GDPR or other applicable privacy laws, you have the right to lodge a complaint with a supervisory data protection authority. If you are in the EEA, you can find contact details for your local authority here: https://edpb.europa.eu/about-edpb/board/members_en. If you are in the UK, you can contact the Information Commissioner’s Office (ICO). We would, however, appreciate the chance to address your concerns directly before you approach a regulator, so please consider contacting us first.

Your Rights

Our website and Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from anyone under the age of 18 . If you are under 18, please do not use the Services or provide any information to us. If we become aware that we have inadvertently collected personal data from a child under 18 without verifiable parental consent, we will take immediate steps to delete such information.

If you are a parent or guardian and you believe that your child under 18 has provided us with personal information, please contact us at info@getgrounded.io. We will promptly investigate and remove the information from our records if it exists, and take any other necessary steps to protect the child’s privacy.

Children’s Privacy

We take the security of your personal information seriously. Grounded implements a variety of technical and organizational measures to protect your data from unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit (via SSL/TLS), firewalls, secure server environments, and access controls to personal data. We also limit access to your personal data to those employees, contractors, and service providers who need to know that information to operate or improve our Services.

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee absolute security of your data. You transmit information to us at your own risk, and are responsible for protecting any passwords or other account credentials in your possession. In the event of a data breach, we will notify affected users and relevant authorities as required by law.

Please note: If you ever suspect a vulnerability or security incident involving Grounded, or have questions about the security of your data, please contact us immediately.

Data Security

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we update the policy, we will revise the “Last updated” date at the top. If changes are material, we will provide a more prominent notice (such as on our homepage or via email notification, if appropriate). We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting the personal information we collect.

Your continued use of the website or Services after any changes to this Privacy Policy have been posted will signify your acknowledgment of the modifications and your agreement to abide by the updated policy. If you do not agree with any updates or changes, you should stop using the Services and, if necessary, delete your account or personal data as provided above.

Changes to this Privacy Policy

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us at:

Email: info@getgrounded.io

We will do our best to address your inquiry and resolve any concerns. If you are contacting us to exercise a legal privacy right, please clearly describe your request and provide any information that will help us to verify your identity and locate your data (for example, the email address associated with your account).

Thank you for reading our Privacy Policy. Your privacy and trust are important to Grounded, and we are committed to safeguarding the personal information that you share with us.

Contact Us

Back to Home