Privacy Policy

1. Data Controller

GripAi ("we", "us", "our") is the data controller responsible for your personal data. Our registered contact details are:

Entity: GripAi
Email: hello@gamegrip.cloud
Website: gripai.uk

If you have any questions about this privacy policy or our data practices, please contact us at hello@gamegrip.cloud.

2. Information We Collect

2.1 Information You Provide

Account data: Email address, name, and API keys when you register for our services
Payment data: Processed securely by Stripe (our payment processor). We do not store your full card details — see Section 8
Communication data: Emails, support queries, and feedback you send us
API usage data: Content you submit to the Safety API for moderation (see Section 5 for retention)

2.2 Information We Collect Automatically

Technical data: IP address, browser type, operating system, device information, and referring URL
Usage data: Pages visited, features used, search queries, and interactions with our platform
Cookie data: See our Cookie Policy for full details

2.3 Publicly Available Data

GripAi crawls publicly available sources including gaming forums, hardware support sites, GitHub repositories, Steam community pages, Reddit, YouTube, and official driver release pages. We collect technical issue reports, bug reports, and driver release information only — not personal data from these sources.

3. Lawful Basis for Processing

Under UK GDPR (Article 6), we process your personal data on the following lawful bases:

Purpose	Lawful Basis
Providing our services and API access	Performance of a contract (Art. 6(1)(b))
Processing payments via Stripe	Performance of a contract (Art. 6(1)(b))
Sending essential service communications	Performance of a contract (Art. 6(1)(b))
Analytics and service improvement	Legitimate interest (Art. 6(1)(f))
Preventing fraud and abuse	Legitimate interest (Art. 6(1)(f))
Compliance with legal obligations	Legal obligation (Art. 6(1)(c))
Marketing communications (opt-in only)	Consent (Art. 6(1)(a))

Where we rely on legitimate interest, we have conducted a balancing test to ensure your rights are not overridden. You may request details of these assessments by contacting us.

4. How We Use Your Data

Provide, maintain, and improve our gaming intelligence, Safety API, hardware, and driver services
Process transactions and manage your subscription
Generate compliance reports, audit logs, and moderation analytics
Detect and prevent fraud, abuse, and security threats
Respond to support requests and communications
Analyse usage patterns to improve our classifiers and detection systems
Comply with legal obligations, including the UK Online Safety Act

5. Safety API — Data Processing

When you use the GripAi Safety API, you submit text content for moderation. This is important to understand:

Content processing: Text submitted to the /v1/moderate endpoint is processed in real-time by our AI classifiers and is not used to train our models
Audit logs: Moderation decisions (risk scores, category flags, decisions) are logged for compliance reporting purposes. These logs are available to you via the /v1/audit endpoints
Retention: API request logs are retained for 90 days by default. Audit logs are retained for the duration of your subscription plus 30 days. Enterprise customers can configure custom retention periods
Data processing agreement: For Studio and Enterprise plans, we provide a Data Processing Agreement (DPA) upon request

6. Children's Data

GripAi services are designed for use by game studios and developers (B2B). We do not knowingly collect personal data directly from children under 13.

Our Safety API processes content on behalf of our customers to protect children in gaming environments. The age band data (under_13, 13-15, 16-17, 18+) sent via API calls is provided by our customers and is used solely for moderation decisions — we do not use it to build profiles of individual children.

If you believe we have inadvertently collected personal data from a child, please contact us immediately at hello@gamegrip.cloud.

7. Cookies and Tracking

We use cookies and similar technologies for essential functionality and analytics. For full details, including how to manage your preferences, see our Cookie Policy.

Summary of cookies we use:

Type	Purpose	Duration
Essential	Authentication, session management, CSRF protection	Session / 30 days
Analytics	Privacy-friendly usage analytics (Umami — self-hosted, no personal data)	Session
Payment	Stripe checkout session cookies (set by Stripe on their domain)	Session

8. Third-Party Services and Data Sharing

We do not sell your personal data. We share data only with the following categories of third parties:

Third Party	Purpose	Data Shared
Stripe (stripe.com)	Payment processing	Email, payment details — processed under Stripe's own privacy policy
Infrastructure providers	Server hosting	Encrypted data at rest and in transit — UK-based servers
Umami Analytics (self-hosted)	Privacy-friendly website analytics	Anonymised page views — no personal data, no cookies

We may also disclose data where required by law, court order, or to protect our rights and safety.

9. International Data Transfers

Our primary servers are located in the United Kingdom. Where data is processed outside the UK (e.g., by Stripe for payment processing), we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner
UK adequacy regulations where applicable
Binding corporate rules of our service providers

10. Data Retention

Data Type	Retention Period
Account data	Duration of account + 30 days after deletion
Payment records	7 years (UK tax and accounting obligations)
API usage logs	90 days (configurable for Enterprise)
Audit/compliance logs	Duration of subscription + 30 days
Website usage analytics	12 months (anonymised)
Crawled public data	Indefinitely (public technical data only)
Support communications	24 months after resolution

11. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

TLS 1.2+ encryption for all data in transit
Encrypted data at rest on UK-based servers
API key authentication for all API access
Access controls and principle of least privilege
Regular security monitoring and updates

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and affected individuals without undue delay, as required by UK GDPR Articles 33 and 34.

12. Automated Decision-Making

Our Safety API uses AI classifiers (including DistilBERT neural networks and pattern-matching algorithms) to make automated content moderation decisions. These decisions:

Are made on content submitted by our customers, not on your personal data
Produce risk scores and recommended actions (ALLOW, WARN, REVIEW, BLOCK)
Can be overridden by human moderators via the review queue
Do not produce legal or similarly significant effects on individuals

If you believe an automated moderation decision has affected you unfairly, contact the game studio that uses our API. They can review the decision via our audit endpoints.

13. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right of access (Art. 15) — Request a copy of the personal data we hold about you
Right to rectification (Art. 16) — Request correction of inaccurate or incomplete data
Right to erasure (Art. 17) — Request deletion of your personal data ("right to be forgotten")
Right to restrict processing (Art. 18) — Request we limit how we use your data
Right to data portability (Art. 20) — Receive your data in a structured, machine-readable format
Right to object (Art. 21) — Object to processing based on legitimate interest
Right to withdraw consent — Where processing is based on consent, withdraw at any time
Right not to be subject to automated decisions (Art. 22) — See Section 12 above

To exercise any of these rights, contact us at hello@gamegrip.cloud. We will respond within one calendar month of receiving your request.

14. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk/make-a-complaint
Helpline: 0303 123 1113

We encourage you to contact us first at hello@gamegrip.cloud so we can try to resolve the issue directly.

15. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email to registered users and posted on this page with an updated "Last updated" date. We recommend reviewing this policy periodically.