GramarText

Privacy Policy

Your privacy is our priority. Learn how we protect and handle your information.

Last updated: March 15, 2024
Data security and privacy protection

1. Introduction and Scope

GramarText, Inc. ("we," "us," "our," or "Company") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered writing assistance platform, website, mobile applications, and related services (collectively, the "Services").

This Privacy Policy applies to all users of our Services, including visitors to our website, registered users, subscribers, and enterprise customers. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and our Terms of Service.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes through our Services or by other means as required by law.

2. Information We Collect

Data collection and information management

We collect various types of information to provide and improve our Services, personalize your experience, and comply with legal obligations. The information we collect includes:

Personal Information

  • Account Information: Name, email address, username, password, and profile information when you create an account
  • Contact Information: Phone number, mailing address, and other contact details you provide
  • Payment Information: Credit card details, billing address, and payment history for subscription services
  • Professional Information: Job title, company name, industry, and professional interests for business accounts
  • Communication Data: Information from your communications with our support team, feedback, and survey responses

Usage and Technical Information

  • Content Data: Text content you submit for analysis, improvement, and processing through our AI systems
  • Writing Analytics: Writing patterns, style preferences, frequently used words, and document types
  • Feature Usage: Information about which features you use, frequency of use, and user interactions
  • Device Information: Device type, operating system, browser type and version, screen resolution, and device identifiers
  • Log Data: IP address, access times, pages viewed, referring URLs, and clickstream data
  • Location Data: General geographic location based on IP address for security and localization purposes

Cookies and Tracking Technologies

  • Essential Cookies: Required for basic functionality, authentication, and security
  • Analytics Cookies: Used to understand user behavior and improve our Services
  • Preference Cookies: Store your settings and preferences for a personalized experience
  • Marketing Cookies: Used for targeted advertising and measuring campaign effectiveness

3. How We Use Your Information

We use the collected information for legitimate business purposes to provide, maintain, and improve our Services. Our primary uses include:

Service Provision and Enhancement

  • Providing AI-powered writing assistance, grammar correction, and style suggestions
  • Processing and analyzing your content to generate personalized recommendations
  • Maintaining and improving the accuracy of our AI models and algorithms
  • Developing new features and functionality based on user needs and feedback
  • Ensuring the security, reliability, and performance of our Services

Personalization and User Experience

  • Customizing the interface and features based on your preferences and usage patterns
  • Providing personalized writing suggestions and style recommendations
  • Remembering your settings and preferences across sessions and devices
  • Delivering relevant content, tips, and educational materials

Communication and Support

  • Responding to your inquiries, support requests, and feedback
  • Sending service-related notifications, updates, and important announcements
  • Providing technical support and troubleshooting assistance
  • Conducting user research and gathering feedback to improve our Services

Business Operations and Legal Compliance

  • Processing payments and managing subscription billing
  • Preventing fraud, abuse, and unauthorized access to our Services
  • Complying with legal obligations, court orders, and regulatory requirements
  • Protecting our rights, property, and the safety of our users and the public
  • Conducting internal analytics and business intelligence activities

4. Information Sharing and Disclosure

We respect your privacy and do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information only in the following limited circumstances:

Service Providers and Business Partners

  • Cloud Infrastructure: Trusted cloud service providers for hosting, storage, and computing resources
  • Payment Processors: Secure payment processing companies for subscription billing and transactions
  • Analytics Providers: Third-party analytics services to understand user behavior and improve our Services
  • Customer Support: Support platform providers to deliver customer service and technical assistance
  • Security Services: Cybersecurity firms for threat detection, prevention, and incident response

Legal and Regulatory Requirements

  • When required by law, regulation, legal process, or government request
  • To comply with court orders, subpoenas, or other legal obligations
  • To respond to claims of intellectual property infringement or other legal violations
  • To cooperate with law enforcement agencies in criminal investigations

Business Transfers and Corporate Transactions

  • In connection with mergers, acquisitions, or sale of all or part of our business
  • During due diligence processes for potential business transactions
  • As part of bankruptcy proceedings or other corporate restructuring

Consent and User Direction

  • When you explicitly consent to sharing your information with third parties
  • When you direct us to share information through integrations or third-party services
  • For joint marketing initiatives with your express permission

Safety and Security

  • To protect the rights, property, or safety of GramarText, our users, or the public
  • To prevent fraud, abuse, or violations of our Terms of Service
  • To investigate and respond to security incidents or threats

5. Data Security and Protection

Advanced cybersecurity and data protection measures

We implement comprehensive security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security practices include:

