Privacy Policy

GRAPELY - CLOUD BASED TECHNOLOGIES, LDA (“Grapely”) is firmly committed to the privacy and the personal data rights of its users, acting in accordance with the provisions of the General Data Protection Regulation (GDPR) and other applicable legislation.

This privacy policy provides information about how Grapely will use your personal data (collection, use and disclosure) when you visit or use Grapely’s website and services (collectively, the “Services”).

The purpose of this Privacy Policy is to provide information about the rights you have under the GDPR.

For your convenience, this Privacy Policy document is available in translation. In the event of discrepancies between translations, the Portuguese version shall prevail. The official Privacy Policy in Portuguese is available here.

1. Introduction

Grapely is committed to protecting your personal data and ensuring that its collection, processing and storage comply with national data protection legislation, namely the General Data Protection Regulation (GDPR) and Portuguese Law No. 58/2019, of August 8. Regular reviews are conducted to ensure ongoing compliance.

2. Acceptance of this Privacy Policy

Please read this Privacy Policy carefully before using the Services provided by Grapely.

You can consult the most current version of the Privacy Policy at any time on this page.

Grapely reserves the right to amend its Privacy Policy at any time. It is your responsibility to periodically check this page for any changes.

By using or continuing to use our Services, you declare that you have read, understood and agree to be bound by this Privacy Policy and any policies referenced herein.

3. Data Controller

Grapely is the entity responsible for processing your personal data:

GRAPELY - CLOUD BASED TECHNOLOGIES, LDA

Rua da Cruzinha, S/N 5085-205 Covas do Douro Portugal

Email: [email protected]

4. What Data Does Grapely Process and How Is It Collected?

Grapely does not collect sensitive personal data, such as health information, financial details or data revealing racial or ethnic origins. Additionally, Grapely does not engage in profiling based on personal data.

4.1 Data You Provide

When you use Grapely’s Services, we may collect the following categories of personal data:

Contact Information: Full name and email address.
Account Information: Email, password and any other details required for registration with Grapely’s Services.
Payment Information: Credit card details or other payment information for subscriptions.
User Submissions: Content provided for creating e-labels or generating QR codes, including any data that may be of personal nature.
Communication Records: Feedback, inquiries or other communications with our support team.

4.2 Data Collected Automatically

When you access Grapely’s Services, we automatically collect certain data:

Usage Data: Information about how you interact with our Services, including but not limited to browser type, pages visited and date and time of access.
Device Information: Data about the device you use, including operating system and hardware details.
Cookies and Tracking Technologies: We use cookies and similar technologies to track and store information about your use of our Services.

5. How We Use Your Personal Data

5.1 Service Provision

Facilitate account registration and manage subscriptions.
Process payments securely and accurately.

5.2 Analysis and Improvement

Understand usage patterns to enhance functionality and user experience.
Troubleshoot issues and optimize the performance of our Services.

5.3 Legal Compliance

Respond to requests from law enforcement or regulatory authorities.
Comply with applicable tax or data protection laws.

5.4 Communication and Marketing

Send notifications, updates and promotional content (only with your consent).

6. Legal Bases for Data Processing

We process your personal data to provide our Services effectively and comply with applicable legislation. The legal bases for processing include:

Performance of a Contract: Necessary to provide the Services you have requested or subscribed to, such as account creation, service access or payment processing.
Legitimate Interests: Improving user experience, ensuring the security of our Services and preventing fraud.
Consent: For specific purposes, such as sending marketing communications, we rely on your explicit consent, which you may withdraw at any time.
Legal Obligation: Processing is necessary to comply with applicable legal obligations, such as tax regulations or responding to law enforcement requests.

For more details on the retention periods associated with these legal bases, see Section 9: Data Retention.

We may share your personal data with trusted third-party service providers to deliver, maintain and improve the Services. These providers include:

Payment Processors: Stripe, for secure subscription payment processing.
Error Tracking and Monitoring Tools: Sentry, for monitoring application performance and resolving technical issues.
Email Communication Providers: Zoho Mail and Resend, for sending notifications, updates and user communications.
Customer Support and Marketing Tools: Tidio, for marketing campaigns, real-time chat and customer support interactions.
Backend Service Providers: Supabase, for database management and backend services.
Hosting and DNS Management Providers: Cloudflare, for frontend hosting, content delivery and DNS management.

