Privacy Policy
Last updated: February 16, 2026
1. Information We Collect
We collect several types of information to provide and improve our services:
Account Information
- Name, email address, and phone number
- Business name, address, and industry details
- Account credentials and profile settings
Service Data
- Customer records, property details, and contact information you enter
- Job schedules, service history, and route information
- Invoices, estimates, and payment records
- Employee and crew management data
Financial Data
- Payment information processed through Stripe (we do not store full credit card numbers)
- Bank account information connected through Plaid (we receive only tokenized access)
- Subscription billing and transaction history
Usage Data
- Device type, browser, and operating system
- IP address and approximate location
- Pages visited, features used, and interaction patterns
- Performance and error data
Communications
- Messages and correspondence sent through the platform
- Support requests and feedback you provide
- SMS and email communications sent on your behalf
2. How We Use Your Information
We use the information we collect for the following purposes:
- Provide and improve services — Operate the Grassly platform, deliver features you request, and develop new functionality
- Process transactions — Handle payments, invoicing, and billing for both your subscription and your customer payments through Stripe Connect
- Communicate with you — Send account notifications, service updates, security alerts, and respond to your inquiries
- Analytics and optimization — Understand how our platform is used, identify trends, and improve performance and user experience
- Security and fraud prevention — Detect, investigate, and prevent unauthorized access, abuse, or other harmful activity
- Legal compliance — Fulfill legal obligations, respond to lawful requests, and enforce our terms of service
3. Cookies and Tracking Technologies
We use cookies and similar technologies to operate our platform and improve your experience. For a full breakdown of the cookies we use and how to manage your preferences, please see our Cookie Policy.
Key technologies we use include:
- Supabase authentication session cookies — Essential cookies required for you to stay signed in and use the platform securely
- Vercel Analytics — Anonymous, privacy-friendly analytics to understand traffic and performance (no personally identifiable information is collected)
- Sentry error monitoring — Captures application errors and performance data to help us identify and fix issues quickly
4. Third-Party Services
We share data with the following third-party service providers (subprocessors) to operate the Grassly platform. Each provider processes data only as necessary to deliver their specific service.
| Service | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, storage | US |
| Stripe | Payment processing | US |
| Vercel | Hosting and deployment | US |
| Resend | Transactional email | US |
| Twilio | SMS messaging | US |
| Mapbox | Map and route services | US |
| Plaid | Bank account linking | US |
| Sentry | Error monitoring | US |
| Anthropic | AI-powered features | US |
We do not sell your personal information to third parties. Data is shared with subprocessors only to the extent necessary to provide the services described above.
5. Data Retention
We retain your data for as long as your account is active or as needed to provide you with our services. When you delete your account:
- Personal data is removed from our active systems within 30 days
- Anonymized analytics data may be retained for product improvement purposes
- Encrypted backups containing your data are purged within 90 days
- Financial records and transaction history may be retained as required by applicable tax and accounting laws
If you wish to request early deletion of your data, please contact us at support@grassly.pro.
6. Your Rights
Depending on your location, you may have the following rights regarding your personal information:
- Access — Request a copy of the personal data we hold about you
- Correction — Request that we correct inaccurate or incomplete information
- Deletion — Request that we delete your personal data, subject to legal retention requirements
- Data portability — Request an export of your data in a structured, machine-readable format
- Opt out — Unsubscribe from non-essential communications at any time
To exercise any of these rights, email us at support@grassly.pro. We will respond to your request within 30 days.
7. California Privacy Rights (CCPA)
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information.
Categories of personal information we collect:
- Identifiers — Name, email address, phone number, IP address, account ID
- Commercial information — Transaction records, service history, invoices, and payment details
- Internet or electronic activity — Browsing history on our platform, search queries, interaction data
- Professional or employment information — Business name, role, employee and crew details
Your CCPA rights:
- Right to know — You can request disclosure of the categories and specific pieces of personal information we have collected about you
- Right to delete — You can request deletion of your personal information, subject to certain exceptions
- Right to opt out of sale — We do not sell your personal information. If this changes, we will provide a "Do Not Sell My Personal Information" mechanism
- Right to non-discrimination — We will not discriminate against you for exercising any of your CCPA rights
To exercise your CCPA rights, contact us at support@grassly.pro. We will verify your identity before processing your request and respond within 45 days.
8. Children's Privacy
Grassly is a business management platform and is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete that information as promptly as possible. If you believe a child under 13 has provided us with personal information, please contact us at support@grassly.pro.
9. Data Security
We take the security of your data seriously and implement industry-standard measures to protect it:
- Encryption in transit — All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security)
- Encryption at rest — All stored data is encrypted at the database level
- Row-level security — Database policies ensure that each organization can only access its own data
- Role-based access controls — Platform roles (owner, admin, employee) limit access to features and data based on user permissions
- Regular security reviews — We conduct periodic reviews of our security practices, dependencies, and infrastructure
- SOC 2 compliant infrastructure — Our hosting (Vercel) and database (Supabase) providers maintain SOC 2 compliance, ensuring rigorous security, availability, and confidentiality controls
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. If we make material changes, we will notify you by email or through a prominent notice on the Grassly platform prior to the changes taking effect. The "Last updated" date at the top of this page indicates when the policy was most recently revised. Your continued use of Grassly after any changes constitutes your acceptance of the updated policy.
11. Contact
If you have any questions about this Privacy Policy or our data practices, please contact us:
Beckham Labs LLC
support@grassly.pro
www.grassly.pro