Privacy Policy

gr0.ai ("Company", "we", "us", or "our") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website gr0.ai (the "Site") and use our services.

By accessing or using our Site, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of our services.

We collect information you provide directly to us, including:

• Name, email address, phone number, and job title when you contact us or book a call
• Company name, size, and industry for service matching purposes
• Payment information processed securely by our payment processor (Stripe)
• Communications you send us via email or contact forms

We also collect information automatically when you use our Site:

• Log data including IP address, browser type, pages visited, and time spent
• Device information such as hardware model and operating system
• Cookies and similar tracking technologies (see our Cookie Policy)
• Usage data about how you interact with our features

If you are located in the European Economic Area (EEA) or United Kingdom, we process your data under the following legal bases:

• Contract performance ; to provide the services you have requested
• Legitimate interests ; for analytics, fraud prevention, and service improvement
• Consent ; for marketing communications (you may withdraw at any time)
• Legal obligation ; where required by applicable law

We use the information we collect to:

• Provide, operate, and improve our AI marketing services
• Process transactions and send related information including purchase confirmations and invoices
• Send administrative information such as policy changes and service updates
• Respond to your comments, questions, and requests
• Send marketing and promotional communications (with your consent)
• Monitor and analyze trends, usage, and activities in connection with our services
• Detect, investigate, and prevent fraudulent transactions and other illegal activities
• Comply with legal obligations and resolve disputes

We do not sell your personal information. We may share your information with:

• Service providers ; third parties that perform services on our behalf (hosting, analytics, payment processing, email delivery)
• Expert network members ; solely to facilitate matching with your project requirements, with your consent
• Business transfers ; in connection with any merger, sale of assets, or acquisition
• Legal requirements ; when required by law or to protect the rights, property, or safety of our company, customers, or others

We retain personal information for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Account data is retained for the duration of your relationship with us plus up to 7 years for legal and tax purposes. You may request deletion at any time subject to legal retention requirements.

We are headquartered in the United States. If you are located outside the US, your information may be transferred to and processed in the US. Where we transfer data from the EEA/UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure an adequate level of data protection.

Depending on your location, you may have the following rights regarding your personal data:

• Access ; request a copy of the personal data we hold about you
• Rectification ; request correction of inaccurate or incomplete data
• Erasure ; request deletion of your personal data ("right to be forgotten")
• Restriction ; request we restrict processing of your data
• Portability ; receive your data in a structured, machine-readable format
• Objection ; object to processing based on legitimate interests or direct marketing
• Withdraw consent ; where processing is based on consent, withdraw it at any time

California residents may also exercise rights under the California Consumer Privacy Act (CCPA/CPRA). To exercise any right, contact us at [email protected]. We will respond within 30 days.

We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, access controls, and regular security audits. However, no method of transmission over the Internet is 100% secure. We encourage you to use strong passwords and notify us immediately of any suspected unauthorized access.

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete such information.

In addition to GDPR + CCPA, we honour the following 2026-current rights and signals:

• Global Privacy Control (GPC) - when your browser sends the Sec-GPC: 1 header, we treat it as a valid opt-out of "sale" or "share" under CPRA and equivalent state laws (Colorado, Connecticut, Virginia, Texas, Oregon).
• CPRA - sensitive personal information - biometric identifiers, precise geolocation, and inferences about protected characteristics are treated as sensitive PI with limited-use defaults. We process these only for the disclosed business purpose.
• AI training opt-out (CCPA delete amendments, 2026) - California residents can request that their personal data not be used to train AI models. We honour these requests within 30 days via [email protected].
• EU Data Act (effective 2025) - for EU users with connected products in our ecosystem, the right to access machine-generated data and port it to a service of your choice.
• State-level expansions - Maryland Online Data Privacy Act (effective Oct 2025), Minnesota Consumer Data Privacy Act (effective Jul 2025), New Jersey Data Privacy Act (effective Jan 2025) and others. Where state law is stricter than the baselines above, we apply state law to residents of that state.

For data subject requests under any of the above: [email protected]. We respond within 30 days (45 in complex cases, with notice).

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page with an updated "Last updated" date. We encourage you to review this policy periodically. Continued use of our services after changes constitutes acceptance of the updated policy.