Privacy Policy
This Privacy Policy explains how your personal information is collected, used, and protected when you use the Grovio - Business Learning mobile application (the "App"). Please read it carefully. By using the App, you agree to the practices described here.
1. Data Controller
The data controller responsible for your personal information is:
Grovio
Email: info@groviolearn.com
For privacy-related requests (access, correction, deletion, etc.), use the email above. We aim to respond within 30 days.
2. Information We Collect
Account Information
When you create an account, we collect:
- A unique account identifier generated by Grovio
- Your name and email address, as provided by your chosen sign-in method
- If you sign in with Apple: the Apple ID token and, if you choose to share it, your name. Apple may provide a relay email address rather than your actual email.
- If you sign in with Google: the Google OAuth token and associated email and name
Grovio does not operate its own email/password sign-in. We never see or store passwords.
Usage Information
As you use the App, we collect:
- Lessons you start, complete, and revisit
- Quiz answers and performance on review questions
- Daily activity timestamps (to calculate streak and progress)
- Your declared learning preferences (role, goals, time budget) from onboarding
Subscription Information
Subscription state is managed by RevenueCat, Inc. on our behalf. We receive from RevenueCat: subscription status, entitlement level, renewal date, and a pseudonymous App User ID that links the subscription to your account. Payment card details are handled exclusively by Apple and are never transmitted to or stored by Grovio or RevenueCat.
Device & Diagnostic Information
We use Sentry to diagnose crashes and errors. Sentry automatically collects:
- Device model and operating system version
- App version and build number
- Redacted stack traces and error context at the moment of a crash
We configure Sentry to scrub personally identifying information from error reports. We do not use Sentry for product analytics or marketing.
Information That Stays on Your Device
Some information is stored only on your device and is not transmitted to our servers:
- Your daily commitments and their completion status (v1)
- Your spaced-repetition review schedule (v1)
- Cached lesson content for offline access (via AsyncStorage and expo-secure-store)
If you uninstall the App or clear its local data, this information is lost and cannot be recovered.
Guest Mode
If you use Grovio in guest mode without creating an account, no account information is collected. Your progress is stored only on your device and is not synced to our servers. If you later sign in, we may offer to migrate your local progress to your account.
3. How We Use Your Information
- To provide and maintain the App's core functionality
- To sync your progress (XP, level, completed lessons, streak) across your devices
- To personalize your learning experience based on declared preferences
- To process your subscription and manage access to premium content
- To send service-related communications (account updates, subscription changes)
- To diagnose crashes and improve app stability
- To comply with applicable legal obligations
We do not use your information for advertising, behavioral profiling across apps or websites, or sale to third parties.
4. Legal Basis for Processing (GDPR)
If you are in the European Economic Area or the United Kingdom, we process your personal information on the following bases:
- Contract: Processing required to provide the services you requested, including account creation, progress sync, and subscription management.
- Legitimate Interests: Improving app stability and security, preventing fraud and abuse. These interests are balanced against your rights and freedoms.
- Consent: Where you have given explicit consent for specific processing. You may withdraw consent at any time.
- Legal Obligation: Complying with applicable laws, such as tax and record-keeping requirements.
5. Third-Party Service Providers
Grovio relies on the following sub-processors to operate. Each operates under their own privacy terms and, where applicable, under data processing agreements that include Standard Contractual Clauses for international transfers:
| Provider | Purpose | Data shared |
|---|---|---|
| Apple Inc. | Sign in with Apple; App Store delivery and billing | Apple ID token; payment and subscription data handled by Apple |
| Google LLC | Sign in with Google | OAuth token, email, name |
| RevenueCat, Inc. | Subscription state management | App User ID, subscription status, entitlements |
| Sentry (Functional Software, Inc.) | Crash and error diagnostics | Device model, OS version, redacted stack traces |
| Railway Corp. | Backend hosting (application and PostgreSQL database) | All account, usage, and subscription-sync data described in Section 2 |
Links to each provider's privacy policy: Apple · Google · RevenueCat · Sentry · Railway.
6. Data Storage, Retention, and International Transfers
Your account and usage data is stored on Railway infrastructure and transmitted using industry-standard encryption (HTTPS/TLS). Authentication tokens are hashed before storage where applicable.
Retention. We retain your account and usage data for as long as your account is active. If you delete your account, we permanently delete your personal data within 30 days, except where longer retention is required by law (for example, transaction records required for tax purposes, which are retained in line with Saudi regulatory requirements).
International transfers. Grovio is operated from Saudi Arabia. Our sub-processors operate data centers in multiple countries, including the United States and the European Union. For transfers of personal data from the EEA or the UK to jurisdictions that have not received an EU Commission adequacy decision, we rely on Standard Contractual Clauses (SCCs) as published by the European Commission, incorporated into our agreements with those sub-processors.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Access the personal information we hold about you
- Correct inaccurate information
- Request deletion of your information
- Receive your data in a portable, structured format
- Restrict or object to certain processing
- Withdraw consent previously given
- Lodge a complaint with your local data protection authority
To exercise any of these rights, email info@groviolearn.com. We will respond within 30 days. We do not charge a fee for reasonable requests.
Users in the European Economic Area and United Kingdom
We comply with the General Data Protection Regulation (GDPR) and the UK GDPR. The legal bases for processing are described in Section 4. You may contact your local supervisory authority if you believe your rights have been violated.
Users in California
We comply with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). You have the right to know what personal information we collect, to request deletion, and to correct inaccurate information.
Notice regarding sale and sharing of personal information: Grovio does not sell your personal information, and we do not share your personal information for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA. We have not sold or shared the personal information of any consumer, including any consumer we know to be under 16, in the preceding 12 months.
Users in Saudi Arabia
We comply with the Saudi Arabia Personal Data Protection Law (PDPL) and its implementing regulations as administered by the Saudi Data & Artificial Intelligence Authority (SDAIA).
8. Children's Privacy
Grovio is not directed at children. We do not knowingly collect personal information from anyone under the age of 16, or the minimum age for digital consent in the user's jurisdiction where different. If you believe a child has provided us with personal information, contact us and we will delete it promptly.
In line with CCPA/CPRA, we do not sell or share the personal information of any user known to be under 16 without the affirmative opt-in consent required by law.
9. Apple App Store Data Collection Summary
Consistent with the disclosures on our App Store product page, Grovio collects the following categories of data, each linked to your identity and used solely for app functionality (not for tracking across apps or websites):
- Contact Info: Name, email address (from sign-in)
- Identifiers: User ID (Grovio account identifier)
- Usage Data: Product interaction (lessons, quizzes, progress)
- Diagnostics: Crash data, performance data (via Sentry)
- Purchases: Purchase history (via RevenueCat)
Grovio does not collect location data, contacts, health data, sensitive information, browsing history, search history, or user-generated content. Grovio does not use tracking technologies.
10. Security
We take reasonable technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. No method of electronic transmission or storage is 100% secure; we cannot guarantee absolute security.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through the App or via email, and the "Last updated" date above will be revised. Your continued use of the App after changes take effect constitutes acceptance of the revised policy.
12. Contact Us
Questions, privacy requests, or complaints:
Email: info@groviolearn.com
Website: groviolearn.com