grande

Privacy Policy

Last Updated: January 2025

1. Introduction

This Privacy Policy explains how GrandeApp (“Grande”, “we”, “us”) collects, stores, and protects your personal information when you use grandeapp.com, our Monday.com app, or any related services.

2. Information We Collect

We store certain Personal Identifiable Information (PII) as part of providing our services.

A. Personal Information We Store

  • Email address (required for login)
  • Name (if provided)
  • Social media usernames and profile links
  • Location (city, country)

B. Creator & Brand Data

  • Campaign details and deliverables
  • Uploaded content
  • Demographic data (if connected via API)

C. Usage & Device Data

  • IP address
  • Browser type
  • Page interactions
  • Analytics events

D. Payments

Payments are processed through Stripe. We do not store credit card numbers.

3. How We Use Your Information

  • Create and manage accounts
  • Match creators with brands
  • Provide AI-powered campaign suggestions
  • Improve performance and security
  • Process payments (Stripe)

4. How We Share Your Information

  • Stripe — secure subscription billing
  • Google Analytics — performance measurement only
  • Creators/brands participating in your campaigns
  • Law enforcement (only when legally required)

We never sell personal information.

5. Cookies & Tracking

We use cookies for performance, analytics, and login functionality.

Third-Party Services

Google Analytics

Used only for performance measurement. No PII is shared.

  • IP anonymization enabled
  • No advertising features

Stripe

Used for secure billing and payments.

  • We do not store card numbers
  • Stripe is PCI-DSS Level-1 certified

No other analytics, advertising, or tracking tools are used.

6. Data Security

GrandeApp uses industry-standard security controls to protect all stored PII data.

PII Stored Securely

Email, account data, and verification tokens are stored in encrypted MySQL volumes (AES-256 encryption at rest).

Secrets Management

All secrets — Stripe keys, DB passwords, Mailgun keys — are stored only in encrypted environment variables, never in code.

SQL Injection Protection

await pool.query(
  "SELECT * FROM Brand WHERE email = ? LIMIT 1",
  [email]
);

All communication uses TLS 1.2+.

7. Your Rights

  • Access your data
  • Correct your information
  • Request deletion
  • Download your data

8. Children's Privacy

GrandeApp is not intended for individuals under 18.

9. International Transfers

Data may be processed outside your country using secure, compliant infrastructure.

10. Changes

We may update this Privacy Policy as needed. Continued use means acceptance.

11. Contact Us

For privacy-related questions, email:
[email protected]

Thank you for trusting GrandeApp.