Privacy Policy — How Greuy Protects Your Personal Data

Greuy collects personal information through various channels to provide and improve our services. The types of data we collect include: (1) Information you provide directly, such as your name, email address, phone number, company name, and project details when you fill out our contact form, subscribe to our newsletter, or engage with us through any communication channel. (2) Information collected automatically when you visit our website, including your IP address, browser type and version, operating system, referring URL, pages visited, time spent on each page, click patterns, and other usage statistics. (3) Information from cookies and similar tracking technologies, which help us understand how visitors interact with our website and allow us to personalize your experience. (4) Information from third-party sources, such as social media platforms or business directories, when you interact with our content or profiles on those platforms. We only collect information that is necessary for the purposes described in this policy, and we strive to minimize the amount of personal data we process. You are never required to provide personal information to browse our website, though certain features and services may require specific data to function properly.

We use the personal information we collect for the following purposes: (1) To provide, maintain, and improve our services, including responding to your inquiries, managing project engagements, and delivering the digital solutions you've requested. (2) To communicate with you about our services, including sending project updates, invoices, and important notices about changes to our terms or policies. (3) To send marketing communications, such as our newsletter, blog updates, and promotional offers, but only when you have explicitly opted in to receive such communications. You can unsubscribe at any time by clicking the unsubscribe link in any marketing email or by contacting us directly. (4) To analyze website usage patterns and improve the user experience, performance, and content of our website. (5) To detect, prevent, and address technical issues, security threats, and fraudulent activity. (6) To comply with legal obligations, enforce our terms of service, and protect our rights, property, and safety, as well as those of our users and the public. We do not sell, rent, or trade your personal information to third parties for their marketing purposes under any circumstances.

Your personal data is stored on secure servers located in the United States, managed by reputable cloud infrastructure providers that maintain industry-leading security certifications, including SOC 2 Type II and ISO 27001. We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. Specifically: contact form submissions and project-related data are retained for the duration of our business relationship and for up to five years afterward for legal and accounting purposes; newsletter subscriber data is retained until you unsubscribe; website analytics data is retained in anonymized form for up to 26 months. When personal data is no longer needed, we securely delete or anonymize it using industry-standard methods. We regularly review our data retention practices to ensure compliance with applicable laws and to minimize the storage of unnecessary personal information.

Depending on your location and applicable laws, you may have the following rights regarding your personal data: (1) Right of Access — You have the right to request a copy of the personal information we hold about you, along with information about how we use it. (2) Right to Rectification — You have the right to request that we correct any inaccurate or incomplete personal information. (3) Right to Erasure — You have the right to request that we delete your personal information, subject to certain legal exceptions. (4) Right to Restrict Processing — You have the right to request that we limit how we use your personal information in certain circumstances. (5) Right to Data Portability — You have the right to receive your personal information in a structured, commonly used, machine-readable format and to transfer it to another service provider. (6) Right to Object — You have the right to object to our processing of your personal information for direct marketing purposes or when processing is based on legitimate interests. (7) Right to Withdraw Consent — Where we rely on your consent to process personal data, you have the right to withdraw that consent at any time. To exercise any of these rights, please contact us at info@greuycom.com. We will respond to your request within 30 days.

Greuy uses a limited number of trusted third-party services to operate our website and deliver our services effectively. These third-party providers may have access to your personal information only to the extent necessary to perform their functions, and they are contractually obligated to protect your data and use it only as directed by us. The third-party services we currently use include: (1) Google Analytics — for website traffic analysis and user behavior insights. Google's privacy policy governs their use of this data. (2) Mailchimp — for managing our email newsletter subscriptions and sending marketing communications. (3) Cloudflare — for website security, performance optimization, and content delivery. (4) Stripe — for processing payments securely when applicable. (5) HubSpot — for customer relationship management and communication tracking. We carefully vet all third-party providers before engaging them and regularly review their privacy practices and security measures. We do not share your personal information with any third party for purposes unrelated to our services without your explicit consent.

We implement comprehensive technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security measures include: (1) Encryption — All data transmitted between your browser and our servers is encrypted using TLS 1.3 (Transport Layer Security). Sensitive data at rest is encrypted using AES-256 encryption. (2) Access Controls — Access to personal data is strictly limited to authorized personnel who need it to perform their job functions. We enforce the principle of least privilege and use multi-factor authentication for all administrative access. (3) Regular Security Audits — We conduct regular security assessments, vulnerability scans, and penetration testing to identify and address potential weaknesses in our systems. (4) Employee Training — All team members receive regular training on data protection best practices, security awareness, and incident response procedures. (5) Incident Response — We maintain a comprehensive incident response plan that enables us to quickly detect, contain, and remediate any security incidents. In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by applicable law.

Greuy's website and services are not directed at children under the age of 16, and we do not knowingly collect personal information from children. We take children's privacy extremely seriously and have implemented measures to prevent the inadvertent collection of data from minors. If we become aware that we have collected personal information from a child under 16 without verified parental consent, we will take immediate steps to delete that information from our servers. If you are a parent or guardian and believe that your child has provided personal information to us without your consent, please contact us immediately at info@greuycom.com, and we will promptly investigate and take appropriate action. We encourage parents and guardians to monitor their children's online activities and to help enforce this policy by instructing their children never to provide personal information through our website without permission.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes to this policy, we will notify you by: (1) posting the updated policy on this page with a revised 'Last Updated' date; (2) sending an email notification to registered users and newsletter subscribers; and (3) displaying a prominent notice on our website for a reasonable period following the change. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal information. Your continued use of our website or services after any changes to this policy constitutes your acceptance of the updated terms. If you disagree with any changes, you should discontinue use of our website and services and contact us to request deletion of your personal data. The previous version of this policy will remain accessible upon request. For any questions about this policy or our privacy practices, please contact us at info@greuycom.com.