Privacy Policy

Last Updated: February 27, 2026

GRINDKIT LLC ("we," "us," or "our") operates the GrindKit mobile application (the "App"). This Privacy Policy explains what information we collect, how we use it, and your choices regarding your data.

1. Information We Collect

1.1 Information You Provide

Account information: Email address, name, and authentication credentials (via email/password, Apple Sign-In, or magic link)
Business profile: Business name, business type, setup type, experience level, city, state, zip code, contact email, contact phone, website URL, interests
Pipeline data: Event names, locations, dates, times, contact information for event organizers, pricing inputs, generated quotes, notes, revenue and cost figures, scheduled dates
AI chat messages: Conversations with Kit (stored locally on your device only — not on our servers)
Business logs: Daily revenue and cost entries (stored locally on your device only — not on our servers)

1.2 Information Collected Automatically

Device information: Device type, operating system version, app version
Analytics data: Screen views, feature usage patterns, and interaction events (collected via PostHog)
Push notification tokens: Device tokens for delivering push notifications (stored on our servers, used solely for notification delivery)

1.3 Information from Third-Party Integrations

Square POS: If you connect your Square account, we access read-only sales and payment summary data (transaction amounts, dates, payment methods). We do not access customer names, payment card numbers, or other customer personal information from Square.
Apple Sign-In: If you sign in with Apple, we receive your name and email (or Apple's private relay email if you choose to hide your email).

1.4 Location Data

Live Location Broadcasting: When you activate live broadcasting, your device's GPS coordinates are transmitted to our servers and made publicly available via your embed widget. Location data is only collected while broadcasting is active and is deleted when the broadcast expires or is stopped.
We do not collect background location data. Location is only accessed when you explicitly start a broadcast.

2. How We Use Your Information

We use your information to:

Provide and maintain the App's features and functionality
Process your pipeline events, pricing, and quote generation
Power AI features (Kit AI chat, pricing suggestions, event discovery scoring) — your business profile context is sent to Anthropic's Claude AI to personalize responses
Display your live location on your public embed widget when broadcasting
Deliver push notifications for inbound leads and app updates
Analyze usage patterns to improve the App (via PostHog analytics)
Communicate with you about your account, service updates, or support requests
Enforce our Terms & Conditions

3. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

3.1 Service Providers

Service	Purpose	Data Shared
Supabase	Database, authentication, server functions	Account info, business profile, pipeline data
Anthropic (Claude AI)	AI chat, pricing, discovery scoring	Business profile context, chat messages, event details
RevenueCat	Subscription management	User ID, subscription status
PostHog	Analytics	Anonymized usage events, device info
Square	POS data sync (when connected)	OAuth tokens; sales data read from Square
Expo	Push notifications	Device push tokens
SerpApi / Brave Search	Event discovery indexing	Geographic search queries (no personal data)

3.2 Public Information

When you broadcast your live location, the following information is publicly accessible via your embed widget URL: your GPS coordinates, business name, event name, event location, broadcast expiry time, and optionally your upcoming event schedule (event name, date, time, city only).

3.3 Inbound Leads

When someone submits your lead capture form, their contact information is stored in your account. This data is only accessible to you and is not shared with other users.

3.4 Legal Requirements

We may disclose information if required by law, legal process, or government request, or to protect the rights, safety, or property of ourselves, our users, or others.

4. Data Storage and Security

4.1 Server-Side Storage

Account data, business profiles, pipeline events, and integration tokens are stored on Supabase's infrastructure with encryption in transit (TLS) and at rest. Supabase servers are located in the United States.

4.2 Local Storage

AI chat conversation history and business log entries are stored locally on your device using encrypted AsyncStorage (AES-256 encryption, key stored in device secure storage). This data is not synced to our servers and will be lost if you uninstall the App or clear its data.

4.3 Security Measures

We implement reasonable security measures including encrypted data transmission, encrypted local storage, OAuth 2.0 for third-party integrations, and row-level security policies on our database. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

5. Your Rights and Choices

5.1 Access and Update

You can view and update your business profile information through the Account tab in the App.

5.2 Delete Your Account

You can delete your account through the App's Account settings. Account deletion removes your server-side data including your profile, pipeline events, integration tokens, and inbound leads. Local-only data (chat history, business logs) is removed when you uninstall the App.

5.3 Disconnect Integrations

You can disconnect your Square POS integration at any time through the App's Account settings.

5.4 Push Notifications

You can disable push notifications through your device's system settings.

5.5 Analytics

PostHog analytics collects anonymized usage data. You may contact us to request exclusion from analytics tracking.

5.6 Live Location

You control when location broadcasting is active. You can stop broadcasting at any time, and broadcasts automatically expire after your selected duration.

6. Data Retention

Account data: Retained while your account is active. Deleted upon account deletion.
Pipeline events and leads: Retained while your account is active. Deleted upon account deletion.
Live location broadcasts: Deleted automatically upon broadcast expiration or stop.
Cached event discovery data: Refreshed periodically. Individual events expire based on event dates.
Local-only data (chat, business logs): Retained on your device until you clear app data or uninstall.
Analytics data: Retained per PostHog's standard retention policies.

7. Children's Privacy

The App is intended for business operators aged 18 or older. We do not knowingly collect personal information from anyone under 18. If we learn we have collected information from someone under 18, we will delete it promptly.

8. International Users

The App is primarily designed for users in the United States. If you use the App from outside the United States, your information will be transferred to and processed in the United States. By using the App, you consent to this transfer.

9. California Privacy Rights

If you are a California resident, you have the right to request disclosure of the categories and specific pieces of personal information we have collected about you. You also have the right to request deletion of your personal information. To exercise these rights, contact us using the information below.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the App. Your continued use of the App after changes take effect constitutes acceptance of the updated Privacy Policy.

11. Contact Us

For questions about this Privacy Policy or to exercise your data rights, contact us at:
grindkitapp@gmail.com