All third parties with whom we share data are subject to strict data processing agreements, ensuring they use the information only for authorized purposes and protect it adequately.

If personal data is transferred outside the EU/EEA (e.g., to a service provider located in a third country), we implement appropriate legal measures, such as Standard Contractual Clauses or adequacy decisions, to ensure your data remains protected and compliant with applicable law.

Additionally, when using Grapely’s Services, you may encounter links or features from third-party websites or platforms. We emphasize that Grapely does not certify or guarantee the privacy practices or accuracy of these external services. Your interaction with third parties is at your own risk. We recommend reviewing their respective privacy policies before engaging with these services.

8. Cookies and Tracking Technologies

Grapely’s Services use cookies and similar tracking technologies to enhance your experience, analyze usage patterns and ensure error-free performance of the Services. Cookies are small text files stored on your device. These technologies are implemented by both Grapely and certain third-party service providers, including Stripe, Sentry, Tidio and Cloudflare, to fulfill their respective functionalities.

Grapely uses the following types of cookies:

Essential Cookies: Necessary for the Services’ operation, such as those used by Stripe for secure payment processing or by Cloudflare for the Services security and content delivery.
Performance Cookies: Used to monitor the Services performance and usage, including tools like Sentry for error tracking.
Functional Cookies: Store user preferences and enhance the Services personalization, such as Tidio cookies for chat functionality.
Marketing Cookies: Used for targeted advertising and promotional activities, implemented only with your explicit consent.

For more information on how these third-party systems use cookies, we recommend reviewing their individual privacy policies.

Non-essential cookies, including performance, functional and marketing cookies, are implemented only with your explicit consent, which can be provided or withdrawn via your browser settings or Grapely’s cookie banner. Essential cookies are necessary for the functionality of the Services and cannot be disabled.

9. Data Retention

Grapely retains your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy and to comply with legal obligations. After this period, your data will be securely deleted or anonymized. Retention details are as follows:

Account Information: Retained for as long as your account remains active or as required for legal purposes.
Payment Information: Stored for tax and accounting purposes in compliance with Grapely’s legal obligations (see Section 6: Legal Bases for Data Processing).
Usage Data: Retained for analytical and improvement of the Services purposes, typically for up to 2 years unless anonymized.

If you request data deletion, Grapely will comply with your request, except where data retention is required for legal reasons.

Under the GDPR, you have the following rights regarding your personal data:

Access: Request access to the personal data Grapely holds about you.
Rectification: Request correction of any inaccurate or incomplete data.
Erasure: Request deletion of your data, subject to certain legal conditions.
Restriction: Request restriction of data processing, for example, when you contest its accuracy or object to processing.
Data Portability: Request a copy of your personal data in a structured, commonly used and machine-readable format.
Objection: Object to the processing of your data based on legitimate interests or direct marketing.
Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out prior to withdrawal.
Lodge a Complaint with a Supervisory Authority: You have the right to lodge a complaint with a data protection authority, although Grapely encourages you to contact us first to attempt to resolve any issues.

Additionally, you have the right to opt out of receiving marketing communications at any time by clicking the “Unsubscribe” link in Grapely’s emails.

To exercise these rights, contact us at [email protected]. Grapely will respond to your request within one month, as required by the GDPR, unless a justified extension is needed.

11. Security of Your Personal Data

At Grapely, we are committed to protecting your personal data through robust organizational and technical security measures.

We implement advanced encryption technologies to safeguard data both in transit and at rest. All data storage systems are equipped with system-level encrypted drives and all databases operate with encryption standards equivalent to or higher than TLS 1.2 for API and web traffic. Strict access control measures are in place to prevent unauthorized access to data processing facilities and information systems.

Key Security Practices:

Access Control: Only authorized personnel with appropriate clearance can access sensitive data. Access is granted based on job roles and necessity.
Device Protection: Employee devices are password-protected and use two-factor authentication for enhanced security.
Logging and Monitoring: Access logs are maintained to monitor and audit data interactions. Suspicious activities are flagged and addressed promptly.
Database Isolation: User databases are kept separate from operational and analytical data to ensure data segmentation and additional protection.

While no system is entirely immune to risks, Grapely continuously works to enhance its safeguards and minimize vulnerabilities. In the event of a suspected breach, we will act promptly to mitigate harm and notify affected users as required by applicable laws.

12. Contact Information

If you have any questions, concerns or requests regarding this Privacy Policy, please contact us: