Trust & Security Center

Privacy by Architecture.

Every system we build is designed with privacy, transparency, security, and founder ownership at its core.

Privacy FirstAI TransparentSecure by DesignFounder OwnedGlobal Compliance
✓ Privacy by Design✓ Zero Data Selling✓ Founder-Owned Knowledge✓ Enterprise Security✓ AI Transparency✓ Global Compliance
Effective Date: January 1, 2024
Last Updated: May 2026
Jurisdiction: Global

GDPR Compliant

Standard Contractual Clauses active for global tenants.

Zero Data Selling

We never monetize or trade founder knowledge vaults.

Founder Owned

You retain 100% ownership of code and vector weights.

Secure Infrastructure

Isolated environment servers with automated backups.

AI Transparency

Zero telemetry prompt logging to public models.

Designed Globally

Conforming to EU GDPR, US CCPA, and Indian PDPA.

[01] PHILOSOPHY

Our Privacy Philosophy

We believe trust begins with architecture. Privacy is not a compliance checkmark added after a project is finished; it is one of the foundational engineering parameters behind every workflow database, custom AI context vault, and automated operating system we deploy. Every workflow follows the principle of minimum necessary data.

Protected by Architecture
  • Designed with Privacy First Principles.
  • Engineered for Founder Ownership.
  • Minimum necessary data retention paths.
  • Permanent vector index containment.
[02] TELEMETRY

What We Collect

We maintain a minimal telemetry indexing database. We only record variables strictly required to route operational logic and secure client connections.

1. Personal Coordinates

Name, email, and calendly scheduling data — submitted voluntarily during project kickoffs and diagnostic audits.

2. Systems Integration Logs

System webhook URLs, database connection maps, and n8n orchestration triggers required to establish operational bridges.

3. Communications History

Diagnostic logs and chat telemetry recordings generated when interacting with the client diagnostic assistant portal.

4. Zero Ingestion Policy

We enforce zero-ingestion parameters for government credentials, medical details, or credit records. Payments are handled via Stripe.

[03] INTELLIGENCE

AI Processing & Data Routing

As an AI-native company, we configure and route prompts using strict boundaries to guarantee that your company intellectual capital remains completely secure.

Prompt Isolation & Non-Training Limits

All AI workflows, vector searches, and LLM completions execute via zero-data-retention APIs (such as Anthropic Claude API, Google Gemini API, or private VPC model deployments). Prompts and outputs are never stored by model hosts and are **never used to train public LLM models**.

Human-in-the-Loop Safeguards

Critical system edits, code deployments, and publishing outputs generated by custom models require human verification and manual approval before sync triggers fire.

Zero Telemetry Training Guarantee

Your proprietary knowledge databases, private records, and custom vectors are never used to train public AI models without your explicit, written permission.

[04] OWNERSHIP

100% Data & IP Ownership

Unlike marketing agencies that lock you into proprietary tools, GroShala operates under a complete ownership transfer model. You own all raw intellectual property we construct.

Founder Voice & Memories

All recorded voice files, semantic transcript vectors, and custom knowledge models belong fully to you.

Workflows & Automation Nodes

All n8n workflow definitions, automated databases schema maps, and custom API connector scripts.

System Codebases

100% of Next.js frontend codebases, custom admin portals, and database credentials are handed over on completion.

AI Prompt Libraries

Every custom context prompt library, agent instructions grid, and Fine-Tuning weight template.

[05] INFRASTRUCTURE

Security Architecture

We construct secure environment nodes for every client operating system to isolate sensitive company assets.

End-to-End Encryption

EXPAND +

All data encrypted in transit and at rest.

Secure Infrastructure

EXPAND +

Isolated client containers and data nodes.

Role-Based Access Control

EXPAND +

Strict credentials validation and logs.

Audit Logging

EXPAND +

Continuous tracking of system changes.

Automated Redundancy & Backups

EXPAND +

Real-time vector vault snapshots.

Zero Cached Telemetry

EXPAND +

Zero public model retention limits.

[06] FOUNDER OS

Founder Presence OS Privacy

Our flagship positioning engine uses secure transcription pathways, strict memory index separation, and full export capabilities to guarantee trust.

Memory Isolation

Founder memories and database vectors are partitioned at schema level, ensuring zero cross-tenant contamination.

VPC Deployment Option

For enterprises, we can host vectors and model endpoints inside your own private cloud instance (AWS/GCP).

Handoff Deletion

Once system files are delivered, we permanently delete any local raw audio or text files from GroShala's sandbox servers.

