Grej — Privacy Policy (DRAFT)
DRAFT — NOT LEGAL ADVICE. Working draft for review by qualified Finnish/EU data-protection counsel and to be reconciled with the actual data flows before publication. Bracketed items
[…]and every [TO VERIFY] flag must be resolved first. Companion:COMPLIANCE-ANALYSIS.md,END-USER-LICENSE-AGREEMENT.md.
1. Who we are (Controller)
[Grej Oy / legal name], [address], is the data controller for the personal data processed through the Grej application and platform. Contact: [privacy@grej…]. [Data Protection Officer / representative, if appointed: …].
For business and operator customers who use Grej to process personal data of their own customers or guests, Grej acts as a processor; that processing is governed by a separate Data Processing Agreement.
2. What data we process
- Account & identity: email, authentication identifiers (Google/Apple sign-in), account settings.
- Asset data (Digital Twins): the products you register and their details (brand, model, serial, purchase, warranty, location if you provide it), hierarchy and status.
- Uploaded content: photos, videos and documents you upload (e.g. manuals, receipts, warranties), and information derived from them by AI (extracted fields, document sections/chunks).
- AI usage & metering: records of AI operations (type, model tier, tokens, cost, AI Credits) used to operate quotas and understand cost — kept at the account level.
- Product-analytics events: pseudonymous usage events (screen views, feature usage) to understand how the app is used in aggregate.
- Payment data: processed by our payment provider ([Stripe]) and/or the app stores; we do not store full card details.
- Device & technical data: app version, platform, logs necessary for security and operation.
3. Purposes and legal bases (GDPR Art. 6)
| Purpose | Data | Legal basis |
|---|---|---|
| Provide the Service (Digital Twins, AI assistant, storage) | Account, asset, uploaded content | Contract (Art. 6(1)(b)) |
| AI processing of your uploads to deliver features to you | Uploaded content, derived data | Contract (Art. 6(1)(b)) |
| Metering, quotas and billing | AI usage, payment | Contract; legal obligation for invoicing |
| Security, fraud and abuse prevention | Technical, usage | Legitimate interest (Art. 6(1)(f)) |
| Product analytics to improve the Service | Pseudonymous events | Consent or legitimate interest, per local rules |
| Contribution to cross-owner/fleet intelligence | De-identified signals | Explicit, revocable consent (Art. 6(1)(a)) |
| Marketing communications | Contact | Consent |
4. How AI processes your content
To provide AI features, your uploaded content and asset data are processed by our AI sub-processor (Google — Gemini/Vertex AI). Key points:
- Your uploaded documents and everything derived from them (extracted fields, document chunks) are scoped to your account and are never shared with other, unrelated users.
- We do not use your content to train general-purpose/foundation AI models.
- [TO VERIFY] The region in which Google processes this data, and whether any processing occurs outside the EU/EEA; if so, the transfer safeguard relied upon (adequacy decision / Standard Contractual Clauses). This must be confirmed against Google's current Gemini/Vertex terms and region configuration before publication.
5. Sub-processors and international transfers
We use sub-processors to run the Service, including: Google Cloud (hosting; region
europe-north1, EU), Google Gemini/Vertex AI (AI processing — see §4 [TO VERIFY region]),
[Stripe] (payments), and [analytics provider / first-party]. A current sub-processor list is
available at [link]. Where personal data is transferred outside the EU/EEA, we rely on an
adequacy decision or Standard Contractual Clauses. [TO VERIFY all transfer mechanisms.]
6. Sharing your data
We share your data only: with the household members, collaborators, and (for operator accounts) the temporary guests you designate; with sub-processors under contract (§5); and where required by law. We do not sell your personal data.
7. Retention
We retain personal data for as long as your account is active and as needed to provide the Service. AI inputs sent to the model provider are transient (the Files API copy is deleted within ~48h; the durable copy is your own upload in our storage). On account deletion, we delete or anonymise your personal data; aggregated/de-identified and metering records may be retained in anonymised form. [Define specific retention periods per data type.]
8. Your rights
Subject to applicable law, you may: access your data; correct it; delete it; obtain a portable copy; restrict or object to certain processing; and withdraw consent at any time (including for fleet contribution and marketing). To exercise these rights contact [privacy@grej…]. You may also lodge a complaint with your supervisory authority — in Finland, the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto).
9. Fleet / community-intelligence contribution
Contribution of de-identified lifecycle signals to any cross-owner intelligence layer is off by default and requires your explicit consent, which you can withdraw at any time. These signals are de-identified by construction and do not include your identity or your copyrighted materials.
10. Children
The Service is not directed at children under [16 / the local digital-consent age]. Within a Family workspace, accounts for minors are managed by the adult account Owner, who is responsible for any required parental consent.
11. Security
We apply technical and organisational measures appropriate to the risk (GDPR Art. 32), including encryption in transit, access controls, tenant isolation, and the principle that uploads and derived data stay scoped to their owner.
12. Data location
Primary hosting and storage are in the EU (europe-north1). AI processing region: see §4
[TO VERIFY].
13. Changes and contact
We will update this policy as needed and notify you of material changes. Questions: [privacy@grej…].
Draft v0.1 — for counsel review. Resolve every [TO VERIFY] before publication.