Privacy Policy – GrindFlowClub

Last updated: October 29, 2025

This Privacy Policy explains how GrindFlowClub ("we", "us") operates the software known as GrindFlowClub (the "Service"), what data we collect, how we use it and how you can control it.

1. What we collect

  • Account information: name, email, hashed password, subscription status, settings.
  • Billing information: payment token, transaction ID (via third-party processors).
  • Content you add: tasks, habits, projects, attachments, metadata (timestamps, status).
  • Usage & device data: log data, IP address, browser/device information, crash reports.
  • Cookies & tracking: for login sessions, preferences, analytics, fraud prevention.

2. How we use your data

  • To provide, maintain, personalize and improve the Service.
  • For billing, invoicing, account management.
  • To measure usage, generate insights, recommend features.
  • To detect and prevent fraud, security incidents and abuse.
  • To comply with legal obligations and enforce our Terms.

3. Legal basis (for EEA/UK users)

  • Contract: to deliver the Service you subscribed to.
  • Legitimate interests: product improvement, security, analytics.
  • Consent: where required (e.g., non-essential cookies/marketing).
  • Legal obligation: taxes, regulatory compliance.

4. Sharing of data

  • Service providers/processors (hosting, email, payment, analytics) under contract & confidentiality.
  • Law enforcement/regulatory disclosures if required.
  • Business transfer: in the event of merger, asset sale or reorganisation your data may be transferred under this Policy.

We do not sell your personal data.

5. International transfers

Your data may be processed in jurisdictions other than your country. We implement appropriate safeguards (e.g., standard contractual clauses) where required.

6. Data retention

Your data is retained while your account is active and as needed for the purposes described. After account deletion or termination we retain minimum records (e.g., for tax/audit) as permitted by law.

7. Your rights

Depending on your location you may have rights to: access, correct, delete, restrict processing, object to processing, port data.

To exercise a right, email grindflowclub@gmail.com from the registered account email.

Marketing opt-out: use unsubscribe links or update your preferences.

Cookies: you can manage via browser settings and (if implemented) via our cookie banner.

8. Security

We employ industry-standard technical and organisational measures (encryption at rest/in transit, access controls, monitoring).

No system is perfect—please use strong passwords and enable any available account protection (2FA, etc).

9. Children

The Service is not intended for children under 13 (or the minimum age in your jurisdiction). If you are under that age, do not register or use the Service.

If we become aware we have collected personal data from a child under that age without parental consent, we will delete that information.

10. Changes to this Policy

We may update this Policy. If changes are material, we’ll give notice (email or in-app). The “Last updated” date at top is the effective date of current version.

11. Contact

Data controller: GrindFlowClub (currently unregistered)

Address: Krishna, Andhra Pradesh, India

Email: grindflowclub@gmail.com