GraisGrais logo
Sign In

Privacy Policy for Grais

Effective Date: October 9th, 2024

Grais is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our product — currently offered as a Chrome Extension, and in the future, as a web and desktop application ("the App").

1. Scope of This Policy

This Privacy Policy applies to your use of the Grais Chrome Extension and any future versions or formats of the product, including web, desktop, and mobile applications (collectively referred to as "Grais" or "the App"). As we grow, we will update this Policy to reflect changes in data practices, always with transparency and your privacy in mind.

2. Information We Collect

We only collect what's necessary to provide Grais' features, with a strong preference for local processing whenever possible.

We may collect:

  • User-provided data, such as tone preferences, personalization inputs, or memory entries
  • Contextual snippets selected by the user to generate responses
  • Anonymized usage data, including feature toggles and performance metrics

We do not collect full message histories or browsing data unless explicitly required and consented to for a specific feature.

3. How We Use Your Data

We use the data we collect to:

  • Generate personalized, context-aware replies
  • Enhance your user experience
  • Maintain and improve our service
  • Ensure platform security and prevent abuse

We do not:

  • Sell or rent your data to third parties
  • Use your data for advertising
  • Access message content unless it is actively selected and submitted for processing

4. Local-First Design & Optional Cloud Processing

By default, Grais processes all available data locally in your browser or on your device. Some features — such as advanced AI-generated replies or cloud-based memory sync — may require secure, temporary cloud processing.

These features are:

  1. Optional and clearly labeled in the App
  2. Disabled by default, unless explicitly enabled by the user
  3. Reversible — users can opt out and delete their synced data at any time

5. Data Retention & Deletion

We retain personal data only for as long as it's needed to deliver the service or meet legal obligations. Specifically:

  • Locally stored data remains on your device and can be deleted by you at any time
  • Temporarily processed AI input is discarded after completion of the task
  • Synced data (if enabled) is stored securely and can be fully deleted upon request

You can request data deletion or export by emailing hello@grais.app or through the App settings.

6. Security

We use modern security standards to protect your data, including:

  • End-to-end encryption for communication between the App and any external services
  • Secure access controls and infrastructure monitoring
  • Internal data access restrictions — our team cannot view your conversations

7. Third-Party Services

We may use trusted third-party providers to operate and improve Grais, such as:

  • Cloud providers for optional AI processing (e.g., OpenAI, Anthropic)
  • Analytics tools for anonymized usage statistics

All such providers are contractually bound to handle your data securely and only for the purposes we specify.

8. GDPR Compliance

If you are located in the European Economic Area (EEA), we process your personal data in accordance with the General Data Protection Regulation (GDPR). Legal bases for processing include:

  • Performance of a contract – delivering the App and its features
  • Consent – for features like cloud sync, memory, or external AI services
  • Legitimate interest – to ensure security and service quality

As a data subject, you have the right to:

  1. Access your personal data
  2. Correct inaccurate data
  3. Delete your data
  4. Withdraw consent
  5. Request portability
  6. Lodge a complaint with a supervisory authority

For any requests, contact us at hello@grais.app.

9. Data Processing Agreement (DPA) for Business Customers

If you are a business using Grais and require a Data Processing Agreement (DPA), we are happy to provide one upon request.

Under our standard DPA:

  • You (the business) are the data controller, and Grais is the data processor
  • We process personal data solely in accordance with your instructions
  • We implement strong technical and organizational safeguards
  • We will inform you promptly of any data breach
  • Sub-processors (e.g., hosting or AI providers) are listed and bound by equivalent safeguards

Please reach out to legal@grais.app to request a signed DPA or more information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. All changes will be posted on this page, and for material updates, we will notify users directly within the App.

11. Contact Us

If you have any questions, concerns, or requests about this Privacy Policy or how your data is handled, reach out anytime: