Privacy Policy

PII means Personally Identifiable Information — data that can identify a natural person directly or together with other data.

Design goal. GriGsi is built hash-first for public trust and Info Noise Index flows: we avoid collecting account-style profiles for normal browsing use, and we minimise PII where we can.

Extension and website (typical use). Many checks use one-way hashes of the value you entered (domain, email, phone, IBAN, text) so we do not need your raw input for the core trust layer. The extension may send hashes and minimal metadata to our servers for verification, voting, or operational limits. That does not mean “zero server traffic” — see Spaces/WebSocket flows below.

Spaces and real-time features. Chat, video, and screen sharing often use direct peer-to-peer connections when networks allow, but our servers still take part in signaling, join, configuration, APIs (for example ICE/TURN discovery). Info Noise Index inside an organisation Space uses our WebSocket service to distribute claim text and merged results between participants — that content passes through our server for coordination.

Telemetry and retention. We may store operational and anti-abuse signals (for example rate limits, hashed IP, extension tab/mode counters, install heartbeats) with automatic deletion after a configured period (operator setting DATA_RETENTION_DAYS, default 90 days, minimum 7). Contact form and uninstall feedback rows use the same default window unless the operator sets CONTACT_SUBMISSIONS_RETENTION_DAYS. These are not marketing profiles, but some records can be PII depending on content and jurisdiction.

Voluntary PII — contact form. If you use “Get in Touch” or similar, anything you type (name, email in the message, meeting preference) is PII you chose to send. We use it only to respond or operate that request.

Payments. Paid checkout (for example PayPal) is processed by the payment provider. We receive payment status and what is needed to issue a licence key. If we store a PayPal payer reference in our database, we keep a one-way hash of that identifier (not the raw value from the provider), for internal reconciliation only.

Admin. Operator login to the admin panel creates normal server-side session/auth records — that is PII for those accounts.

No sale of personal data. We do not sell personal data as a product. Service providers (hosting, email delivery, payments) process data only to run the service.

For engineering boundaries and a change checklist, operators use the internal document PRIVACY-BOUNDARIES-ZERO-PII.md in the GriGsi source tree (not shipped as a public URL on this site).

Back to Home

Get in Touch

Optional: if you want us to get back to you, add your email or another contact detail in your message above.