1. Introduction
Welcome to Grit Café ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our service.
2. Information We Collect
2.1 Information You Provide
- Account Information: Email address, password (encrypted), and profile details
- Content: Tasks, notes, checklists, and other content you create
- Payment Information: Processed securely through Lemon Squeezy (we do not store credit card details)
- Communication: Messages you send to our support team
2.2 Automatically Collected Information
- Usage Data: Features used, time spent, and interaction patterns
- Device Information: Browser type, operating system, IP address
- Cookies: Authentication tokens and preferences (see Cookie Policy below)
3. How We Use Your Information
- Service Delivery: To provide, maintain, and improve Grit Café
- Authentication: To verify your identity and secure your account
- AI Features: To process your content with AI models (OpenAI, Anthropic) for task optimization
- Billing: To process payments and manage subscriptions
- Communication: To send service updates, security alerts, and support responses
- Analytics: To understand usage patterns and improve our service
- Legal Compliance: To comply with legal obligations and enforce our terms
4. Data Sharing and Third Parties
We share your data only in the following circumstances:
4.1 Service Providers
- Supabase: Database and authentication services
- Cloudflare: Hosting and CDN services
- Lemon Squeezy: Payment processing
- OpenAI/Anthropic: AI processing (only content you explicitly send for optimization)
4.2 Legal Requirements
We may disclose your information if required by law, court order, or to protect our rights and safety.
4.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new owner.
5. Data Security
We implement industry-standard security measures:
- Encryption in transit (HTTPS/TLS) and at rest
- Secure authentication with bcrypt password hashing
- Row-level security policies in our database
- Regular security audits and updates
- Limited employee access to user data
6. Your Rights
You have the following rights regarding your data:
- Access: Request a copy of your personal data
- Correction: Update or correct inaccurate information
- Deletion: Request deletion of your account and data
- Export: Download your content in a portable format
- Opt-out: Unsubscribe from marketing emails
- Withdraw Consent: Revoke permissions for data processing
To exercise these rights, contact us at privacy@grit.cafe
7. Data Retention
We retain your data for as long as your account is active or as needed to provide services. After account deletion, we may retain certain data for legal compliance (e.g., billing records) for up to 7 years.
8. Cookies and Tracking
We use cookies for:
- Essential: Authentication and security (required)
- Preferences: Theme, language, and UI settings
- Analytics: Usage patterns (anonymized)
You can control cookies through your browser settings, but disabling essential cookies may affect functionality.
9. Children's Privacy
Grit Café is not intended for users under 13 years of age. We do not knowingly collect data from children. If you believe a child has provided us with personal information, please contact us immediately.
10. International Data Transfers
Your data may be processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers.
11. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of significant changes via email or in-app notification. Continued use of Grit Café after changes constitutes acceptance.
12. Contact Us
If you have questions about this privacy policy or our data practices, please contact us: