Grainge.ai — Privacy Policy
Effective Date: April 10, 2026
This Privacy Policy describes how grAInge.ai, Inc. (“Company,” “we,” “us”) collects, uses, and protects information when you use our platform and website. This policy covers personal data about you — your name, email, and how you interact with our services.
This Privacy Policy does not govern customer-uploaded data (e.g., wheat quality datasets, test results, analytical data). Customer-uploaded data is governed by our Terms of Service, where the customer is the data controller and we are the processor. If you have questions about data uploaded by an organization, contact that organization directly.
Summary
- We collect only what we need to provide the service — account info, payment, and basic usage data.
- We do not sell your personal data.
- We use essential cookies only. No tracking, no advertising.
- You can access, correct, or delete your personal data at any time.
- Customer-uploaded data (wheat quality data, test results) is governed by the Terms of Service, not this policy.
1. Information we collect
Information you provide
- Account information. Name, email address, organization name, and role when you create an account.
- Payment information. Processed by Stripe. We do not store credit card numbers or bank account details. We receive only transaction confirmations and billing identifiers.
- Communications. Emails, support requests, and feedback you send us.
Information collected automatically
- Usage data. Features accessed, session duration, frequency of use, and actions taken on the Platform. This helps us improve the product and generate usage reports for you.
- Device and connection information. Browser type, operating system, IP address, and referring URL.
- Cookies. We use essential cookies only — those required for the Platform to function (authentication, session management). We do not use marketing, advertising, or third-party tracking cookies. No cookie consent banner is needed because we use only essential cookies.
Information we do not collect
- Customer-uploaded data. Wheat quality datasets, test results, instrument outputs, and other data you upload to the Platform are not personal data under this policy. They are governed by the Terms of Service.
- Sensitive personal data. We do not collect health information, biometric data, racial or ethnic origin, political opinions, or similar categories.
2. How we use your information
We use your personal data for:
- Providing the service. Account creation, authentication, billing, and customer support.
- Improving the Platform. Analyzing usage patterns to improve features and fix issues. We do not use customer-uploaded data for this purpose — only Platform usage data (which features you use, how often, for how long).
- Communications. Service-related emails (account updates, security notices, billing). We do not send marketing emails without your consent.
- Legal compliance. Responding to legal requests, enforcing our Terms of Service, and protecting our rights.
3. How we share your information
We do not sell your personal data. We share personal data only in these circumstances:
Sub-processors. Third-party services that help us operate the Platform:
| Sub-processor | Purpose | Data accessed |
|---|---|---|
| AWS (us-east-1) | Infrastructure and hosting | All data (as infrastructure provider) |
| Stripe | Payment processing | Billing and payment information |
| WorkOS | Authentication | Account credentials |
| AWS SES | Email delivery | Email addresses |
We will update this list if we add sub-processors and notify customers of material changes.
- Legal requirements. If required by law, regulation, legal process, or governmental request.
- Business transfer. In connection with a merger, acquisition, or sale of assets, with notice to you.
4. Data retention
- Account data. We retain your account information for as long as your account is active. If you close your account, we delete personal data within 30 days, except as required for legal or compliance purposes.
- Usage data. Retained in aggregated, non-identifiable form for product improvement. Individual usage records are deleted when your account is closed.
- Payment records. Retained as required by tax and financial regulations.
- Customer-uploaded data. Retention and deletion are governed by the Terms of Service (30-day export window, then deletion).
5. Security
We maintain commercially reasonable administrative, technical, and physical safeguards to protect your personal data. Access to personal data is restricted to personnel who need it to provide the service.
No method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but we work to protect your information.
6. Your rights
Depending on your location, you may have the following rights regarding your personal data:
- Access. Request a copy of the personal data we hold about you.
- Correction. Request that we correct inaccurate personal data.
- Deletion. Request that we delete your personal data.
- Portability. Request your personal data in a structured, machine-readable format.
- Objection. Object to our processing of your personal data.
- Restriction. Request that we restrict processing of your personal data.
To exercise any of these rights, contact us at privacy@grainge.ai. We will respond within 30 days.
7. California residents (CCPA)
If you are a California resident:
- We do not sell your personal information.
- We do not share your personal information for cross-context behavioral advertising.
- You have the right to know what personal information we collect, request deletion, and opt out of any future sale (though we do not sell).
- We will not discriminate against you for exercising your rights.
8. European residents (GDPR)
If you are in the European Economic Area, United Kingdom, or Switzerland:
- Legal bases. We process personal data under: (i) contract performance (to provide the service); (ii) legitimate interest (to improve the Platform and ensure security); and (iii) consent (for optional communications).
- International transfers. Your data is processed in the United States. We rely on AWS's Standard Contractual Clauses for international data transfers.
- Data Protection Officer. We do not currently have a DPO. For privacy inquiries, contact privacy@grainge.ai.
- DPA. A Data Processing Agreement is available on request for enterprise customers.
- Supervisory authority. You have the right to lodge a complaint with your local data protection authority.
9. Children
The Platform is not directed to individuals under 16. We do not knowingly collect personal data from children. If we learn we have collected data from a child, we will delete it promptly.
10. Do Not Track
We do not currently respond to Do Not Track browser signals. Since we use only essential cookies and do not engage in cross-site tracking, this has no practical effect.
11. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by email. Your continued use of the Platform after the update constitutes acceptance.
12. Contact
For privacy-related questions or to exercise your rights:
Email: privacy@grainge.ai
Address: grAInge.ai, Inc., 129 D Street, #6, Davis, CA 95615
This Privacy Policy applies to the Grainge.ai website and platform. For information about how we handle customer-uploaded data (datasets, test results, analytical data), see our Terms of Service.