Privacy Policy

Last updated: April 14, 2026

GripHQ (“GripHQ,” “we,” “our,” or “us”) is operated by B-Squared Technologies. This Privacy Policy explains what data we collect when you use GripHQ at griphq.ai, why we collect it, how it is stored, and the rights you have over it. If anything here is unclear, email us at bsqred.tech@gmail.com.

1. What we collect

1.1 Account data

When you sign in with Google, we receive your name, email address, profile picture, and a stable Google account identifier (sub). We store this to identify you across sessions and bind your account to a single Google identity.

1.2 Google Workspace data (with your consent)

If you connect Gmail or Google Calendar, we request OAuth tokens that let GripHQ read and (with your instruction) modify those services on your behalf. Specifically:

  • Gmail — we read message metadata (from/to/subject/snippet) to surface unread counts, classify priority, and populate the in-app Inbox. We may send messages (confirmations, follow-ups) only when you explicitly ask us to, such as on booking confirmation or a Claude-approved action.
  • Google Calendar— we read upcoming events to build your “My Day” timeline and sync them into GripHQ’s cache. We create events when you accept a booking. We can delete events you create through GripHQ’s booking flow when you cancel a meeting.

1.3 Content you create

Projects, tasks, notes, leads, bookings, approvals, reminders, and AI conversation history that you enter or generate while using GripHQ. This is stored in our Postgres database (Supabase) and scoped to your tenant.

1.4 Technical data

Log entries from Vercel (our hosting provider) include your IP address, user-agent, and the routes you visit. We use these to operate the service, debug issues, and enforce rate limits.

1.5 Payment data

If you subscribe to a paid plan, Stripe processes the payment. We never see or store your card number — Stripe sends us only a customer identifier, your subscription status, and the plan tier.

2. How we use your data

  • To authenticate you and secure your account.
  • To power the product features you’ve opted into: calendar sync, email monitoring, AI assistant, booking page, notifications.
  • To send you operational messages (booking confirmations, Telegram alerts you enabled, password-free sign-in emails).
  • To diagnose bugs, prevent abuse, and comply with legal obligations.

We do not sell your data. We do not use the contents of your Gmail or Calendar to train any AI model. We do not share your content with third parties except the processors listed below.

3. Who we share data with

GripHQ is a small operation. We use the following subprocessors to run the service:

  • Supabase — Postgres database + file storage (US region)
  • Vercel — application hosting, edge middleware, logging
  • Cloudflare — DNS, edge compute (workers), bot protection
  • Stripe — payment processing
  • Anthropic — Claude API (powers the AI assistant). Prompts may include data you explicitly share with the assistant in a conversation. Anthropic states that API inputs are not used to train models.
  • Google — Gmail + Calendar APIs you voluntarily connect
  • Telegram — notification delivery when you connect your Telegram account

Each of these processors has their own privacy policy and is contractually restricted to using your data only to provide the service to us.

4. Google Workspace API compliance

GripHQ’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

  • We only use access to Google user data to provide or improve features visible in the GripHQ UI.
  • We do not transfer Google user data to anyone else except as needed to provide the service, comply with law, or with your consent.
  • We do not use Google user data for serving advertisements.
  • Humans do not read your Google data unless you give us specific consent (for example, to diagnose a support issue you report).

5. Where your data is stored

Data is stored in the United States (Supabase us-west region and Vercel edge regions). OAuth tokens and sensitive credentials are encrypted at rest by our database provider. TLS is used for all network traffic.

6. How long we keep it

We retain your data for as long as your account is active. If you delete your account, we erase your tenant data within 30 days, except records we’re required to keep for legal or accounting reasons (e.g., Stripe invoice metadata).

You can disconnect Gmail or Calendar at any time in Settings → Integrations, which revokes our OAuth tokens. You can also revoke GripHQ’s access directly at Google’s permissions page.

7. Your rights

Regardless of where you live, you can:

  • Access a copy of your data.
  • Correct inaccurate data.
  • Delete your data and close your account.
  • Port your data to another service.
  • Withdraw consent at any time.

To exercise any of these rights, email bsqred.tech@gmail.com. We respond within 30 days.

8. Security

We follow reasonable industry practices to protect your data: TLS in transit, encryption at rest in Supabase, scoped tokens for API access, row-level tenant isolation enforced in application code, signed webhooks, and rate limiting on public endpoints. No service is perfectly secure — if you believe your account is compromised, email us immediately.

9. Children

GripHQ is not intended for users under 16 and we do not knowingly collect data from them.

10. Changes to this policy

We may update this policy. If we change anything material, we’ll notify active users by email. The “Last updated” date at the top reflects the most recent revision.

11. Contact

B-Squared Technologies
Utah, United States
bsqred.tech@gmail.com