griffio

Legal

Privacy Policy

Last updated: April 2026

1. Introduction

Griffio (“we”, “us”, or “our”) is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights in relation to it. By using the Service, you agree to the practices described in this policy.

2. Data We Collect

We collect the following categories of data:

  • Account information — your name, email address, and business details provided during registration or setup.
  • Business data — invoices, quotes, purchase orders, expenses, clients, suppliers, items, and reminders that you create within the Service.
  • Usage data — pages visited, features used, and other interactions with the Service, collected via server logs and analytics.
  • Device & technical data — IP address, browser type, and operating system, used for security and service improvement purposes.

3. How We Use Your Data

We use the data we collect to:

  • Provide, maintain, and improve the Service.
  • Authenticate your identity and secure your account.
  • Send transactional emails (e.g. invoice delivery, password reset).
  • Respond to support requests and communicate about the Service.
  • Comply with legal obligations.

We do not sell your personal data to third parties, and we do not use your business data for advertising purposes.

4. Data Storage & Security

Your data is stored securely on infrastructure hosted within the European Union. We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or disclosure. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. If you close your account, we will delete your personal data within 30 days, unless we are required to retain it for legal or regulatory reasons.

6. Third-Party Services

We use a small number of third-party services to operate the platform, including providers for database and authentication, transactional email delivery, and hosting. These providers are contractually obligated to handle your data in accordance with applicable data protection laws and are not permitted to use it for their own purposes.

7. Cookies

We use strictly necessary cookies to maintain your session and keep you signed in. We do not use tracking cookies or third-party advertising cookies.

8. Your Rights

Under UK GDPR and the Data Protection Act 2018, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of your data (“right to be forgotten”).
  • Object to or restrict the processing of your data.
  • Request a portable copy of your data.

To exercise any of these rights, please contact us at hello@griffio.app. We will respond within 30 days.

9. Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from someone under 18, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the “Last updated” date at the top of this page. Your continued use of the Service after any changes constitutes your acceptance of the revised policy.

11. Contact

If you have any questions or concerns about this Privacy Policy, please contact us at hello@griffio.app.