This Privacy Policy explains how [COMPANY LEGAL NAME] ("Grailzee," "we," "us") collects, uses, and shares information when you use Grailzee Connect (the "Service"). Because Grailzee verifies members' identity and net worth, we handle sensitive information with care, and rely on specialized providers for the most sensitive steps.
Contents
1.Information we collect
| Category | Examples |
|---|---|
| Account & contact | Name, phone number[, email], and login credentials. |
| Profile | Photo, title, companies, location, industry, and accomplishments you add. |
| Verification evidence | Documents and statements you submit to the audit team to establish your net worth bracket and accomplishments. |
| Identity data | Government ID and selfie — collected and processed by our identity provider (see §3). |
| Payment data | Subscription and audit-fee transactions — processed by Stripe; we do not store full card numbers. |
| Usage & device | App activity, approximate region, device type, and push-notification tokens (if you opt in). |
2.How we use information
- To operate the Service — create your account, verify you, assign a net worth bracket, and enforce who can message whom;
- To run the member directory and surface relevant profiles within the reach rules;
- To process membership and audit payments and manage your entitlement;
- To communicate with you, including audit updates via the in-app "Grailzee Concierge" and, with your permission, push notifications;
- To keep the community safe, prevent fraud and misrepresentation, and meet legal obligations.
3.Identity verification
Identity verification (government ID + selfie) is performed by Stripe Identity, which captures, verifies, and stores that documentation under its own retention controls. Grailzee receives only the outcome of the check and a reference identifier; we do not store the ID image on our servers. Stripe Identity's handling of this data is governed by its own privacy terms.
4.Payments
Payments are handled by Stripe on our website. Stripe processes your card and billing details; Grailzee stores only the information needed to manage your membership status and history (such as plan, status, and a transaction reference), not your full card number.
5.Messaging
One-to-one messaging and the audit concierge thread are delivered through a third-party chat provider (Stream). Message content is transmitted and stored to provide the chat feature. Grailzee's own systems hold the rules that determine who is permitted to message whom.
6.What other members see
Other verified members can see your profile information — such as your name, photo, title, companies, location, industry, and your verified net worth bracket — subject to the reach rules. Other members do not see the underlying evidence you submitted for your audit, your identity documents, or your payment details.
7.Service providers
We share information with vendors who process it on our behalf, under contract and only as needed to provide the Service. Current providers include [Supabase] (data & authentication), Stripe and Stripe Identity (payments and identity), Stream (chat), and [push/notification and hosting providers]. We do not sell your personal information.
8.Data retention
We retain personal information for as long as your account is active and as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Verification results are retained to maintain your membership status. When you delete your account, we delete or de-identify your information within [RETENTION PERIOD], except where retention is legally required.
9.Security
We protect information in transit (HTTPS) and at rest, limit internal access to those who need it for verification and support, and log access to sensitive data. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
10.Your rights & choices
Depending on where you live, you may have rights to access, correct, delete, or export your personal information, and to object to or restrict certain processing. You can manage your profile in the app, opt out of push notifications in your device settings, and request account deletion. To exercise your rights, contact us at [privacy@grailzee.com]. [Add GDPR/CCPA-specific disclosures and legal bases as advised by counsel.]
11.Age requirement
The Service is for adults 18 and older. We do not knowingly collect information from anyone under 18. If you believe a minor has provided us information, contact us and we will delete it.
12.Changes & contact
We may update this Policy; we will revise the "Last updated" date and, for material changes, notify you through the Service. Questions or requests: [privacy@grailzee.com], [COMPANY LEGAL NAME], [MAILING ADDRESS].