Privacy Policy

Summary of Key Points

• Personal Information: We collect and process personal information necessary to provide our services, including information you provide directly and data collected automatically.
• Legal Basis: We process your data based on legitimate interests, consent, contractual necessity, or legal obligations.
• Your Rights: You have significant rights regarding your data, including access, correction, deletion, and portability.
• International Transfers: We implement appropriate safeguards for international data transfers.
• Contact: Questions about your privacy can be directed to contact@greyhaven.ai

1. Introduction

This Privacy Policy explains how Grey Haven Inc. ("Grey Haven," "we," "us," or "our") processes personal information when you use our services, including our desktop applications, websites, and related services (collectively, the "Services"). This policy applies regardless of how you access or use these Services.

We are committed to protecting your privacy and handling your data in an open and transparent manner. This policy is designed to meet requirements under the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Virginia Consumer Data Protection Act (VCDPA), and other applicable privacy laws.

2. Information We Collect

2.1 Information You Provide

• Account information (name, email, password)
• Profile information
• Communication data (when you contact support)
• Payment information (processed by our payment providers, including Stripe and Intuit)

2.2 Information Collected Automatically

• Device information (IP address, browser type, operating system)
• Usage data (features used, interactions)
• Cookies and similar technologies
• Log data

We do not knowingly collect any sensitive or special category personal information (e.g., health or biometric data) unless you choose to provide it to us voluntarily. If you do provide such information, you agree that it may be processed as described in this Privacy Policy.

If you choose to make a purchase or subscription, your payment details (e.g., credit card number, billing address) are collected directly by our third-party payment processors, such as Stripe or Intuit. We do not store or collect your full payment card details. For more information, please review theStripe Privacy PolicyandIntuit Privacy Policy.

3. Legal Basis for Processing (GDPR)

We process personal information under the following legal bases:

• Contractual Necessity: To provide our services and fulfill our contractual obligations.
• Legitimate Interests: To improve our services, prevent fraud, and ensure security.
• Consent: For specific purposes where we request your consent.
• Legal Obligations: To comply with applicable laws and regulations.

4. How We Use Your Information

• Provide and improve our Services
• Communicate with you about our Services
• Ensure security and prevent fraud
• Comply with legal obligations
• Process payments and transactions
• Analyze and improve user experience

We do not "sell" personal data within the meaning of the CCPA/CPRA, nor do we share it with third parties for their own direct marketing purposes.

5. Information Sharing and Disclosure

We share your information with:

• Service Providers: Who assist in operating our services and act as our processors or sub-processors under written agreements that require them to protect your data.
• Legal Requirements: When required by law or to protect rights.
• Business Transfers: In connection with a merger, acquisition, or sale of assets.

We maintain a list of sub-processors that help us deliver our Services. These sub-processors are vetted for security and are bound by data processing agreements. For more information, contact us at contact@greyhaven.ai.

6. Your Privacy Rights

Depending on your location, you may have the following rights:

• Access your personal information
• Correct inaccurate data
• Request deletion of your data
• Object to or restrict processing
• Data portability
• Withdraw consent
• Lodge a complaint with a supervisory authority

California residents have additional rights under the CCPA, including the right to opt-out of the sale of personal information and non-discrimination for exercising their rights.

7. International Data Transfers

We may transfer your information to countries other than your country of residence. When we do, we implement appropriate safeguards (such as Standard Contractual Clauses, UK International Data Transfer Addendum, and similar measures) to ensure adequate levels of protection in accordance with applicable laws. For more information about our cross-border data transfer mechanisms contact us directly.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or electronic storage is 100% secure.

9. Data Retention

We retain personal information for as long as necessary to provide our Services and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

10. Children's Privacy

Our Services are not intended for or directed towards children under the age of 13 (and, in some jurisdictions, under the age of 16). We do not knowingly collect personal information from children under 13. If you believe that a child under 13 has submitted personal information through our Services, please contact us immediately at contact@greyhaven.ai, and we will take steps to remove such information promptly.

We also do not market or target our content to children under 13, in accordance with theChildren's Online Privacy Protection Act (COPPA). For more information on the requirements under COPPA, visit theDigital Media Law Project's guide.

Additional Cookie Information

We use cookies and similar tracking technologies to collect usage data and improve your experience on our website. For more information about the types of cookies we use, why we use them, and how you can manage or withdraw your consent, please see our Cookie Policy. In accordance with GDPR, we only place non-essential cookies based on your consent.

"Do Not Sell or Share" Requests

Although we do not "sell" personal information as defined by the CCPA/CPRA, California residents have the right to opt out of any future sale or sharing of their personal information. You may visit our Do Not Sell or Share My Personal Information page to learn more about how to exercise this right and to submit a request. We will not discriminate against you for exercising any of your privacy rights.

13. Data Protection Addendum

If you are a customer who has entered into a separate agreement with Grey Haven that includes a Data Protection Addendum (DPA), that DPA applies to your use of our Services. In the event of any conflict or inconsistency between this Privacy Policy and the DPA, the DPA shall control to the extent of such conflict.

14. Governing Law and Enforcement

Grey Haven is based in, and our Services are provided from, the United States. We may be subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC) or other U.S. agencies. By accessing or using our Services, you consent to the transfer, storage, and processing of your data outside of your country of residence, including in the United States, where data laws may differ.

If you are a user accessing the Services from a jurisdiction with laws or regulations governing personal data collection, use, and disclosure that differ from those of the United States, please note that all aspects of the Services are governed by U.S. laws.

15. Sale or Transfer of Business

We reserve the right to transfer information to a third party in the event of a sale, merger, or other transfer of all or substantially all of the assets of Grey Haven, or in the unlikely event of bankruptcy or receivership. That third party will be bound to honor the terms of this Privacy Policy.

16. Do Not Track Signals

Some browsers incorporate a "Do Not Track" (DNT) feature that, when turned on, signals to websites and online services that you do not wish to be tracked. Our Services do not currently respond to DNT signals. You can learn more about Do Not Track at allaboutdnt.com.

17. User-Generated Content and Sensitive Data

Please note that any content you submit or make available to others via our Services, such as project notes, uploads, or messages, may contain personal information or sensitive data about you or others. By submitting such content, you represent that you have the authority to process and share that data. If you do not wish for us to process sensitive personal information, please refrain from uploading it and contact us if you have any concerns.

If you provide or submit sensitive personal information to us, you consent to our processing and use of that data in accordance with this Privacy Policy. If you do not consent, you must not submit such sensitive personal information.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

19. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at: contact@greyhaven.ai

For EU/UK residents: You have the right to lodge a complaint with your local data protection authority if you have concerns about how we process your personal information.