Privacy Policy. The Grind Books

Contents

Who we are
Information we collect
How we use your information
Who we share it with
Where your data is stored
How long we keep it
Your rights
Security
Children
International users
Changes to this policy
Contact

1. Who we are

The Grind Books is a software product operated by Measurable Media, a sole-proprietor business based in Colorado, United States. This Privacy Policy describes how we collect, use, and protect information when you use our website (thegrindbooks.com) and our application (the "Service").

When this policy says "we," "us," or "our," we mean Measurable Media. When it says "you" or "your," we mean any visitor to the site or any customer of the Service.

2. Information we collect

2.1 Information you provide directly

Email address, when you sign up for The Grind Books App or contact us.
Payment information, collected and processed by our payment provider, Stripe, Inc. We never see or store your full card details. We receive only a Stripe customer ID and subscription ID.
Business profile data, name, business name, trade type, license number, rates, contact info, and similar fields you choose to enter into the app. This data is used to populate documents and AI prompts.
Document and ledger data, estimates, invoices, change orders, follow-ups, receipts, and the structured data extracted from them.
Support communications, anything you email us about.

2.2 Information collected automatically

Server logs, when you interact with our API, our hosting provider records IP address, timestamps, user-agent strings, and request paths for security and debugging purposes.
Receipt scan logs, when you scan a receipt, we record whether the scan succeeded, how many AI tokens were used, and any error code. We do not store the photo or the extracted line items on our servers after the scan completes.

2.3 Information we do not collect

We do not use third-party analytics, advertising trackers, or cross-site cookies on our website.
We do not store the photos of your scanned receipts on our servers. Photo thumbnails stay in your browser's local storage.
We do not sell your data to advertisers or anyone else. Ever.

3. How we use your information

We use your information only for the following purposes:

To operate the Service, process subscriptions, run receipt scans, send activation and notification emails.
To communicate with you, send service notifications, respond to support inquiries, send important updates about the Service.
To improve the Service, diagnose problems, fix bugs, understand which features are used.
To comply with legal obligations, respond to lawful requests, enforce our Terms of Service, prevent fraud.

We do not use your data to train AI models, sell to third parties, or run advertising on or off our site.

We share information only with the third-party service providers we use to operate the Service ("subprocessors"). These providers act on our instructions and are contractually required to keep your data confidential.

Stripe, Inc., payment processing and subscription billing. (Stripe Privacy Policy)
Supabase, Inc., database hosting for subscription state and backup data. (Supabase Privacy Policy)
Railway Corp., application server hosting. (Railway Privacy Policy)
Netlify, Inc., website and frontend hosting. (Netlify Privacy Policy)
Resend, Inc., transactional email delivery (activation emails, receipts). (Resend Privacy Policy)
Anthropic, PBC. AI inference for receipt scanning. Receipt images are sent for processing and not retained per Anthropic's API terms. (Anthropic Privacy Policy)

We may also disclose information when required by law, in response to a valid legal request, or to protect the safety of our users.

5. Where your data is stored

The bulk of your data, documents, receipts, ledger entries, business profile, and any locally generated AI output, is stored in your browser's local storage on the device you use. It is not transmitted to our servers under normal use.

The exceptions are:

Subscription state, email, plan, status, Stripe customer ID, subscription ID, scan counts, stored on Supabase (United States).
Optional cloud backup, for Managed plan subscribers, structured (text-only) backups of your documents, receipts, and profile are stored on Supabase to enable recovery if your browser data is lost. Receipt photo thumbnails are not backed up. You can disable backups by clearing your browser's local storage and not signing back in.
Receipt scan logs, success/failure records (no image content) stored on Supabase.

6. How long we keep it

Active subscriber records, retained for the lifetime of your subscription.
Cancelled subscriber records, retained for 12 months after cancellation to handle support questions, then deleted.
Cloud backups, retained while your subscription is active. Deleted within 30 days of subscription cancellation, or immediately upon your request.
Server logs, retained for up to 90 days for security and debugging.
Support emails, retained as long as needed to resolve your inquiry and for reasonable follow-up.

You may request earlier deletion at any time (see Section 7).

7. Your rights

Depending on where you live (including under the European GDPR and California CCPA), you have the following rights:

Access, request a copy of the personal data we hold about you.
Correction, request that we correct inaccurate data.
Deletion, request that we delete your account and all associated data.
Portability, request your data in a portable format. Within the app, you can also export everything via the built-in Export function.
Opt-out of sale, we do not sell your data, but you have the right to confirm this.
Withdraw consent, cancel your subscription and discontinue use at any time.

To exercise any of these rights, email hello@thegrindbooks.com. We will respond within 30 days.

8. Security

We take reasonable, industry-standard precautions to protect your data, including:

HTTPS/TLS encryption for all data in transit.
Encrypted storage at rest with our hosting providers.
Server-side authentication tokens, not client-stored passwords.
Strict access controls, only the founder has access to production systems.
Rate limiting and input validation on all API endpoints.
Webhook signature verification for payment events.

No method of transmission or storage is 100% secure. If we become aware of a data breach affecting your personal information, we will notify you within 72 hours as required by applicable law.

9. Children

The Service is intended for use by business professionals over 18 years of age. We do not knowingly collect personal information from anyone under 16. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.

10. International users

Measurable Media is based in the United States, and your data is processed primarily in the United States. By using the Service, you consent to the transfer of your data to the U.S. for processing.

If you are located in the European Economic Area, United Kingdom, or another jurisdiction with cross-border data transfer restrictions, we rely on the standard contractual terms of our subprocessors (Stripe, Supabase, Netlify, Railway, Resend, Anthropic) for lawful transfer.

11. Changes to this policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. The "Last updated" date at the top of this page indicates when the most recent change was made. Material changes will be communicated by email or via prominent notice on the Service prior to taking effect.

12. Contact

Measurable Media
Operator of The Grind Books
Colorado, United States

Email: hello@thegrindbooks.com

For privacy-specific concerns, please put "Privacy" in the subject line and we will respond within 30 days.