Back to Home

Privacy Policy

Last updated: January 13, 2026

1. Introduction

Gruplix Inc. ("Gruplix", "Company", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our community management platform ("Service").

Please read this Privacy Policy carefully. By using the Service, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us, including:

  • Account Information: Name, email address, password, and profile information when you create an account
  • Payment Information: Billing address and payment details (processed securely through Stripe)
  • Organization Information: Organization name, team member details, and settings
  • Communications: Information you provide when contacting our support team

2.2 Information from Connected Platforms

When you connect your accounts from third-party platforms (Discord, Telegram, Slack, WhatsApp), we collect:

  • Your platform user ID and profile information
  • Group/server/channel information you choose to manage
  • Member lists and member information from managed groups
  • Message metadata for scheduled messages
  • Access tokens (stored encrypted with AES-256-GCM)

2.3 Automatically Collected Information

We automatically collect certain information when you use the Service:

  • Usage Data: Features used, actions taken, and time spent on the Service
  • Device Information: Device type, operating system, browser type, and unique device identifiers
  • Log Data: IP address, access times, pages viewed, and referring URLs
  • Cookies and Tracking: We use cookies and similar technologies as described in our Cookie Policy

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process transactions and send related information
  • Send you technical notices, updates, and support messages
  • Respond to your comments, questions, and requests
  • Monitor and analyze trends, usage, and activities
  • Detect, investigate, and prevent fraudulent or unauthorized activities
  • Personalize and improve your experience
  • Comply with legal obligations

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the Service you requested
  • Legitimate Interests: Processing for our legitimate business interests, such as fraud prevention and security
  • Consent: Processing based on your explicit consent, which you can withdraw at any time
  • Legal Obligation: Processing necessary to comply with applicable laws

5. Information Sharing and Disclosure

We may share your information in the following circumstances:

5.1 Service Providers

We share information with third-party vendors who provide services on our behalf, including:

  • Supabase: Database and authentication services
  • Stripe: Payment processing
  • Vercel: Hosting and infrastructure
  • Sentry: Error tracking and monitoring
  • Resend: Transactional email delivery

5.2 Legal Requirements

We may disclose information if required by law or in response to valid requests by public authorities.

5.3 Business Transfers

In connection with any merger, sale, or acquisition, your information may be transferred to the acquiring entity.

5.4 With Your Consent

We may share information with your consent or at your direction.

6. Data Security

We implement appropriate security measures to protect your information:

  • All data is encrypted in transit using TLS 1.3
  • Sensitive data (tokens, credentials) is encrypted at rest using AES-256-GCM
  • Row Level Security (RLS) policies ensure data isolation
  • Regular security audits and penetration testing
  • Access controls and authentication requirements

Despite these measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your personal data for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy. When you delete your account:

  • Your personal data is deleted within 30 days
  • Backup copies are purged within 90 days
  • Anonymous analytics data may be retained indefinitely
  • Data required for legal compliance may be retained longer

8. Your Rights

Depending on your location, you may have the following rights:

8.1 GDPR Rights (EEA Users)

  • Access: Right to request copies of your personal data
  • Rectification: Right to request correction of inaccurate data
  • Erasure: Right to request deletion of your personal data
  • Restriction: Right to request restriction of processing
  • Portability: Right to receive your data in a portable format
  • Objection: Right to object to processing based on legitimate interests
  • Withdraw Consent: Right to withdraw consent at any time

8.2 CCPA Rights (California Residents)

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of the sale of personal information
  • Right to non-discrimination for exercising your rights

We do not sell personal information. We do not discriminate against users who exercise their privacy rights.

8.3 How to Exercise Your Rights

You can exercise your rights by:

  • Using the data export and account deletion features in your account settings
  • Contacting us at privacy@gruplix.com

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Essential Cookies: Required for the Service to function properly
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Understand how you use the Service

You can manage cookie preferences through our cookie consent banner or your browser settings. Note that disabling certain cookies may affect Service functionality.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

When we transfer data from the EEA to other countries, we use appropriate safeguards such as:

  • Standard Contractual Clauses approved by the European Commission
  • Processing in countries with adequate data protection determinations
  • Binding corporate rules where applicable

11. Children's Privacy

The Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete such information.

12. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

For significant changes, we will provide additional notice (such as adding a statement to our homepage or sending you a notification).

14. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

For GDPR-related inquiries, you may also contact our Data Protection Officer at dpo@gruplix.com.

If you are in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.