Technical Safeguards

  • Encryption: End-to-end encryption for data transmission and AES-256 encryption for data at rest
  • Access Controls: Multi-factor authentication, role-based access controls, and principle of least privilege
  • Network Security: Firewalls, intrusion detection systems, and secure network architectures
  • Data Backup: Regular automated backups with secure storage and disaster recovery procedures
  • Vulnerability Management: Regular security assessments, penetration testing, and patch management

Organizational Safeguards

  • Employee Training: Comprehensive privacy and security training for all personnel
  • Background Checks: Thorough screening of employees with access to personal information
  • Confidentiality Agreements: Binding confidentiality and non-disclosure agreements
  • Incident Response: Established procedures for detecting, responding to, and reporting security incidents
  • Third-Party Oversight: Due diligence and ongoing monitoring of service providers and vendors

Compliance and Certifications

  • SOC 2 Type II compliance for security, availability, and confidentiality
  • ISO 27001 certification for information security management
  • GDPR compliance for European Union data protection requirements
  • CCPA compliance for California consumer privacy rights
  • Regular third-party security audits and assessments

6. Your Privacy Rights and Choices

We respect your privacy rights and provide you with various options to control your personal information. Depending on your location and applicable laws, you may have the following rights:

Access and Transparency Rights

  • Right to Access: Request a copy of the personal information we hold about you
  • Right to Information: Obtain details about how we collect, use, and share your information
  • Data Portability: Receive your personal information in a structured, machine-readable format
  • Processing Activities: Learn about the purposes and legal basis for processing your information

Control and Correction Rights

  • Right to Rectification: Request correction of inaccurate or incomplete personal information
  • Right to Update: Modify your account information and preferences at any time
  • Right to Restrict: Limit how we process your personal information in certain circumstances
  • Right to Object: Object to certain types of processing, including direct marketing

Deletion and Withdrawal Rights

  • Right to Erasure: Request deletion of your personal information under certain conditions
  • Right to Withdraw Consent: Withdraw your consent for processing where consent is the legal basis
  • Account Deletion: Delete your account and associated personal information
  • Marketing Opt-out: Unsubscribe from marketing communications at any time

How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided in the "Contact Information" section below. We will respond to your request within the timeframes required by applicable law, typically within 30 days. We may need to verify your identity before processing certain requests to protect your privacy and security.

7. Data Retention and Deletion

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements. Our retention practices include:

Account and Profile Information

  • Retained for the duration of your account plus 3 years after account closure
  • May be retained longer if required for legal compliance or dispute resolution
  • Anonymized data may be retained indefinitely for research and analytics purposes

Content and Usage Data

  • Writing Content: Processed in real-time and not permanently stored unless you save it
  • Usage Analytics: Aggregated and anonymized data retained for up to 5 years
  • Error Logs: Technical logs retained for up to 2 years for debugging and improvement
  • Security Logs: Access logs and security events retained for up to 7 years

Communication and Support Data

  • Support Tickets: Retained for 3 years after case closure for quality assurance
  • Email Communications: Marketing emails and transactional messages retained for 2 years
  • Survey Responses: Feedback and survey data retained for 5 years in anonymized form

Financial and Legal Data

  • Payment Records: Billing and payment information retained for 7 years for tax and audit purposes
  • Legal Documents: Contracts and legal agreements retained for the duration specified by law
  • Compliance Records: Data required for regulatory compliance retained as mandated by applicable laws

8. International Data Transfers

GramarText operates globally, and your personal information may be transferred to, stored, and processed in countries other than your country of residence. We ensure that all international transfers of personal information are conducted in compliance with applicable data protection laws and with appropriate safeguards in place.

Transfer Mechanisms and Safeguards

  • Adequacy Decisions: Transfers to countries recognized by regulatory authorities as providing adequate protection
  • Standard Contractual Clauses: EU-approved contractual terms for transfers to countries without adequacy decisions
  • Binding Corporate Rules: Internal policies ensuring consistent data protection across our global operations
  • Certification Programs: Participation in recognized privacy frameworks and certification schemes
  • Consent: Explicit consent for transfers where other mechanisms are not available

Data Processing Locations

  • Primary data centers located in the United States with SOC 2 Type II certification
  • Backup and disaster recovery facilities in Canada and European Union
  • Customer support operations in United States, Canada, and United Kingdom
  • Development and testing environments in United States with restricted access

Cross-Border Data Protection

  • Consistent application of privacy principles regardless of processing location
  • Regular audits and assessments of international data processing activities
  • Ongoing monitoring of legal and regulatory developments in all processing jurisdictions
  • Immediate notification and response procedures for cross-border data incidents

9. Children's Privacy Protection

GramarText is committed to protecting the privacy of children and complying with applicable children's privacy laws, including the Children's Online Privacy Protection Act (COPPA) in the United States and similar regulations worldwide.

