Privacy Policy
Grovio keeps two separate privacy policies because the website and the mobile app collect different information, for different purposes, using different providers. This page contains both:
Part 1 Website Privacy Policy
This part applies to the Grovio website at groviolearn.com when you visit it in a web browser. It does not apply to the Grovio mobile app — for that, see the App Privacy Policy below.
Who is responsible
The data controller for the website is Grovio. For any privacy request, email info@groviolearn.com; we aim to respond within 30 days.
What the website collects
The website is a static marketing site. By default — before you make any choice — it does not collect personal information, set advertising cookies, or track you. The only data handled without your consent is:
- Your consent preference (essential). When you accept or decline analytics, we store that single choice in your browser's local storage (a value named
grovio-consent). It stays on your device, is never sent to our servers, and is not a cookie. Clearing your browser storage resets it.
Analytics — only with your consent
If, and only if, you select "Accept" on the consent banner, we load Google Analytics 4 (provided by Google LLC) to understand how visitors use the site. We use Google Consent Mode, so no analytics or advertising storage is used until you consent, and analytics runs with IP anonymization enabled.
When enabled, Google Analytics may collect: pages viewed and time spent, approximate location (country or region, derived from a truncated IP address), device and browser type, and the referring source. We use this only in aggregate to improve the site — never to identify you personally and never for advertising. If you select "Decline", no analytics is loaded and no analytics cookies are set.
Cookies
The website sets no cookies unless you consent to analytics. If you consent, Google Analytics sets its own cookies to measure usage; if you decline, none are set. Separately, we use browser local storage (not a cookie) solely to remember your consent choice, as described above.
Campaign links
Some of our ads and posts use a short link (groviolearn.com/get) that forwards you to the App Store or Google Play. If that link carries a campaign tag (for example utm_source=tiktok), the tag is recorded and passed on to the App Store or Google Play so we can measure which campaign led to an install. This is standard marketing attribution and is not linked to your identity.
Hosting and server logs
The website is hosted by Hostinger. As with most web hosts, Hostinger's servers may automatically record standard technical log data (such as IP address, browser type, and pages requested) for security, reliability, and operation of the service. See Hostinger's privacy policy.
Legal basis (GDPR / UK GDPR)
- Consent: for loading Google Analytics and setting analytics cookies. You may withdraw consent at any time.
- Legitimate interests: for the essential operation and security of the site, including server logs and remembering your consent choice.
Your choices
You can accept or decline analytics using the consent banner. To withdraw a prior "Accept", decline on the banner or clear this site's data in your browser — analytics will not load on future visits. The data rights described in the App Privacy Policy (see Your Rights) apply to website data too; email info@groviolearn.com to exercise them.
Part 2 App Privacy Policy
This part applies to the Grovio – Business Learning mobile application (the "App"). It does not apply to the website — for that, see the Website Privacy Policy above.
This part explains how your personal information is collected, used, and protected when you use the App. Please read it carefully. By using the App, you agree to the practices described here.
1. Data Controller
The data controller responsible for your personal information is:
Grovio
Email: info@groviolearn.com
For privacy-related requests (access, correction, deletion, etc.), use the email above. We aim to respond within 30 days.
2. Information We Collect
Account Information
When you create an account, we collect:
- A unique account identifier generated by Grovio
- Your name and email address, as provided by your chosen sign-in method
- If you sign in with Apple: the Apple ID token and, if you choose to share it, your name. Apple may provide a relay email address rather than your actual email.
- If you sign in with Google: the Google OAuth token and associated email and name
Grovio does not operate its own email/password sign-in. We never see or store passwords.
Usage Information
As you use the App, we collect:
- Lessons you start, complete, and revisit
- Quiz answers and performance on review questions
- Daily activity timestamps (to calculate streak and progress)
- Your declared learning preferences (role, goals, time budget) from onboarding
Subscription Information
Subscription state is managed by RevenueCat, Inc. on our behalf. We receive from RevenueCat: subscription status, entitlement level, renewal date, and a pseudonymous App User ID that links the subscription to your account. Payment card details are handled exclusively by Apple and are never transmitted to or stored by Grovio or RevenueCat.
Device & Diagnostic Information
We use Sentry to diagnose crashes and errors. Sentry automatically collects:
- Device model and operating system version
- App version and build number
- Redacted stack traces and error context at the moment of a crash
We configure Sentry to scrub personally identifying information from error reports. We do not use Sentry for product analytics or marketing.
Information That Stays on Your Device
Some information is stored only on your device and is not transmitted to our servers:
- Your daily commitments and their completion status (v1)
- Your spaced-repetition review schedule (v1)
- Cached lesson content for offline access (via AsyncStorage and expo-secure-store)
If you uninstall the App or clear its local data, this information is lost and cannot be recovered.
Guest Mode
If you use Grovio in guest mode without creating an account, no account information is collected. Your progress is stored only on your device and is not synced to our servers. If you later sign in, we may offer to migrate your local progress to your account.