[07] INCIDENT RESPONSE

Security Incident Response

We enforce a strict response workflow to immediately isolate, analyze, and patch any security vulnerabilities:

01 // IMMEDIATE INVESTIGATION

Anomaly Isolation

Our automated telemetry system flags anomalous query access patterns and locks down affected API endpoints within 2 minutes. A security architect is immediately allocated to investigate.

02 // CLIENT NOTIFICATION

Direct Disclosure

In the event of confirmed unauthorized access, affected clients are notified directly via secure communication channels within 24 hours (or sooner if legally required), detailing threat scope.

03 // ROOT-CAUSE ANALYSIS

Forensic Audit

We perform system-wide forensics analysis, isolated environment logs inspection, and path tracing to determine the vulnerability entry vector and secure credentials vaults.

04 // PERMANENT REMEDIATION

Infrastructure Hardening

We deploy immediate code patches, rotate all database secret tokens, verify IAM parameters, and apply structural security hardening to prevent future vulnerabilities.

[08] THIRD-PARTIES

Third-Party Services

We route client data only to vetted cloud providers. Each provider operates under strict tenant parameters:

AWS (Amazon Web Services)

ACTIVE
PurposeCloud Infrastructure & Hosting
Security StatusISO 27001 Certified
EncryptionEnabled (AES-256)
Data Control100% Client

Supabase (PostgreSQL)

ACTIVE
PurposeDatabase & Vector Index Storage
Security StatusSOC2 Type II Compliant
EncryptionEnabled (AES-256)
Data Control100% Client

Anthropic API (Claude)

ACTIVE
PurposePrivate AI Processing & Analysis
Security StatusZero Data Retention API
EncryptionEnabled (TLS 1.3)
Data ControlZero Training (Opt-Out Active)

Resend

ACTIVE
PurposeTransactional Email & SMTP Delivery
Security StatusDKIM / SPF Authenticated
EncryptionEnabled (TLS 1.2+)
Data Control100% Client

Calendly

ACTIVE
PurposeScheduling & Strategy Sync
Security StatusSOC2 Compliant
EncryptionEnabled (SSL/TLS)
Data Control100% Client
[09] TRANSFERS

International Transfers

Because GroShala operates globally, your information may be processed on servers located outside your home jurisdiction. When transferring records internationally, we implement strict safeguards:

  • Standard Contractual Clauses (SCCs) to govern data transfers from EU/UK jurisdictions.
  • Hosting region selections (e.g. Frankfurt, Germany) available for strict localized tenants.
  • Compliance with the EU-U.S. Data Privacy Framework principles.
[10] RETENTION

Data Retention Policy

We maintain records only for the period necessary to deliver our services, debug code setups, and comply with tax regulations:

CONTACT INQUIRIES
12 Months
CLIENT SYSTEM METRICS
Active Contract
TAX & TRANSACTION LOGS
7 Years (Legal Limit)
[11] RIGHTS

Your Rights & Data Request

We respect your rights over your data. You may request access to, correction of, or permanent deletion of your records at any time. We will respond within **30 days**.

Supported Frameworks

Compliance Standard Maps

GDPR // COMPLIANCE

European Union

Standard Contractual Clauses (SCCs) Active

CCPA // COMPLIANCE

United States (CA)

Right to Know, Delete, and Opt-Out Guaranteed

DPDP Act // COMPLIANCE

India

Data Principal Rights and Consent-Based Processing

Privacy by Design // COMPLIANCE

Global Standard

Architected directly into database schemas

Trust Guarantees

Our Commitments

COMMITMENT // 01

We never sell or rent your personal data.

COMMITMENT // 02

We collect only what is strictly necessary.

COMMITMENT // 03

You own all your systems and vector outputs.

COMMITMENT // 04

You can request complete deletion at any time.

COMMITMENT // 05

You maintain complete admin access keys control.

COMMITMENT // 06

Transparent AI model routing and zero retention.

COMMITMENT // 07

Human oversight integrated into crucial updates.

COMMITMENT // 08

Security and privacy evaluated at architecture phase.

DOCUMENT REGISTRATION

Privacy Policy • Version 2.1

Last UpdatedMay 2026
Next Scheduled ReviewNovember 2026
Privacy Team

Your Knowledge Deserves Better Infrastructure.

The same engineering discipline we apply to AI systems, automation infrastructure, and Founder Presence OS is applied to protecting every piece of information you trust us with.

Privacy Controller Office
Privacy TeamGroShala Support Unit
CompanyGroShala
Response TimeWithin 48 Business Hours
AvailabilityMonday–Saturday

SECURE PROVISIONING • INTEGRATED AI CHATBOT • EXCLUSIVE PORTAL ACCESS