Privacy Policy

Our data collection practices are designed with minimalism and purpose at their core. We collect only the information necessary to deliver exceptional service and continuously improve our platform.

1.1 Information You Provide Directly

• Account registration data (email address, display name, password hash)
• Profile preferences and customization settings
• Communications with our support team
• Newsletter subscription preferences
• Feedback, surveys, and user research participation

1.2 Automatically Collected Information

• Device identifiers and browser fingerprints (anonymized)
• IP address (processed and stored in anonymized form)
• Usage patterns and interaction analytics
• Referral sources and session duration
• Technical diagnostics for platform optimization

1.3 Third-Party Integrations

When you choose to connect external services or authenticate via third-party providers, we may receive limited profile information as permitted by your privacy settings on those platforms. We never request access beyond what is essential for the functionality you've requested.

Grit Protocol has developed a proprietary data processing framework that exceeds industry standards for privacy protection. Our approach is built on three foundational principles:

We process your information exclusively for the following purposes:

• Service Delivery: To provide, maintain, and enhance the Grit Protocol platform and services
• Personalization: To customize your experience based on your preferences and usage patterns
• Communication: To send service updates, security alerts, and (with consent) promotional materials
• Security: To detect, prevent, and address fraud, abuse, and technical issues
• Legal Compliance: To fulfill our legal obligations and protect our rights
• Research & Development: To analyze trends and improve our neural synthesis technologies (using only anonymized, aggregated data)

We do not sell your personal information. This is not merely policy—it is principle. Your data is not a commodity we trade.

We may share information only in the following limited circumstances:

• Service Providers: With vetted partners who assist in platform operations, bound by strict confidentiality agreements and data processing addenda
• Legal Requirements: When required by valid legal process, we will comply while providing maximum legally permissible notice to affected users
• Business Transfers: In connection with a merger or acquisition, with continued privacy protections guaranteed
• With Your Consent: For any purpose you explicitly authorize

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you possess the following rights under the General Data Protection Regulation:

To exercise any of these rights, contact us at privacy@gritprotocol.com. We will respond within 30 days as required by law.

California residents are entitled to specific privacy rights under the California Consumer Privacy Act and California Privacy Rights Act:

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected, the sources, purposes, and third parties with whom we share it
• Right to Delete: You may request deletion of personal information we have collected from you
• Right to Opt-Out: You may opt out of the "sale" or "sharing" of personal information (note: we do not sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
• Right to Correct: You may request correction of inaccurate personal information

To submit a verifiable consumer request, email privacy@gritprotocol.com with "CCPA Request" in the subject line.

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements.

Our standard retention periods:

• Account data: Duration of account activity plus 2 years
• Transaction records: 7 years (legal requirement)
• Analytics data: 26 months (anonymized)
• Support communications: 3 years from resolution
• Marketing preferences: Until withdrawal of consent

Grit Protocol operates globally, and your information may be transferred to and processed in countries other than your own. When we transfer data across borders, we implement appropriate safeguards including:

• Standard Contractual Clauses approved by the European Commission
• Binding Corporate Rules for intra-group transfers
• Compliance with the EU-U.S. Data Privacy Framework where applicable
• Additional technical and organizational measures as appropriate

We use cookies and similar technologies to enhance your experience, analyze usage, and support our operations. Our cookie categories include:

• Essential Cookies: Required for basic platform functionality (cannot be disabled)
• Analytics Cookies: Help us understand how visitors interact with our platform
• Preference Cookies: Remember your settings and preferences
• Marketing Cookies: Used to deliver relevant advertisements (with consent only)

You can manage your cookie preferences through your browser settings or our cookie consent manager accessible via the settings icon in the footer.

We implement comprehensive security measures commensurate with the sensitivity of the information we process:

• SOC 2 Type II certified infrastructure
• Regular penetration testing by independent security firms
• 24/7 security monitoring and incident response
• Employee security training and background verification
• Multi-factor authentication for all internal systems
• Regular security audits and compliance assessments

Grit Protocol is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child under 16, we will take immediate steps to delete such information from our systems.

We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you through:

• A prominent notice on our platform
• Email notification to registered users
• Updated "Last Modified" date at the top of this policy

Your continued use of our services after changes become effective constitutes acceptance of the revised policy.