Privacy Policy

Data we collect

Identity and access

When you sign up, we collect your email address and, optionally, your team name. We use this to personalize your account and communicate service updates. We never sell your personal information to third parties.

Billing information

Payment details are processed directly by our payment processor (Stripe) and never touch Grepture servers. We retain transaction records and billing addresses for invoicing and fraud detection.

API traffic data

When requests flow through the Grepture proxy, we log operational metadata: HTTP method, status code, latency, and which detection rules matched. By default, request and response content is stored (encrypted at rest) for your audit trail.

Enable zero-data mode and all request content stays in memory only — never written to disk. Only operational metadata is retained. This is a single toggle in your dashboard.

Geolocation data

We log anonymized IP addresses during signup and account access for security and fraud prevention purposes.

Website and product analytics

We use Pirsch (privacy-friendly, cookie-free analytics) on our marketing site and PostHog (product analytics) on both the marketing site and dashboard. Both are EU-hosted. We do not use Google Analytics. No personal data is shared with advertisers.

Cookies

We use first-party cookies for authentication and session management. We do not use third-party tracking cookies or advertising cookies.

How we use your data

• To provide, maintain, and improve the Grepture service
• To authenticate your requests and manage your account
• To process payments and send invoices
• To send service-related communications (e.g., security alerts, downtime notices)
• To detect and prevent fraud and abuse
• To comply with legal obligations

Data access and disclosure

Grepture employees access your account data only with your permission (e.g., when troubleshooting a support request) or as a last resort when investigating potential abuse. We may disclose data when legally required or to third-party subprocessors listed on our Subprocessors page.

Your rights

Under the GDPR and other applicable data protection laws, you have the following rights:

• Right to know — what personal data we collect and why
• Right of access — request a copy of your personal data
• Right to correction — correct inaccurate personal data
• Right to erasure — request deletion of your personal data (this may prevent continued service use)
• Right to restrict processing — limit how we use your data
• Right to object — object to our processing of your data
• Right to portability — receive your data in a machine-readable format
• Right to complain — lodge a complaint with your local supervisory authority

To exercise any of these rights, contact us at hello@grepture.com.

Security

All data in transit is encrypted via TLS. All data at rest is encrypted. Database backups are encrypted. We use row-level security policies to ensure data isolation between teams.

Data retention

Account data is retained for the duration of your account. Upon account deletion, all data is permanently removed from active systems within 30 days and from backups within 60 days. Traffic log data follows your retention settings and zero-data mode configuration.

Subprocessors

We use a small number of third-party services to operate Grepture. All subprocessors are hosted in the European Union. See our Subprocessors page for the full list.

Data location

All Grepture infrastructure is hosted in the European Union. Your data does not leave the EU.

Changes to this policy

We may update this privacy policy from time to time. Material changes will be communicated via email to account holders. The “last updated” date at the top reflects the most recent revision.

Contact

Questions about this privacy policy? Contact us at hello@grepture.com.