Grassfeld - Privacy & Cookie Policy
Last updated on January 7, 2025
Who we are
During the processing of personal data, Grassfeld Inc. works conform to the requirements of the applicable data protection legislation, including the General Data Protection Regulation (GDPR) and relevant U.S. federal privacy laws, such as the Privacy Act of 1974, the Children’s Online Privacy Protection Act (COPPA), and the Health Insurance Portability and Accountability Act (HIPAA). This means we:
- clearly specify our purposes before we process personal data, by using this privacy statement;
- limit our collection of personal data to only the personal data needed for legitimate purposes;
- first ask for explicit permission to process your personal data in cases where your permission is required;
- take appropriate security measures to protect your personal data and demand the same from parties who process personal data on our behalf;
- respect your right to access, correct, or delete your personal data held by us.
Grassfeld Inc. is the party responsible for all data processing. In this privacy statement, we will explain what kind of personal data we collect and for which purposes within our online services accessible via: www.Grassfeld.com, our knowledge base, and our app. For readability purposes, those services combined are called ‘our online services’ in this privacy statement. We recommend that you read it carefully.
If you have any questions regarding the processing of personal data, you can find the contact details of Grassfeld Inc. at the end of this privacy statement.
Using Grassfeld
Registration
Certain features of our online services require you to register beforehand. You will have to provide some information about yourself and choose a username and password for the account that we will set up for you. It is also possible that the username will be provided by us; in this case, it will not be possible to choose a username.
For this purpose, we use your phone number, invoice and/or email address, payment details, nickname, and profile picture if you want to personalize your account. This is done based on the execution of the agreement you conclude when making an account. We store this information until you close your account. We retain this data so that you do not have to re-enter it every time you visit our website and/or use our online services and to contact you in connection with the execution of the agreement, invoicing, and payment, and to provide an overview of the products and services you have purchased from us.
Children’s Data Privacy (COPPA Compliance)
As a financial institution, our services are not offered nor available to minors under the age of eighteen, and have restricted the use of our applications to users who are eighteen or older.
Therefore, we do not knowingly collect personal data from minors under thirteen without parental consent, in compliance with COPPA. If we become aware that we have collected data from a child under thirteen without verification of parental consent, we will take steps to delete that information. Parents or guardians can contact us to review, update, or delete their child’s personal information.
Sending newsletters
We have a newsletter to inform those interested about news, updates, tips, and information about our products and services. Your email address is added to the list of subscribers only with your permission!
We hate spam too, but sometimes it’s necessary to communicate with you. We store this information until you cancel your subscription to our newsletter.
You may cancel your subscription at any time. Each newsletter contains a link to unsubscribe.
Access to portal
Within our online services, you can access a management environment where you can set, specify, and change settings. We will keep track of your activities for proof.
For this purpose, we use your phone number, email address, nickname, and profile picture. We need this data because of our agreement with you. We store this information until our services to you have ended.
HIPAA Compliance
If any health-related data is collected through our services, we comply with HIPAA regulations to ensure that this data is protected and used appropriately.
Subscription
Via our online services, you can take out a paid subscription. We use your personal data to complete the payment.
For this purpose, we use your phone number, invoice and/or email address, payment details, User-ID, payment history, and invoices. We need this data because of our agreement with you. We store this information until you cancel your subscription. Certain types of personal data will be retained for a longer period in accordance with legal tax retention requirements.
Transactions (financial)
Grassfeld Inc. has a partnership with Plaid Inc. to gather your data from financial institutions. By using our service, you grant Grassfeld and Plaid the right, power, and authority to act on your behalf to access and transmit your personal and financial information from your relevant financial institution. You agree to your personal and financial information being transferred, stored, and processed by Grassfeld and Plaid in accordance with this and the Plaid end user privacy policy.
If you connect your bank account(s) to our service(s), we will retrieve your transaction history and sync future transactions. All transactions are anonymized and can only be retrieved by you. We do not sell data to third parties. The transactions are deleted immediately after you disconnect your account and/or delete your profile.
The anonymized transactions will be analyzed by our Artificial Intelligence engine to provide you the needful insights through our services.
The transactions will be deleted immediately after you disconnect your account and/or delete your profile.
Personal, household related, financial documents/contracts
You will have the ability to digitize your personal administration, through our services you will be able to use our cloud storage solution which is designed for this purpose. We don’t analyze this data without your consent, we don’t sell the data, we only store it for you. Through our services there are features you can use to organize your personal administration and much more. You can also choose to share your data with family, friends or other people. It is up to you to decide which, and for what period in time, data is shared.
You are in charge of your cloud space; we cannot delete any files as this must be explicitly done by you.
Contact form
You can use our contact form to ask questions or make any request.
