Introduction
GRASPPY is an AI Context Workspace that helps users import, organize, analyze, and reuse AI conversations and project context. This Privacy Policy explains what information we collect, how we use it, how we share it, and what choices and rights you have.
Information We Collect
We collect account and profile information, content you provide or import, generated and derived data, payment and subscription metadata, usage and log data, support messages, email delivery data, and essential preference/security data.
Content may include conversations, JSONL exports, markdown exports, uploaded files, documents, workspaces, artifacts, plans, prompts, skills, notes, summaries, entities, links, topics, and other analysis results.
Cookies and Analytics
For launch, GRASPPY uses Plausible Analytics as privacy-friendly, cookieless analytics for public website measurement. We use essential storage for authentication, security, preferences, and notices where applicable.
If GRASPPY later adds Facebook Pixel or other non-essential tracking, we will update the policy and consent flow before enabling that tracking.
How We Use Information
- Provide, maintain, secure, and support GRASPPY.
- Import, parse, enrich, analyze, organize, and display your content.
- Operate AI processing and model-provider integrations.
- Manage accounts, authentication, plans, trials, subscriptions, and billing.
- Send transactional and permitted marketing emails.
- Detect fraud, abuse, security incidents, and policy violations.
- Improve reliability, usability, and product quality.
- Comply with legal, accounting, tax, and regulatory obligations.
Legal Bases for Processing
Where a legal basis is required, we process personal information based on contract performance, legitimate interests, consent where required, and legal obligations.
AI Processing and Subprocessors
GRASPPY may use third-party providers for AI processing, hosting, storage, payments, email, analytics, and infrastructure.
| Provider | Purpose |
|---|---|
| Anthropic | AI model processing |
| OpenAI | AI model processing |
| DeepSeek | AI model processing where selected or configured |
| OpenRouter | AI model routing where selected or configured |
| Cloudflare R2 | Object storage |
| Hetzner | Server and database infrastructure |
| Netlify | Website hosting and serverless functions |
| Stripe | Payments and subscription processing |
| EmailIt | Transactional and marketing email delivery |
| Plausible | Cookieless public-site analytics |
How We Share Information
We share information only as needed to provide and operate GRASPPY, comply with law, protect users and the service, complete business transactions, or with your direction. We do not sell personal information.
Data Retention
We retain account and content data while your account is active or as needed to provide the service. If account deletion is requested, the planned model is a 14-day soft-delete grace period before hard deletion from primary systems.
Object storage deletion and backup expiration may follow separate operational windows. Audit logs, security records, payment records, tax records, abuse-prevention records, and legal records may be retained where necessary.
Your Privacy Rights
Depending on your location, you may have rights to access, receive a portable copy, correct, delete, object to or restrict processing, opt out of marketing, opt out of sale/share if applicable, limit certain sensitive information uses, and appeal certain decisions.
To exercise rights, contact support@grasppy.com. If account settings provide self-serve export, correction, or deletion controls, you may also use those controls.
California Privacy Notice
California residents may have rights under the CCPA/CPRA, including the right to know, access, correct, delete, opt out of sale/share, limit certain sensitive personal information uses, and not be discriminated against for exercising rights.
European and UK Users
Users in the EEA, UK, or similar jurisdictions may have GDPR-style rights, including access, rectification, erasure, portability, restriction, objection, and rights related to automated decision-making.
Automated Decision-Making
GRASPPY may use automated systems to detect abuse, fraud, security risk, or policy violations. We do not intend to make solely automated decisions with legal or similarly significant effects without providing required rights and disclosures.
Security
GRASPPY uses technical and organizational safeguards such as HTTPS/TLS, password hashing, access controls, logging, and infrastructure security measures. No service can guarantee perfect security.
Children
GRASPPY is not directed to children under 13. We do not knowingly collect personal information from children under 13.
International Transfers
GRASPPY may process and store information in the United States, the European Union, and other locations where our providers operate. Where required, we use appropriate safeguards for international transfers.
Marketing and Transactional Emails
Transactional emails are sent as needed to operate the service. Marketing emails are optional where required, and you can unsubscribe using the link in marketing emails or by contacting support.
Changes and Contact
We may update this Privacy Policy from time to time. Questions or privacy requests: support@grasppy.com