https://groovysec.com/privacy-policy
What data do we collect?
We may collect the following categories of personal data:

Personal identification information (such as name, email address, phone number and similar contact details).
Payment information in connection with purchases, subscriptions or other paid services.
How do we collect your data?
You directly provide most of the data we collect. We collect and process data when you:

Register online or place an order for our products or services.
Voluntarily complete customer surveys or provide feedback by email, forms or message boards.
Use or view our website, where cookies and similar technologies may collect usage information.
Book a pilot, demo or consultation of our product.
We may also receive data indirectly from lead generation and prospecting tools used for business development.

How do we use your data?
Groovy Security uses your data to:

Process orders, provision services and manage your account.
Communicate with you regarding product updates, support and features we believe may be relevant.
Incorporate voluntary feedback into the ongoing development of our products.
Where you choose to interact with AI models through our platform, successful AI prompts may be shared with the AI provider you have selected so that they can offer and improve their services.

How do we store and protect your data?
We host customer data on Amazon Web Services (AWS) in either EU-West-1 (Ireland) or US-West-2 (Oregon) depending on the organization’s primary region.

Each customer organization is provisioned with its own dedicated, encrypted S3 bucket, database and compliance engine, protected by a unique AWS KMS key. Data is encrypted at rest (AES-256 via KMS) and in transit (TLS 1.2/1.3).

Access is limited using role-based access control (RBAC), strict least-privilege IAM policies, private VPC networking and continuous monitoring through AWS CloudTrail, GuardDuty and internal logging. Our architecture is designed to support compliance with standards such as HIPAA, GDPR and ISO 27001.

We retain your personal data only for as long as there is a contractual or legitimate business need. At the end of the retention period, we aim to delete or anonymize personal data within 30 days.

Marketing communications
We may send you information about Groovy Security products and services that we think you may find useful. You can opt out of marketing communications at any time by using the unsubscribe links in our emails or by contacting us directly.

Your data protection rights
We want to ensure that you are fully aware of your rights under applicable data protection laws (such as GDPR). Subject to certain conditions, you may have the right to:

Request access to the personal data we hold about you.
Request correction of information you believe is inaccurate or incomplete.
Request deletion of your personal data in certain circumstances.
Request that we restrict the processing of your personal data.
Object to our processing of your personal data, including marketing.
Request that we transfer your data to another organization or directly to you (data portability).
If you exercise these rights, we will respond as required by law, typically within one month. To make a request, please contact us using the details in the How to contact us section below.

Cookies and similar technologies
Cookies are small text files placed on your device that help us understand how you use our website and enable certain features (such as keeping you signed in). We may also use cookies or analytics to understand usage patterns and improve the site.

We use a mix of functional cookies (for things like language or region preferences) and, where applicable, analytics or advertising cookies that help us understand how visitors interact with our content.

You can configure your browser to refuse cookies or to notify you when cookies are being set. Some features of the site may not work properly if cookies are disabled.

Links to other websites
Our website may contain links to third-party websites. This Privacy Policy applies only to Groovy Security. If you follow a link to another website, we recommend that you read their privacy policy.

Changes to this Privacy Policy
We keep this Privacy Policy under regular review and will post any updates on this page. The current version was last updated on 15 September 2025.

How to contact us
If you have any questions about this Privacy Policy, the data we hold about you, or if you wish to exercise your data protection rights, please contact us at:

Email: [email protected]

How to contact the appropriate authority
If you wish to raise a concern or make a complaint about how we handle your personal data, you may contact the relevant data protection authority in your jurisdiction. If you are based in the United Kingdom or European Union, this may be your local data protection regulator or supervisory authority.