For this purpose, we use your phone number, email address, nickname, message you wish to send to us and your User-ID. We need this data because of our agreement with you. We store this information until we are sure that you are satisfied with our response and six months thereafter. This way we can easily access the information in case you have any following questions and train our customer service to improve even more.
Statistics and profiling
We keep as much as possible, anonymized statistics on the use of our online services. These statistics help us to, for example, only show you information that is relevant to you or to improve our services. We may combine personal data to get to know more about the way our services are being used. We will of course respect your privacy at all times.
For this purpose, we use your Usage statistics. We have a legitimate interest in doing this. We store this information for as long as you have a subscription.
After your consent, we can also use your data to provide you with statistical insights in your financial situation, and we use your personal data to generate statistical and anonymized data that can be shown to other users in order to give them statistical insights in their own financial situation.
Promotion
Other than the possible advertisements on the website, we can inform you about our new products and/or services by email or via social media.
You can object at all times against this promotional communication. Every email contains a cancellation link. On social media, you can block us or use the cancellation option. You can also inform us through your account. Further, you can inform us through the portal.
Location data
If necessary, we may collect your location data (GPS). If that is the case, you will be asked to grant consent beforehand.
This location data and other data can also be stored and processed by the provider of the navigation/mapping software, such as Google Maps, but the data could also be used by, for example, Google or Apple itself. We have no control over their actions. We recommend that you read the applicable privacy statement of the provider in question.
Security
Security Measures (FTC Act Compliance)
We take security measures to reduce misuse of and unauthorized access to personal data. Our security protocols include:
- Data encryption during storage and transmission;
- Two-factor authentication for account access;
- Regular security audits and updates;
- Data breach response plan, including notification procedures if a breach occurs.
In addition, all communications are double-encrypted and secured through your bank if you have linked it with our service.
We also adhere to the principle of Privacy by Design. This means that at every step of the design and development process of our service, we try to ensure your privacy as much as possible. For example, you are represented in our system by a number, which means that we do not know who you are. In addition, transactions are not visible to us as they are fully hashed. Only in case of very exceptional support requests and only with your explicit consent, we can view and correct your transactions. Furthermore, all communications are double-encrypted and secured again through your bank, if you have linked it with our service. The mentioned examples are only some of the privacy-friendly measures implemented in our service.
Data Sharing (FTC Act Compliance)
We do not provide your personal data to third parties unless required by law or necessary to deliver our services. Third-party providers include:
- Plaid Inc. for financial data synchronization;
- Google Analytics & Firebase for usage tracking.
You have the right to opt out of data sharing, except for necessary cookies and essential service providers.
Cookies
Cookies and Tracking (CalOPPA Compliance)
Our online services use cookies to:
- Enable functionalities of the website (technical or functional cookies);
- Analyze the use of the website (analytics cookies);
- Enable the online chat function and FAQ portal (other cookies).
We offer a cookie management interface where you can manage your cookie preferences. You can also set your browser to refuse cookies or delete them manually.
Technical and/or functional cookies
Some cookies ensure that certain parts of the online services work properly and that your user preferences remain known. For example, cookies can be used to render fonts properly, to be able to remember your user session on the web server so that you can view the website, or to remember a search term that is searched within the website or a selected filter. The technical and functional cookies we use are for storing user data and hiding information after a first visit to the website.
Enable and disable cookies
You can set your browser so that the storage of cookies is only accepted if you agree. Note: many websites do not work optimally if the cookies are disabled.
Removal of cookies
Many cookies have an expiration date. If an expiration date is set, the cookie is automatically deleted when the expiration date expires. You can also choose to manually delete the cookies before the expiration date has passed. Consult the manual of your browser or device for this.
Google Analytics & Firebase
We use Google Analytics & Firebase to track visitors on our online services and to get reports about how visitors use the online services. We accepted the data processing agreement from Google. We don’t allow Google to use information obtained by Analytics for other Google services, and we anonymize the IP-addresses.
User rights (CCPA Compliance)
You have the following rights:
- Right of access: you can request to see what personal data we have processed about you;
- Right of rectification: you can request corrections to your personal data if it is incorrect;
- Right to complain: you can file a complaint about how your personal data is processed;
- Right to be forgotten: you can request that we delete your personal data;
- Right to data portability: you can request that your data be transferred to a third party;
- Right to restrict processing: you can request that we temporarily restrict processing of your personal data.
To exercise any of these rights, contact us at info@Grassfeld.com. We will respond within one month unless the request is complex, in which case you will be informed of any extension.
Changes to this privacy statement
We reserve the right to modify this statement. We recommend consulting this statement regularly to stay informed of any changes.
Complaints
If you want to file a complaint about our use of personal data, please send an email to info@Grassfeld.com.
If you feel we are not addressing your concerns adequately, you have the right to file a complaint with your local data protection authority.
Contact Details.
8 The Green # 16180
Dover, DE, 19901
The United States of America
Grassfeld Inc.
info@grassfeld.com