Age Restrictions and Verification

  • Our Services are not intended for children under 13 years of age
  • We do not knowingly collect personal information from children under 13
  • Users between 13 and 18 must have parental or guardian consent to use our Services
  • We implement age verification mechanisms during account registration

Parental Rights and Controls

  • Parents and guardians can review their child's personal information
  • Parents can request deletion of their child's account and associated data
  • Parents can refuse to allow further collection or use of their child's information
  • We provide clear information about our data practices to parents and guardians

Discovery and Response Procedures

  • If we discover that we have collected information from a child under 13, we will delete it promptly
  • We encourage parents to monitor their children's online activities and report any concerns
  • We provide easy-to-use mechanisms for reporting potential violations of children's privacy
  • We maintain detailed records of our children's privacy protection measures

10. Third-Party Services and Integrations

Our Services may integrate with or contain links to third-party websites, applications, and services that are not owned or controlled by GramarText. This Privacy Policy does not apply to these third-party services, and we are not responsible for their privacy practices.

Types of Third-Party Integrations

  • Document Platforms: Integration with Google Docs, Microsoft Word, and other writing platforms
  • Cloud Storage: Connections to Dropbox, Google Drive, and other file storage services
  • Social Media: Optional sharing features for social media platforms
  • Analytics Tools: Third-party analytics and performance monitoring services
  • Payment Processors: Secure payment processing through trusted financial service providers

Data Sharing with Third Parties

  • We only share necessary information required for the specific integration or service
  • All third-party integrations require your explicit consent and authorization
  • You can revoke access to third-party services at any time through your account settings
  • We regularly review and audit our third-party partnerships for privacy compliance

Your Responsibilities

  • Review the privacy policies of any third-party services you choose to use
  • Understand how third-party services collect, use, and share your information
  • Configure privacy settings on third-party platforms according to your preferences
  • Report any privacy concerns related to third-party integrations to our support team

11. Privacy by Design and Data Minimization

We incorporate privacy considerations into every aspect of our Services through privacy by design principles and data minimization practices. Our approach includes:

Privacy by Design Principles

  • Proactive Protection: Anticipating and preventing privacy invasions before they occur
  • Privacy as Default: Maximum privacy protection without requiring action from the user
  • Full Functionality: Accommodating all legitimate interests without unnecessary trade-offs
  • End-to-End Security: Comprehensive security measures throughout the data lifecycle
  • Visibility and Transparency: Clear information about data practices and processing activities

Data Minimization Practices

  • Collecting only the minimum amount of personal information necessary for our Services
  • Limiting data processing to purposes that are relevant and necessary
  • Regularly reviewing and purging unnecessary or outdated personal information
  • Implementing automated data retention and deletion policies
  • Using anonymization and pseudonymization techniques where possible

Technical Privacy Enhancements

  • Differential Privacy: Adding statistical noise to protect individual privacy in analytics
  • Federated Learning: Training AI models without centralizing personal data
  • Homomorphic Encryption: Processing encrypted data without decryption
  • Zero-Knowledge Proofs: Verifying information without revealing the underlying data

12. Updates and Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We are committed to providing you with clear notice of any material changes and obtaining your consent where required by law.

Types of Changes

  • Material Changes: Significant modifications to data collection, use, or sharing practices
  • Legal Updates: Changes required by new laws, regulations, or court decisions
  • Service Changes: Updates related to new features, functionality, or business operations
  • Technical Updates: Modifications to security measures, data processing methods, or infrastructure

Notification Methods

  • Prominent notice on our website and within our Services
  • Email notification to registered users at least 30 days before material changes take effect
  • In-app notifications and alerts for significant policy updates
  • Social media announcements for major privacy policy revisions

Your Options

  • Review the updated Privacy Policy and contact us with any questions or concerns
  • Continue using our Services, which constitutes acceptance of the updated policy
  • Discontinue use of our Services if you do not agree with the changes
  • Exercise your privacy rights, including data deletion, if you object to the updates

13. Contact Information and Privacy Officer

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the information below. We are committed to addressing your privacy concerns promptly and thoroughly.

Privacy Officer: Chief Privacy Officer

Email: privacy@gramartext.com

Phone: +1 (407) 559-3284

Mail:
GramarText Privacy Team
1233 Woodcrest Dr
Winter Park, FL 32792
United States

Response Timeframes

  • General Inquiries: We will respond to privacy questions within 5 business days
  • Rights Requests: We will acknowledge rights requests within 72 hours and respond within 30 days
  • Data Breaches: We will notify affected users within 72 hours of discovery
  • Complaints: We will investigate and respond to privacy complaints within 30 days

Regulatory Contacts

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the appropriate data protection authority in your jurisdiction. For users in the European Union, you can contact your local data protection authority. For users in California, you can contact the California Attorney General's Office.