Privacy Policy For Admins
If you are looking for the privacy policy for users submitting feedback, please refer to this page.
This Privacy Policy explains how and why Grasp (“we”, “us”, or “our”) collects, uses, and shares information about you when you use our websites, widgets, APIs, emails, and other online products and services (collectively, the “Services”) or when you otherwise interact with us or receive a communication from us..
Last Change:
Grasp's Role
Grasp can act both as a data controller and a data processor:
- For data about you as an admin (e.g. your name or profile information), Grasp acts a data controller.
- When you collect responses from other users, Grasp acts as a data processor processing data on your behalf.
In this case you are the data controller for the feedback and associated user details you collect.
Grasp As Data Controller
What We Collect
| Type of Data | Purpose | Retention |
|---|---|---|
| Email Address | Used to create and identify your account, authenticate you, and send essential communications about your account and the Services. You can control optional notification settings in your topic dashboard. | For as long as your account is active; deleted upon request. |
| Profile Information | Includes your name, avatar, and unique identifiers from third-party login providers (e.g., Google). Displayed to other users when you collaborate with others and share topics. | For as long as your account is active; deleted upon request. |
| Feedback Topic Information | Includes topic titles, descriptions, configuration, and customizations. If your topic collects user contact information, we require you to provide a privacy notice, a contact email, and your organization name to display to respondents. | Retained while your account remains active. Topics can be made private at any time; full deletion is available upon request. |
| Authentication Data | Grasp use strictly necessary cookies and similar technologies to maintain your login session and secure your account. We do not use cookies for advertising or cross-site tracking. | Up to 30 days. |
| Log Data | Includes IP address, browser type, user-agent string, operating system, referral URLs, and basic device information, such as screen resolution. Used for security, abuse prevention, troubleshooting, and to ensure proper functioning of the Services. | Up to 30 days. |
Legal Bases for Processing
We process your personal data under the following legal bases:
- Contract necessity: To provide and manage your account and the Services.
- Legitimate interests: To secure the Services, prevent abuse, detect fraud, and improve functionality.
- Consent: For optional communications or features that you explicitly enable.
- Legal obligations: To comply with applicable laws, including tax and accounting requirements.
How We Share Your Information
Topic information is public
Information you enter when creating a feedback topic (such as topic name, prompt, your privacy email) will be visible to anyone with a link to that topic.
We take reasonable measures to prevent feedback topics from being indexed by search engines, but cannot guarantee it.
With other users
If you chose to share feedback topic with others, your name, email and avatar may be visible to other users in addition to the topic you are sharing.
With our service providers
We may share data with vendors, consultants, and other service providers who need access to such data to carry out work for us.
Their use of personal data will be subject to appropriate confidentiality and security measures.
For example, we use third-party services for user authentication, email delivery, hosting and sentiment analysis.
We send feedback responses and topic data to AI providers like OpenAI to generate summaries or sentiment analysis.
This data is not used for AI training and is stored for limited time for security purposes.
This data sharing is necessary for providing the Services you use and is done under appropriate data processing agreements.
To comply with the law
We may share information if we believe disclosure is in accordance with, or required by, any applicable law, regulation, legal process, or governmental request, including, but not limited to, meeting national security or law enforcement requirements.
To enforce our rights and promote safety and security
We may share information if we believe your actions are inconsistent with our Terms Of Service, or to protect the rights, property, and safety of the Services, ourselves, and others.
Your Rights
Depending on your location, you may have certain rights regarding your personal data, including the right to access, correct, update, or request deletion of your personal data.
If you cannot exercise these through the admin panel, please reach out to us at support@grasp.is from your account email.
International Data Transfers
When providing the Services, Grasp may transfer and store information in countries other than your country of residence, including the United States.
By accessing or using the Services or otherwise providing information to us, you consent to the processing, transfer, and storage of information in and to the United States and other countries, where you may not have the same rights as you do under local law.
When we transfer the personal data of users in the EEA, UK and/or Switzerland, we rely on the Standard Contractual Clauses approved by the European Commission for such transfers or other transfer mechanisms deemed ‘adequate’ under applicable laws.
Children
Admin accounts may not be created or used by individuals under the age of 16 or the minimum legal age required in your jurisdiction.
Changes to This Policy
We may change this Privacy Policy from time to time. If we do, we will let you know by revising the date at the top of the policy. If the changes, in our sole discretion, are material, we may also notify you by sending an email to the address associated with your account or by otherwise providing notice through our Services.
We encourage you to review the Privacy Policy regularly to stay informed about our information practices and the ways you can help protect your privacy. By continuing to use our Services after Privacy Policy changes go into effect, you agree to be bound by the revised policy.
Grasp As Data Processor
When you use Grasp to collect feedback from others, we act as a data processor acting on your instructions.
You control how much information is collected by how you configure your feedback topics.
As a data controller you are ultimately responsible for ensuring compliance with applicable data protection laws when using our Service.
Your Responsibilities
As data controller for feedback responses, you are typically you are responsible for the following:
- Informing your users about what data you are collecting and how you are using it.
- Obtaining any necessary consents from your users for data collection and processing.
- Allowing users to exercise their rights regarding their personal data (e.g. access, correction, deletion).
- Responding to communications from and send data subject requests to appropriate authorities.
Note that specific rights may vary by jurisdiction.
How Grasp Helps You Comply
To make things easier for you, Grasp:
- Provides a separate user-focused privacy policy that outlines how Grasp processes feedback data.
- Provides you with a mechanism to get consent when gathering personal data, such as user's contact details.
This can be configured in topic settings. - Provides you with a mechanism to add a custom privacy notice and explain how data is going to be used.
This also can be configured in topic settings. - Provides you with a way to publish your email that users can use to exercise their rights.
Grasp will also provide communication and technical assistance when helping you respond to data subject requests. - Will notify you if it becomes aware of a confirmed data breach that compromises Customer Data.
- Will notify if Grasp receives requests from Supervisory Authorities related to the processing of Personal Data (unless prohibited by law).
For full details of our obligations as processor, please review the Grasp Data Processing Agreement and Subprocessor List .