Privacy Policy

Gratebridge ("Gratebridge," "we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use the Gratebridge Compliance Dashboard (the "Service").

This Policy applies to website visitors, account holders, and authorized users of customer organizations. It should be read together with our Terms of Service.

For the purposes of applicable data protection law, Gratebridge is the controller of personal data processed through the Service, except where we process data on behalf of your organization as a processor—in which case your organization controls how that data is used for its business purposes.

Privacy questions and requests may be sent to compliance@gratebridge.com.

We may collect the following categories of information:

• Account and profile data: name, email address, company name, role, authentication credentials, and preferences;
• Company and compliance data: incorporation details, founder or director information, license and registration status, jurisdiction selections, documents you upload, and notes you enter in the Service;
• Usage data: pages viewed, features used, clicks, session duration, and interaction logs;
• Technical data: IP address, browser type, device identifiers, operating system, and approximate location derived from IP;
• Communications: messages you send to support, feedback, and survey responses;
• Cookie and similar technologies data as described in Section 10.

We collect information directly from you when you register, complete onboarding, update settings, upload files, or contact us.

We also collect information automatically through the Service and, where integrated, from third-party authentication or data providers you choose to connect.

Organization administrators may provide information about team members they invite to the Service.

We use personal information to:

• Provide, maintain, and secure the Service;
• Authenticate users and manage accounts;
• Personalize jurisdiction-specific compliance guidance and workflows;
• Communicate about the Service, including security alerts and product updates;
• Analyze usage to improve features and performance;
• Comply with legal obligations and respond to lawful requests;
• Protect against fraud, abuse, and security incidents;
• Enforce our Terms and applicable policies.

Where the GDPR or UK GDPR applies, we rely on one or more of the following legal bases:

• Contract: processing necessary to provide the Service you request;
• Legitimate interests: operating and improving the Service, securing our systems, and communicating with business users, balanced against your rights;
• Consent: where required for optional cookies or marketing communications—you may withdraw consent at any time;
• Legal obligation: where processing is necessary to comply with law.

We do not sell your personal information. We may share information in these circumstances:

• Service providers: hosting, analytics, email delivery, customer support, and security vendors bound by confidentiality and data processing terms;
• Professional advisers: lawyers, auditors, or insurers where necessary and subject to duty of confidentiality;
• Corporate transactions: in connection with a merger, acquisition, or asset sale, subject to appropriate safeguards;
• Legal and safety: to comply with law, court orders, or governmental requests, or to protect rights, safety, and security;
• With your direction: when you integrate third-party tools or request that we share information.

We may process and store information in countries other than where you are located. Where required, we implement appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms approved under applicable law.

Contact us if you need more information about transfer safeguards for your region.

We retain personal information for as long as your account is active or as needed to provide the Service, unless a longer period is required for legal, regulatory, or legitimate business purposes (for example, dispute resolution or audit trails).

When data is no longer needed, we delete or anonymize it in accordance with our retention schedules and technical capabilities.

We use cookies and similar technologies to keep you signed in, remember preferences, understand usage, and improve the Service.

• Strictly necessary cookies: required for authentication and core functionality;
• Functional cookies: remember settings and choices;
• Analytics cookies: help us understand how the Service is used.

You can control cookies through your browser settings. Disabling certain cookies may limit Service functionality.

We implement administrative, technical, and organizational measures designed to protect personal information, including access controls and encryption in transit where appropriate. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

If you believe your account has been compromised, contact us immediately at the address below.

Depending on your location, you may have rights to access, correct, delete, restrict, or object to certain processing of your personal information, and to data portability or withdrawal of consent.

To exercise these rights, email compliance@gratebridge.com. We may need to verify your identity before responding. You may also lodge a complaint with your local supervisory authority.

California residents may have additional rights under the CCPA/CPRA, including knowing what personal information is collected and requesting deletion, subject to statutory exceptions.

The Service is not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe we have collected such information, contact us so we can delete it.

The Service may contain links to regulator websites, partners, or other third parties. Their privacy practices are governed by their own policies, not this Policy.

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or by email where appropriate. The "Last updated" date shows when this Policy was last revised.

Privacy inquiries: compliance@gratebridge.com

General support: compliance@gratebridge.com

Gratebridge — Gratebridge Compliance Dashboard