Our Privacy Philosophy
We believe trust begins with architecture. Privacy is not a compliance checkmark added after a project is finished; it is one of the foundational engineering parameters behind every workflow database, custom AI context vault, and automated operating system we deploy. Every workflow follows the principle of minimum necessary data.
- Designed with Privacy First Principles.
- Engineered for Founder Ownership.
- Minimum necessary data retention paths.
- Permanent vector index containment.
What We Collect
We maintain a minimal telemetry indexing database. We only record variables strictly required to route operational logic and secure client connections.
1. Personal Coordinates
Name, email, and calendly scheduling data — submitted voluntarily during project kickoffs and diagnostic audits.
2. Systems Integration Logs
System webhook URLs, database connection maps, and n8n orchestration triggers required to establish operational bridges.
3. Communications History
Diagnostic logs and chat telemetry recordings generated when interacting with the client diagnostic assistant portal.
4. Zero Ingestion Policy
We enforce zero-ingestion parameters for government credentials, medical details, or credit records. Payments are handled via Stripe.
AI Processing & Data Routing
As an AI-native company, we configure and route prompts using strict boundaries to guarantee that your company intellectual capital remains completely secure.
Prompt Isolation & Non-Training Limits
All AI workflows, vector searches, and LLM completions execute via zero-data-retention APIs (such as Anthropic Claude API, Google Gemini API, or private VPC model deployments). Prompts and outputs are never stored by model hosts and are **never used to train public LLM models**.
Human-in-the-Loop Safeguards
Critical system edits, code deployments, and publishing outputs generated by custom models require human verification and manual approval before sync triggers fire.
Zero Telemetry Training Guarantee
Your proprietary knowledge databases, private records, and custom vectors are never used to train public AI models without your explicit, written permission.
100% Data & IP Ownership
Unlike marketing agencies that lock you into proprietary tools, GroShala operates under a complete ownership transfer model. You own all raw intellectual property we construct.
✓ Founder Voice & Memories
All recorded voice files, semantic transcript vectors, and custom knowledge models belong fully to you.
✓ Workflows & Automation Nodes
All n8n workflow definitions, automated databases schema maps, and custom API connector scripts.
✓ System Codebases
100% of Next.js frontend codebases, custom admin portals, and database credentials are handed over on completion.
✓ AI Prompt Libraries
Every custom context prompt library, agent instructions grid, and Fine-Tuning weight template.
Security Architecture
We construct secure environment nodes for every client operating system to isolate sensitive company assets.
End-to-End Encryption
EXPAND +All data encrypted in transit and at rest.
Secure Infrastructure
EXPAND +Isolated client containers and data nodes.
Role-Based Access Control
EXPAND +Strict credentials validation and logs.
Audit Logging
EXPAND +Continuous tracking of system changes.
Automated Redundancy & Backups
EXPAND +Real-time vector vault snapshots.
Zero Cached Telemetry
EXPAND +Zero public model retention limits.
Founder Presence OS Privacy
Our flagship positioning engine uses secure transcription pathways, strict memory index separation, and full export capabilities to guarantee trust.
Memory Isolation
Founder memories and database vectors are partitioned at schema level, ensuring zero cross-tenant contamination.
VPC Deployment Option
For enterprises, we can host vectors and model endpoints inside your own private cloud instance (AWS/GCP).
Handoff Deletion
Once system files are delivered, we permanently delete any local raw audio or text files from GroShala's sandbox servers.
Security Incident Response
We enforce a strict response workflow to immediately isolate, analyze, and patch any security vulnerabilities:
Anomaly Isolation
Our automated telemetry system flags anomalous query access patterns and locks down affected API endpoints within 2 minutes. A security architect is immediately allocated to investigate.
Direct Disclosure
In the event of confirmed unauthorized access, affected clients are notified directly via secure communication channels within 24 hours (or sooner if legally required), detailing threat scope.
Forensic Audit
We perform system-wide forensics analysis, isolated environment logs inspection, and path tracing to determine the vulnerability entry vector and secure credentials vaults.
Infrastructure Hardening
We deploy immediate code patches, rotate all database secret tokens, verify IAM parameters, and apply structural security hardening to prevent future vulnerabilities.
Third-Party Services
We route client data only to vetted cloud providers. Each provider operates under strict tenant parameters:
AWS (Amazon Web Services)
ACTIVESupabase (PostgreSQL)
ACTIVEAnthropic API (Claude)
ACTIVEResend
ACTIVECalendly
ACTIVEInternational Transfers
Because GroShala operates globally, your information may be processed on servers located outside your home jurisdiction. When transferring records internationally, we implement strict safeguards:
- Standard Contractual Clauses (SCCs) to govern data transfers from EU/UK jurisdictions.
- Hosting region selections (e.g. Frankfurt, Germany) available for strict localized tenants.
- Compliance with the EU-U.S. Data Privacy Framework principles.
Data Retention Policy
We maintain records only for the period necessary to deliver our services, debug code setups, and comply with tax regulations:
Your Rights & Data Request
We respect your rights over your data. You may request access to, correction of, or permanent deletion of your records at any time. We will respond within **30 days**.