3. How We Use Your Information
- To provide and maintain the App's core functionality
- To sync your progress (XP, level, completed lessons, streak) across your devices
- To personalize your learning experience based on declared preferences
- To process your subscription and manage access to premium content
- To send service-related communications (account updates, subscription changes)
- To diagnose crashes and improve app stability
- To comply with applicable legal obligations
We do not use your information for advertising, behavioral profiling across apps or websites, or sale to third parties.
4. Legal Basis for Processing (GDPR)
If you are in the European Economic Area or the United Kingdom, we process your personal information on the following bases:
- Contract: Processing required to provide the services you requested, including account creation, progress sync, and subscription management.
- Legitimate Interests: Improving app stability and security, preventing fraud and abuse. These interests are balanced against your rights and freedoms.
- Consent: Where you have given explicit consent for specific processing. You may withdraw consent at any time.
- Legal Obligation: Complying with applicable laws, such as tax and record-keeping requirements.
5. Third-Party Service Providers
Grovio relies on the following sub-processors to operate. Each operates under their own privacy terms and, where applicable, under data processing agreements that include Standard Contractual Clauses for international transfers:
| Provider | Purpose | Data shared |
|---|---|---|
| Apple Inc. | Sign in with Apple; App Store delivery and billing | Apple ID token; payment and subscription data handled by Apple |
| Google LLC | Sign in with Google | OAuth token, email, name |
| RevenueCat, Inc. | Subscription state management | App User ID, subscription status, entitlements |
| Sentry (Functional Software, Inc.) | Crash and error diagnostics | Device model, OS version, redacted stack traces |
| Railway Corp. | Backend hosting (application and PostgreSQL database) | All account, usage, and subscription-sync data described in Section 2 |
Links to each provider's privacy policy: Apple · Google · RevenueCat · Sentry · Railway.
6. Data Storage, Retention, and International Transfers
Your account and usage data is stored on Railway infrastructure and transmitted using industry-standard encryption (HTTPS/TLS). Authentication tokens are hashed before storage where applicable.
Retention. We retain your account and usage data for as long as your account is active. If you delete your account, we permanently delete your personal data within 30 days, except where longer retention is required by law (for example, transaction records required for tax purposes, which are retained in line with Saudi regulatory requirements).
International transfers. Grovio is operated from Saudi Arabia. Our sub-processors operate data centers in multiple countries, including the United States and the European Union. For transfers of personal data from the EEA or the UK to jurisdictions that have not received an EU Commission adequacy decision, we rely on Standard Contractual Clauses (SCCs) as published by the European Commission, incorporated into our agreements with those sub-processors.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Access the personal information we hold about you
- Correct inaccurate information
- Request deletion of your information
- Receive your data in a portable, structured format
- Restrict or object to certain processing
- Withdraw consent previously given
- Lodge a complaint with your local data protection authority
To exercise any of these rights, email info@groviolearn.com. We will respond within 30 days. We do not charge a fee for reasonable requests.
Users in the European Economic Area and United Kingdom
We comply with the General Data Protection Regulation (GDPR) and the UK GDPR. The legal bases for processing are described in Section 4. You may contact your local supervisory authority if you believe your rights have been violated.
Users in California
We comply with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). You have the right to know what personal information we collect, to request deletion, and to correct inaccurate information.
Notice regarding sale and sharing of personal information: Grovio does not sell your personal information, and we do not share your personal information for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA. We have not sold or shared the personal information of any consumer, including any consumer we know to be under 16, in the preceding 12 months.
Users in Saudi Arabia
We comply with the Saudi Arabia Personal Data Protection Law (PDPL) and its implementing regulations as administered by the Saudi Data & Artificial Intelligence Authority (SDAIA).
8. Children's Privacy
Grovio is not directed at children. We do not knowingly collect personal information from anyone under the age of 16, or the minimum age for digital consent in the user's jurisdiction where different. If you believe a child has provided us with personal information, contact us and we will delete it promptly.
In line with CCPA/CPRA, we do not sell or share the personal information of any user known to be under 16 without the affirmative opt-in consent required by law.
9. Apple App Store Data Collection Summary
Consistent with the disclosures on our App Store product page, the App collects the following categories of data, each linked to your identity and used solely for app functionality (not for tracking across apps or websites):
- Contact Info: Name, email address (from sign-in)
- Identifiers: User ID (Grovio account identifier)
- Usage Data: Product interaction (lessons, quizzes, progress)
- Diagnostics: Crash data, performance data (via Sentry)
- Purchases: Purchase history (via RevenueCat)
The App does not collect location data, contacts, health data, sensitive information, browsing history, search history, or user-generated content. The App does not use tracking technologies. (Website analytics is covered separately in the Website Privacy Policy above.)
10. Security
We take reasonable technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. No method of electronic transmission or storage is 100% secure; we cannot guarantee absolute security.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through the App or via email, and the "Last updated" date above will be revised. Your continued use of the App after changes take effect constitutes acceptance of the revised policy.
12. Contact Us
Questions, privacy requests, or complaints:
Email: info@groviolearn.com
Website: groviolearn.com