Privacy Policy
Effective Date: February 20, 2026
Last Updated: February 20, 2026
1. Introduction
GroundSmarts ("we," "us," "our," or "Company") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.
This policy applies to all visitors and users of the GroundSmarts website (groundsmarts.com) and related services.
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Email address — used for authentication, order confirmations, and product update notifications
- Password — stored securely by our authentication provider (Supabase); we never have access to your plaintext password
2.2 Payment Information
When you make a purchase, payment is processed by Stripe. We do not store your credit card number, CVV, or full billing details on our servers. Stripe may collect:
- Credit/debit card details
- Billing address
- Transaction history
Stripe's handling of your data is governed by the Stripe Privacy Policy.
2.3 Contact Form Information
When you submit our contact form, we collect:
- Name
- Email address
- Company name (optional)
- Subject and message content
2.4 Automatically Collected Information
When you visit our website, we may automatically collect:
- Log data: IP address, browser type and version, operating system, referring URL, pages visited, and timestamps
- Cookies: Essential cookies required for authentication and session management
3. How We Use Your Information
We use the information we collect to:
| Purpose | Legal Basis |
|---|---|
| Process your purchases and deliver data products | Performance of contract |
| Authenticate your account and manage access | Performance of contract |
| Send order confirmations and product updates | Performance of contract |
| Respond to your inquiries via the contact form | Legitimate interest |
| Improve our website and services | Legitimate interest |
| Comply with legal obligations | Legal obligation |
4. Information Sharing
We do not sell, rent, or trade your personal information to third parties.
We share information only with the following service providers, strictly as needed to operate our business:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication and account management | Email, hashed password |
| Stripe | Payment processing | Payment details, email |
| Vercel | Website hosting | Server logs, IP addresses |
These providers are contractually obligated to protect your data and may only use it to provide services on our behalf. We may also disclose your information if required by law, court order, or governmental regulation.
5. Data Retention
- Account data is retained for as long as your account is active. You may request deletion at any time.
- Payment records are retained as required by tax and financial regulations (typically 7 years).
- Contact form submissions are retained for up to 2 years, then deleted.
- Server logs are retained for up to 90 days.
6. Cookies
We use only essential cookies required for:
- Authentication session management
- Security (CSRF protection)
We do not use advertising cookies, tracking pixels, or third-party analytics cookies. We do not participate in cross-site tracking.
7. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your personal data
- Portability: Request your data in a machine-readable format
- Objection: Object to processing of your data for certain purposes
To exercise any of these rights, contact us at privacy@groundsmarts.com. We will respond within 30 days.
8. California Privacy Rights (CCPA)
If you are a California resident, you have the right to:
- Know what personal information we collect and how it is used
- Request deletion of your personal information
- Opt out of the sale of your personal information (we do not sell personal information)
- Non-discrimination for exercising your privacy rights
9. Data Security
We implement industry-standard security measures to protect your data, including:
- Encrypted data transmission (TLS/HTTPS)
- Secure password hashing (managed by Supabase)
- Access controls limiting employee access to personal data
- Regular security reviews of our infrastructure
While we strive to protect your personal information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
10. Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child, we will promptly delete it.
11. International Users
Our services are operated from the United States. If you are accessing our services from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States. By using our services, you consent to this transfer.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on our website. Your continued use of our services after changes are posted constitutes your acceptance of the updated policy.
13. Contact Us
For questions or concerns about this Privacy Policy, or to exercise your data rights:
GroundSmarts
Email: privacy@groundsmarts.com
Website: https://groundsmarts.com
This Privacy Policy was last updated on February 20, 2026.