Skip to main content

Privacy Policy

Last updated: February 16, 2026

1. Information We Collect

We collect several types of information to provide and improve our services:

Account Information

  • Name, email address, and phone number
  • Business name, address, and industry details
  • Account credentials and profile settings

Service Data

  • Customer records, property details, and contact information you enter
  • Job schedules, service history, and route information
  • Invoices, estimates, and payment records
  • Employee and crew management data

Financial Data

  • Payment information processed through Stripe (we do not store full credit card numbers)
  • Bank account information connected through Plaid (we receive only tokenized access)
  • Subscription billing and transaction history

Usage Data

  • Device type, browser, and operating system
  • IP address and approximate location
  • Pages visited, features used, and interaction patterns
  • Performance and error data

Communications

  • Messages and correspondence sent through the platform
  • Support requests and feedback you provide
  • SMS and email communications sent on your behalf

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and improve services — Operate the Grassly platform, deliver features you request, and develop new functionality
  • Process transactions — Handle payments, invoicing, and billing for both your subscription and your customer payments through Stripe Connect
  • Communicate with you — Send account notifications, service updates, security alerts, and respond to your inquiries
  • Analytics and optimization — Understand how our platform is used, identify trends, and improve performance and user experience
  • Security and fraud prevention — Detect, investigate, and prevent unauthorized access, abuse, or other harmful activity
  • Legal compliance — Fulfill legal obligations, respond to lawful requests, and enforce our terms of service

3. Cookies and Tracking Technologies

We use cookies and similar technologies to operate our platform and improve your experience. For a full breakdown of the cookies we use and how to manage your preferences, please see our Cookie Policy.

Key technologies we use include:

  • Supabase authentication session cookies — Essential cookies required for you to stay signed in and use the platform securely
  • Vercel Analytics — Anonymous, privacy-friendly analytics to understand traffic and performance (no personally identifiable information is collected)
  • Sentry error monitoring — Captures application errors and performance data to help us identify and fix issues quickly

4. Third-Party Services

We share data with the following third-party service providers (subprocessors) to operate the Grassly platform. Each provider processes data only as necessary to deliver their specific service.

ServicePurposeLocation
SupabaseDatabase, authentication, storageUS
StripePayment processingUS
VercelHosting and deploymentUS
ResendTransactional emailUS
TwilioSMS messagingUS
MapboxMap and route servicesUS
PlaidBank account linkingUS
SentryError monitoringUS
AnthropicAI-powered featuresUS

We do not sell your personal information to third parties. Data is shared with subprocessors only to the extent necessary to provide the services described above.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide you with our services. When you delete your account:

  • Personal data is removed from our active systems within 30 days
  • Anonymized analytics data may be retained for product improvement purposes
  • Encrypted backups containing your data are purged within 90 days
  • Financial records and transaction history may be retained as required by applicable tax and accounting laws

If you wish to request early deletion of your data, please contact us at support@grassly.pro.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Request that we correct inaccurate or incomplete information
  • Deletion — Request that we delete your personal data, subject to legal retention requirements
  • Data portability — Request an export of your data in a structured, machine-readable format
  • Opt out — Unsubscribe from non-essential communications at any time

To exercise any of these rights, email us at support@grassly.pro. We will respond to your request within 30 days.

7. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information.

Categories of personal information we collect:

  • Identifiers — Name, email address, phone number, IP address, account ID
  • Commercial information — Transaction records, service history, invoices, and payment details
  • Internet or electronic activity — Browsing history on our platform, search queries, interaction data
  • Professional or employment information — Business name, role, employee and crew details

Your CCPA rights:

  • Right to know — You can request disclosure of the categories and specific pieces of personal information we have collected about you
  • Right to delete — You can request deletion of your personal information, subject to certain exceptions
  • Right to opt out of sale — We do not sell your personal information. If this changes, we will provide a "Do Not Sell My Personal Information" mechanism
  • Right to non-discrimination — We will not discriminate against you for exercising any of your CCPA rights

To exercise your CCPA rights, contact us at support@grassly.pro. We will verify your identity before processing your request and respond within 45 days.

8. Children's Privacy

Grassly is a business management platform and is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete that information as promptly as possible. If you believe a child under 13 has provided us with personal information, please contact us at support@grassly.pro.

9. Data Security

We take the security of your data seriously and implement industry-standard measures to protect it:

  • Encryption in transit — All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security)
  • Encryption at rest — All stored data is encrypted at the database level
  • Row-level security — Database policies ensure that each organization can only access its own data
  • Role-based access controls — Platform roles (owner, admin, employee) limit access to features and data based on user permissions
  • Regular security reviews — We conduct periodic reviews of our security practices, dependencies, and infrastructure
  • SOC 2 compliant infrastructure — Our hosting (Vercel) and database (Supabase) providers maintain SOC 2 compliance, ensuring rigorous security, availability, and confidentiality controls

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. If we make material changes, we will notify you by email or through a prominent notice on the Grassly platform prior to the changes taking effect. The "Last updated" date at the top of this page indicates when the policy was most recently revised. Your continued use of Grassly after any changes constitutes your acceptance of the updated policy.

11. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us:

Beckham Labs LLC
support@grassly.pro
www.grassly.pro