Privacy Policy

Gr8ly ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our employee affirmations platform and SMS messaging service.

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, company name, phone number, and payment information
• Employee Data: Names and phone numbers of employees enrolled in your campaigns
• Content: Custom messages and affirmations you create
• Communications: Emails, feedback, and support requests

1.2 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent on platform
• Device Information: IP address, browser type, operating system
• SMS Delivery Data: Message delivery status, opt-out requests, delivery timestamps
• Cookies: Session data, preferences, authentication tokens

2. How We Use Your Information

We use collected information for:

• Service Delivery: Send SMS affirmations to enrolled employees
• Account Management: Create and maintain your account, process payments
• Communication: Send service updates, support responses, billing notices
• Compliance: Honor opt-out requests (STOP), maintain TCPA compliance
• Analytics: Improve our service, measure engagement, identify issues
• Security: Prevent fraud, abuse, and unauthorized access

3. Legal Basis for Processing (GDPR)

We process your data based on:

• Contractual Necessity: To provide services you've requested
• Legitimate Interest: To improve our service and prevent fraud
• Consent: For marketing communications (you can opt out anytime)
• Legal Obligation: To comply with TCPA, GDPR, and other regulations

4. SMS Messaging and TCPA Compliance

4.1 Consent for Work Phone Numbers

When you add employees using work phone numbers, you represent that:

• You have authority to enroll employees in receiving affirmations
• Messages are work-related and part of the employee relationship
• You will inform employees about the affirmations program

4.2 Consent for Personal Phone Numbers

For personal/cell phone numbers, you must:

• Obtain explicit written consent from each employee before enrollment
• Clearly disclose that message & data rates may apply
• Provide information about how to opt out (reply STOP)

4.3 Opt-Out Rights

All recipients can opt out anytime by:

• Replying STOP, UNSUBSCRIBE, CANCEL, END, or QUIT
• We immediately honor all opt-out requests and update employee status
• Re-enrollment requires fresh explicit consent

5. Data Sharing and Disclosure

We share data only with:

• Twilio: Our SMS provider for message delivery
• Stripe: Our payment processor for billing
• Vercel: Our hosting provider for infrastructure
• Google Analytics: For anonymized usage analytics (if enabled)

We never sell your data to third parties.

5.1 Required Disclosures

We may disclose information if required by:

• Legal process (subpoena, court order)
• Government requests (law enforcement, regulatory agencies)
• Protection of rights (fraud prevention, Terms of Service enforcement)

6. Data Security

We protect your data with:

• Encryption: TLS/SSL for data in transit, AES-256 for data at rest
• Access Controls: Role-based permissions, multi-factor authentication
• Monitoring: 24/7 security monitoring and intrusion detection
• Audits: Regular security assessments and penetration testing

7. Data Retention

• Active Accounts: Data retained while account is active
• Opt-Out Records: Maintained permanently for compliance (TCPA requirement)
• Billing Records: Retained for 7 years (tax/legal requirements)
• Deleted Accounts: Data deleted within 90 days, except where legally required

8. Your Privacy Rights (US Users Only)

Important: Gr8ly is a US-only service. We do not serve customers or collect data from users outside the United States.

8.1 CCPA Rights (California Users)

• Know: Request disclosure of what personal information we collect and how it's used
• Access: Request a copy of your personal data
• Delete: Request deletion of your personal information
• Correct: Request correction of inaccurate data
• Opt-Out of Sale: We don't sell data, so no opt-out needed
• Non-Discrimination: We won't discriminate for exercising your rights

8.2 General US Privacy Rights

• Access: Request a copy of your personal data
• Correction: Update inaccurate information in your account
• Deletion: Request deletion of your account and associated data
• Portability: Export your data in CSV/JSON format
• SMS Opt-Out: Text STOP to any message to unsubscribe immediately

8.3 Exercising Your Rights

To exercise any privacy right, contact us at: privacy@gr8ly.io

We will respond within 45 days as required by CCPA and applicable state privacy laws.

9. Children's Privacy

Gr8ly is not intended for users under 18. We do not knowingly collect information from minors. If we discover data from a minor, we will delete it immediately.

10. Cookies and Tracking

We use cookies for:

• Essential: Authentication, security, session management (required)
• Analytics: Usage statistics, performance monitoring (optional)
• Preferences: Saved settings, language selection (optional)

You can disable non-essential cookies in your browser settings.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will:

• Notify you via email of material changes
• Update the "Last Updated" date at the top
• Provide 30 days' notice before material changes take effect

12. Contact Us

By using Gr8ly, you acknowledge that you have read and understood this Privacy Policy.