Effective date: January 1, 2025 · Last updated: January 1, 2025
Gravun, Inc. ("Gravun," "we," "us," or "our") operates the Gravun platform — a cloud-based field service management and CRM solution accessible at gravun.com and app.gravun.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please discontinue use of the Service immediately.
This policy was last updated on January 1, 2025, and is effective as of that date.
We collect information in the following ways:
2.1 Information You Provide Directly - Account registration data: name, email address, phone number, company name, billing address - Payment information: credit card details processed and stored by Stripe (we do not store full card numbers) - Customer data you import: contact records, job histories, invoices, and other business data you upload to the Service - Communications: messages you send to our support team, demo requests, and feedback
2.2 Information Collected Automatically - Usage data: pages visited, features used, actions taken within the platform, session duration - Device and browser information: IP address, browser type, operating system, device identifiers - Log data: server logs, error reports, performance data - Cookies and similar technologies: session cookies, persistent cookies, pixel tags (see Section 7)
2.3 Information from Third Parties - Integration data: when you connect third-party services (e.g., QuickBooks, Stripe, Google Calendar), we receive data from those services as authorized by you - Marketing data: information from advertising partners to help us reach potential customers
We use the information we collect to:
- Provide and improve the Service: operate, maintain, and enhance platform features and performance - Process transactions: handle billing, payments, and subscription management - Communicate with you: send service notifications, security alerts, product updates, and marketing communications (you may opt out of marketing at any time) - Provide customer support: respond to inquiries, troubleshoot issues, and resolve disputes - Ensure security: detect, investigate, and prevent fraudulent transactions, abuse, and other illegal activities - Comply with legal obligations: respond to lawful requests from government authorities and fulfill regulatory requirements - Analytics and research: understand how users interact with the Service to improve user experience and develop new features
We do not sell your personal data to third parties. We do not use your customer data to train AI models without your explicit consent.
We may share your information with:
4.1 Service Providers We engage trusted third-party vendors to help operate the Service, including: - Cloud infrastructure: Amazon Web Services (AWS) - Payment processing: Stripe, Inc. - Email delivery: SendGrid / Postmark - Analytics: Mixpanel, Google Analytics - Customer support: Intercom
These vendors are contractually obligated to use your data only to provide services to us and in accordance with this Privacy Policy.
4.2 Business Transfers If Gravun is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website before your information is transferred.
4.3 Legal Requirements We may disclose your information if required to do so by law, court order, or government request, or to protect the rights, property, or safety of Gravun, our users, or the public.
4.4 With Your Consent We may share your information with third parties when you have given us explicit consent to do so.
We retain your personal data for as long as your account is active or as needed to provide the Service. If you cancel your account, we will retain your data for 30 days to allow for account recovery, after which it will be permanently deleted from our production systems within 90 days.
Certain data may be retained longer if required by law (e.g., financial records for tax purposes, typically 7 years) or for legitimate business purposes such as fraud prevention.
You may request deletion of your data at any time by contacting [email protected]. We will respond to deletion requests within 30 days.
We implement industry-standard security measures to protect your information:
- Encryption in transit: all data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher - Encryption at rest: all data stored in our databases is encrypted using AES-256 - Access controls: role-based access controls limit employee access to customer data on a need-to-know basis - Infrastructure security: our infrastructure is hosted on AWS with SOC 2 Type II certified data centers - Vulnerability management: regular penetration testing and security audits by third-party security firms - Incident response: a documented incident response plan with notification procedures in compliance with applicable breach notification laws
No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.
Depending on your location, you may have the following rights regarding your personal data:
- Access: request a copy of the personal data we hold about you - Correction: request correction of inaccurate or incomplete data - Deletion: request deletion of your personal data (subject to legal retention requirements) - Portability: receive your data in a structured, machine-readable format - Objection: object to processing of your data for certain purposes (e.g., direct marketing) - Restriction: request that we restrict processing of your data in certain circumstances
California Residents (CCPA): You have the right to know what personal information we collect, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information.
European Residents (GDPR): We process your data based on the following legal bases: contract performance, legitimate interests, legal obligation, and consent (where applicable). You have the right to lodge a complaint with your local data protection authority.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information. If you believe we have inadvertently collected information from a child, please contact us at [email protected].
Gravun is headquartered in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.
For transfers from the European Economic Area (EEA), United Kingdom, or Switzerland to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure an adequate level of data protection.
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated effective date, and by sending an email notification to the address associated with your account at least 30 days before the changes take effect.
Your continued use of the Service after the effective date of the revised policy constitutes your acceptance of the changes.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Gravun, Inc. Privacy Team Email: [email protected] Address: 1234 Business Ave, Suite 100, Austin, TX 78701
For EU/UK residents, our Data Protection Officer can be reached at [email protected].
We are committed to resolving privacy complaints. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.