Legal

Privacy Policy

Your privacy matters. This policy explains what data we collect, how we use it, and your rights as a user of the Grantiva platform.

Last updated: March 2026

This document is provided for informational purposes. Please consult with legal counsel for your specific requirements.

1. Introduction

Grantiva Inc. ("Grantiva," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use the Grantiva platform, including our API, SDKs, dashboard, and website at grantiva.io.

By using Grantiva, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our services.

2. Data We Collect

Device Data

  • Device identifier -- an anonymized, ephemeral identifier generated during attestation. We do not collect Apple device UDIDs or persistent hardware identifiers.
  • Device model and OS version -- used for risk scoring and analytics (e.g., "iPhone 16 Pro," "iOS 19.1").
  • App version -- the version of the client application using the Grantiva SDK.

Network Data

  • IP addresses -- used only for geolocation lookup and fraud detection. IP addresses are anonymized after processing and are not stored in raw form.

Usage Data

  • Attestation timestamps -- when devices perform attestation, for analytics and anomaly detection.
  • Feature flag evaluations -- aggregated counts of flag evaluations for analytics. Individual evaluation events are not stored long-term.

Account Data

  • Dashboard users -- email address, name, and organization name provided during account registration.
  • Billing information -- payment details are processed and stored by Stripe. We do not store credit card numbers.

3. How We Use Data

We use collected data for the following purposes:

  • Service provision -- device attestation, JWT token issuance, feature flag evaluation, and dashboard functionality.
  • Security analysis -- device risk scoring, fraud prevention, and anomaly detection.
  • Analytics -- aggregated platform usage metrics for our customers via the dashboard (e.g., active device counts, attestation volume).
  • Platform improvement -- understanding usage patterns to improve Grantiva's features and performance.

4. Data Retention

We retain data only as long as necessary to provide our services and meet our legal obligations:

Attestation data90 days
Analytics (Free tier)7 days
Analytics (Pro tier)30 days
Analytics (Growth / Business)90 days
Analytics (Enterprise)1 year
Billing records2 years
Account dataUntil deletion requested

5. Data Sharing

We do not sell, rent, or trade your data. We share data only with the following subprocessors, which are necessary to operate the Grantiva platform:

Apple

App Attest verification -- device attestation validation via Apple's servers.

Railway

Infrastructure hosting -- application servers, databases, and caching.

Stripe

Payment processing -- subscription billing and payment method storage.

6. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation:

  • Right of access -- request a copy of the data we hold about you.
  • Right to rectification -- request correction of inaccurate data.
  • Right to erasure -- request deletion of your data ("right to be forgotten").
  • Right to data portability -- receive your data in a structured, machine-readable format.
  • Right to restrict processing -- request that we limit how we use your data.
  • Right to object -- object to processing of your data for specific purposes.
  • Right to withdraw consent -- withdraw previously given consent at any time.

To exercise any of these rights, contact us at privacy@grantiva.io.

7. Your Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act provides the following rights:

  • Right to know -- what personal information we collect and how it is used.
  • Right to delete -- request deletion of your personal information.
  • Right to opt-out -- opt out of the sale of personal information. Note: we do not sell personal information.
  • Right to non-discrimination -- exercising your rights will not result in different pricing or service quality.

8. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption at rest -- AES-256 encryption for all stored data.
  • Encryption in transit -- TLS 1.3 for all data transmitted between clients and servers.
  • Access controls -- role-based access with bcrypt password hashing for dashboard accounts.

For more details on our security practices, visit our Security page.

9. Children's Privacy

Grantiva is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (for dashboard account holders) or by posting a prominent notice on our website prior to the change becoming effective.

We encourage you to review this policy periodically for any updates.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Privacy:privacy@grantiva.io
General:support@grantiva.io
Web:grantiva.io