Privacy Policy
Detailed privacy notice covering public site data, workspace data, Telegram integrations, AI processing, retention, exports, deletion requests, and rights.
Controller, processor role, and contact
GramGrow provides B2B SaaS tooling. For customer workspace content, GramGrow commonly acts as processor for the workspace customer; for public website, account, billing, security, and product operations, GramGrow may act as controller. GramGrow is operated from Switzerland by Claudio Gadient, Landstrass 64, CH-7214 Grüsch. No dedicated data protection officer is appointed for launch-stage operations. The Swiss Federal Data Protection and Information Commissioner (FDPIC / EDÖB) is the relevant Swiss privacy supervisory authority for private-sector data processing.
Privacy requests can be sent to support@gramgrow.io.
Data categories, purposes, recipients, and retention
GramGrow processes account data, workspace membership and role data, CRM contacts, Telegram conversation content and metadata, notes, tasks, broadcasts, automations, tracking events, payment-related metadata, provider configuration, audit logs, and security events.
Purposes include providing the CRM, delivering messages, attribution, membership access, payment verification, fraud and abuse prevention, support, billing, security, and legal compliance. Recipients can include configured subprocessors, integration providers, payment processors, AI providers selected by the workspace, hosting and observability providers, and authorities where legally required.
Export coverage
- Workspace profile and billing metadata
- Workspace members and roles
- Contacts, tags, and contact tagging
- Conversations and messages
- Notes and tasks
- Automations and run history
- Scheduled broadcasts
- Tracking pages, links, and conversions
- Membership products, tiers, and members
- Telegram, broker, and integration metadata
- Custom domains and verification state
Intentionally excluded
- Provider-managed authentication records
- Provider-managed blob storage and assets
- Encrypted secrets and raw credential material
- Third-party billing processor records
| Data | Retention matrix |
|---|---|
| CRM contacts, tags, notes, tasks, conversations, messages | Retained while the workspace exists, then handled through the documented deletion request workflow. |
| Audit logs and operational security events | Kept as evidence for security, abuse prevention, billing, and release operations. |
| Provider secrets and tokens | Stored encrypted and excluded from exports; removed or rotated through integration disconnect flows. |
| Billing, payment, and processor records | Some records remain with Stripe, PayPal, Digistore24, Gumroad, or accounting systems under their own legal retention duties. |
Telegram, AI, cookies, and automated decisions
GramGrow is not Telegram. Telegram remains a separate provider for Telegram accounts, Telegram infrastructure, and Telegram-controlled processing. GramGrow stores the Telegram identifiers, usernames, chat content, message metadata, customer-provided bot tokens, webhook secrets, and optional personal connection metadata needed to power connected workspaces through Telegram APIs.
AI features can use OpenAI, Anthropic, Google Gemini, or tenant-configured providers for drafts, enrichment, auto-reply, and operational assistance when enabled by workspace configuration or plan. Telegram data must not be used to train, fine-tune, or generally improve AI/ML models. Public pages use local preferences such as GRAMGROW_LOCALE and cookie-consent state. GramGrow does not present fully automated legal or similarly significant decisions as a completed product capability.
Rights, withdrawal, complaint, access, export, and deletion
Depending on role and legal basis, individuals may have rights to information, access, rectification, erasure, restriction, portability, objection, consent withdrawal, and complaint with a data protection authority. Workspace customers remain responsible for handling many data subject requests concerning their end customers; GramGrow assists through export, deletion request, and support workflows.