Privacy Policy

Last updated: January 2025

1. Introduction

Gritt ("Company", "we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our managed DevSecOps services and visit our website at gritt.cloud.

Please read this Privacy Policy carefully. By using our Services, you consent to the practices described in this policy.

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide, including:

  • Account Information: Name, email address, company name, job title, phone number
  • Billing Information: Payment details, billing address (processed by secure payment providers)
  • Communications: Messages, support requests, feedback you send us
  • Service Data: Code, configurations, and data you process through our Services

2.2 Information Collected Automatically

When you use our Services, we automatically collect:

  • Usage Data: Features used, actions taken, timestamps
  • Device Information: IP address, browser type, operating system
  • Log Data: Access logs, error logs, performance metrics
  • Cookies: Session cookies, preference cookies, analytics cookies

2.3 Information from Third Parties

We may receive information from:

  • Integration partners (GitHub, GitLab, cloud providers) when you connect accounts
  • Business partners for referrals
  • Public sources for business contact information

3. How We Use Your Information

We use your information for the following purposes:

  • Service Delivery: Provide, maintain, and improve our DevSecOps services
  • Account Management: Create and manage your account, process payments
  • Communication: Send service updates, security alerts, and support responses
  • Security: Detect, prevent, and respond to security incidents
  • Analytics: Understand usage patterns to improve our Services
  • Compliance: Meet legal obligations and enforce our terms
  • Marketing: Send promotional communications (with your consent)

4. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

4.1 Service Providers

Trusted third parties who assist in operating our Services:

  • Cloud infrastructure providers (AWS, GCP)
  • Payment processors
  • Analytics services
  • Customer support tools

4.2 Business Transfers

In connection with a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.

4.3 Legal Requirements

We may disclose information when required by law, legal process, or to protect our rights and safety.

4.4 With Your Consent

We may share information with third parties when you explicitly authorize us to do so.

5. Data Security

We implement robust security measures to protect your data:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Access controls and authentication requirements
  • Regular security audits and penetration testing
  • Employee security training and background checks
  • Incident response procedures

For more details, please see our Security page.

6. Data Retention

We retain your information for as long as necessary to:

  • Provide our Services to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements

Account data is retained for the duration of your subscription plus 90 days. Service logs are retained for 12 months. You may request earlier deletion subject to legal requirements.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

7.1 Access and Portability

Request a copy of your personal data in a structured, machine-readable format.

7.2 Correction

Request correction of inaccurate or incomplete personal data.

7.3 Deletion

Request deletion of your personal data, subject to legal retention requirements.

7.4 Restriction

Request restriction of processing in certain circumstances.

7.5 Objection

Object to processing based on legitimate interests or for direct marketing.

7.6 Withdraw Consent

Withdraw consent for processing based on consent at any time.

To exercise these rights, contact us at privacy@gritt.cloud.

8. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Required for basic site functionality
  • Analytics Cookies: Help us understand site usage
  • Preference Cookies: Remember your settings

You can manage cookie preferences through your browser settings. Note that disabling cookies may affect functionality.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards through:

  • Standard Contractual Clauses (SCCs)
  • Data Processing Agreements with service providers
  • Compliance with applicable data transfer regulations

10. California Privacy Rights (CCPA)

California residents have additional rights:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of the sale of personal information (we do not sell data)
  • Right to non-discrimination for exercising privacy rights

11. European Privacy Rights (GDPR)

For EU/EEA residents:

  • Legal basis for processing: contract performance, legitimate interests, consent
  • Right to lodge a complaint with a supervisory authority
  • Data Protection Officer contact: dpo@gritt.cloud

12. Children's Privacy

Our Services are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

13. Third-Party Links

Our Services may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

14. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Updating the "Last updated" date
  • Sending email notification for significant changes

15. Contact Us

For privacy-related questions or to exercise your rights:

Gritt Privacy Team
Email: privacy@gritt.cloud
San Francisco, CA

Data Protection Officer: dpo@gritt.cloud