GDPR Privacy Policy

Effective date: February 14, 2025

1. Policy overview

This policy describes the safeguards Grinda AI Inc. (the "Company") applies to personal data collected, used, stored and transferred through the Rinda service (https://www.rinda.ai) in accordance with the EU General Data Protection Regulation (GDPR). The Company processes personal data lawfully, fairly and transparently, and treats the protection of user privacy as a first-order priority.

2. Purposes of collection and processing

The Company collects and processes personal data to deliver and improve the Rinda service, provide customer support, and offer tailored experiences. Specific purposes include:

  • Service delivery: account registration, support, contract performance, product improvements
  • Marketing and analytics: usage analysis and delivery of relevant content
  • Security operations: fraud prevention and incident response

3. Categories of personal data collected

The Company may collect the following categories of personal data in the course of providing the service:

  • Required: name, email address, contact number, login credentials
  • Optional: service usage records, IP address, cookie and device information
  • Additional: service requests and feedback submitted by the user

4. Legal bases for processing

The Company relies on the following GDPR legal bases when processing personal data:

  • Consent: where the user has given explicit consent
  • Contract: where processing is necessary to perform a contract with the user
  • Legal obligation: where processing is required to comply with applicable law
  • Legitimate interests: where necessary for the Company's legitimate interests, provided the impact on user rights and freedoms is minimised

5. Data retention

The Company retains personal data only for as long as necessary for the purposes for which it was collected:

  • during service use or the term of any contractual relationship, and thereafter for the retention period required by applicable law
  • once the retention period has elapsed or the processing purpose has been fulfilled, the data is securely deleted or anonymised

6. Rights of the data subject

In accordance with the GDPR, the Company guarantees the following rights to EU residents and all other users:

  • Right of access: to request access to personal data concerning you
  • Right to rectification: to request correction of inaccurate or incomplete personal data
  • Right to erasure (right to be forgotten): to request deletion of personal data
  • Right to restrict processing: to request restriction of processing in specific circumstances
  • Right to data portability: to receive personal data in a structured format or have it transmitted to another controller
  • Right to object: to object to processing of personal data
  • Right to withdraw consent: to withdraw consent at any time where processing is based on consent

7. Disclosure to third parties and international transfers

Except where required by law, the Company does not disclose personal data to third parties without the prior consent of the user.

Personal data may be transferred outside the EU during service operation. In such cases, the Company implements appropriate safeguards under the GDPR (for example standard contractual clauses or adequacy decisions) to ensure the data is handled securely.

8. Technical and organisational safeguards

The Company has implemented the following safeguards to ensure secure processing:

  • Encryption: encryption of data in transit and at rest
  • Access control: management of internal access privileges and ongoing staff training
  • Security monitoring: continuous system monitoring and intrusion detection
  • Regular review: periodic vulnerability assessments and remediation

9. Processors

The Company may engage specialised processors to operate the service efficiently. In every such case, a data processing agreement is executed to ensure GDPR compliance.

10. Changes and notifications

This policy may be updated to reflect legal changes or product improvements.

We will notify users of material changes via an in-service announcement or on our website. Updated terms take effect upon posting.

11. Contact us

For GDPR enquiries, personal-data requests, or complaints, please contact us using the details below:

  • Company: Grinda AI Inc.
  • Department: Privacy Office
  • Email: privacy@grinda.ai
  • Address: 99 Daehak-ro, Yuseong-gu, Daejeon 34141, Republic of Korea (Daejeon Tipstown, 503)