Privacy Policy

    Last updated: November 4, 2025

    This Privacy Policy describes how GrnEdge LLC ("GrnEdge," "we," "us," or "our") collects, uses, discloses, and protects information in connection with our website, client portal, and related digital services (the "Platform"), and explains your privacy rights and choices.

    By using the Platform, you agree to this Privacy Policy. If you do not agree, please do not use the Platform.

    1) Roles and Scope

    Controller vs. Processor

    For Website visitors, prospects, and marketing contacts, GrnEdge acts as a Controller (or "Business" under U.S. state privacy laws).

    For managed services delivered to clients under an executed Contract, GrnEdge generally acts as the client's Processor (or "Service Provider"). Processing of Client Data in that context is governed by the Contract and our Data Processing Addendum (DPA) (available upon request).

    Geographic focus

    We primarily conduct business in the United States. If we transfer or process data outside your jurisdiction, we use appropriate safeguards (see "International Transfers" below).

    2) Definitions (summary)

    Personal Data means information that identifies or is reasonably linkable to an individual.

    Sensitive Personal Information (CPRA) includes precise geolocation, government IDs, financial account credentials, racial/ethnic origin, health data, etc.

    Services means our managed services, consulting, and data-driven deliverables we provide under Contract.

    Client Data means data supplied by or on behalf of a client for Service delivery.

    3) Information We Collect

    A. Information you provide

    • Contact details (name, business email, phone), company, role, message content, support requests.
    • Contract and billing details when applicable.
    • Credentials if you create an account on the Platform.

    B. Information collected automatically

    • Device and usage information (IP address, browser type, OS, pages viewed, timestamps, referral URLs).
    • Cookie/SDK identifiers and similar technologies (see "Cookies & Tracking" below).

    C. From third parties

    • Lead/contact enrichment from service providers;
    • Analytics/measurement providers;
    • If enabled, single sign-on (SSO) or identity providers (we may enable these from time to time).

    We do not intentionally collect Personal Data from children under 13 (see "Children's Privacy").

    4) How We Use Personal Data

    We use Personal Data to:

    • Operate, secure, and improve the Platform;
    • Provide support, demos, and respond to inquiries;
    • Perform, administer, and improve Services under Contract (as a Processor/Service Provider);
    • Communicate updates, security notices, and transactional messages;
    • Conduct analytics, troubleshooting, and usage measurement;
    • Comply with law, enforce agreements, and protect rights, safety, and integrity.

    Legal bases (GDPR/UK GDPR, where applicable): consent; performance of a contract; legitimate interests (e.g., securing and improving the Platform, B2B communications); compliance with legal obligations.

    5) AI and Automated Processing

    We may use artificial intelligence (AI) or machine-learning services (including trusted third-party providers such as OpenAI) to process information to provide summaries, insights, or other outputs.

    AI outputs may be incomplete or contain errors. You are responsible for verifying AI-generated information before use.

    • We do not use your Personal Data to train public AI models.
    • We may use aggregated or de-identified data to improve features and performance.
    • Where required by law, we obtain consent or provide opt-out mechanisms for AI-related processing.

    6) Cookies & Tracking; "Share" for Advertising; GPC

    We use cookies and similar technologies to operate the site, measure performance, and (potentially) facilitate advertising/retargeting in the future.

    Consent & Preferences. We provide a cookie banner and Cookie Preferences center where you can accept, reject, or manage non-essential cookies by category at any time. See our Cookies Policy for details.

    "Sell" vs "Share" (CPRA). We do not sell Personal Information. We may "share" Personal Information for cross-context behavioral advertising (e.g., via ad/analytics cookies) now or in the future.

    You can opt out of "sharing" at any time via our "Do Not Sell or Share My Personal Information" link and through Cookie Preferences.

    We honor Global Privacy Control (GPC) signals in supported browsers for applicable choices.

    Sensitive Personal Information. We do not disclose or use Sensitive Personal Information to infer characteristics.

    7) How We Disclose Personal Data

    We may disclose Personal Data to:

    • Service Providers / Sub-processors who assist with hosting, analytics, security, communications, support, or delivery of Services (obligated by contract to confidentiality and limited use). A current list is available upon request.
    • Affiliates under common control (subject to this Policy).
    • Business transfers (e.g., merger, acquisition, asset sale).
    • Legal and safety obligations (lawful requests, enforcement of terms, protection against harm or fraud).

    We do not sell Personal Information.

    When acting as a Processor/Service Provider, we disclose Client Data only as instructed by the client, consistent with the DPA.

    8) Retention

    We retain Personal Data only as long as necessary for the purposes described or as required by law/contract. Indicative ranges:

    • Marketing leads & site interactions: up to 24 months from last activity;
    • Account & support records: 24 months after closure/resolution;
    • Contract/billing/tax records: 7 years;
    • Security and access logs: 12–18 months;
    • Analytics events: 14–26 months.

    Client Data retention is governed by the applicable Contract/DPA.

    9) Security

    We implement appropriate technical and organizational measures, including encryption in transit and at rest, access controls, logging and monitoring, vulnerability management, employee training, and vendor due diligence. No method of transmission or storage is 100% secure.

    10) International Transfers

    We primarily process data in the United States. If we transfer Personal Data internationally, we rely on appropriate safeguards, such as the EU Standard Contractual Clauses (and UK Addendum, where applicable), and conduct transfer assessments as required by law.

    11) Your Privacy Rights

    A. U.S. state rights (including CA/VA/CO/CT/UT and similar laws)

    Subject to exceptions, you may have the right to access, correct, delete, or obtain a portable copy of your Personal Information, and to opt out of targeted advertising ("sharing"), the sale of Personal Information (which we do not do), or profiling producing legal/similar significant effects (which we do not conduct).

    Submit requests at legal@grnedge.com or through our Privacy Request form (if provided on the site).

    We will respond within 45 days (we may extend once by 45 days with notice).

    If we deny your request, you may appeal within 45 days; appeal instructions will be included in our response. You may also contact your state Attorney General.

    B. California (CPRA) specifics

    Do Not Sell or Share My Personal Information. Use our link and Cookie Preferences to opt out of "sharing" for cross-context advertising. We honor GPC signals.

    Sensitive Personal Information. We do not use/disclose Sensitive PI to infer characteristics; if that changes, we will provide required notices/controls.

    Non-discrimination. We will not discriminate against you for exercising your rights.

    C. GDPR/UK GDPR (if applicable)

    Rights include access, rectification, erasure, restriction, portability, and objection; withdrawal of consent where processing is based on consent.

    Where GrnEdge acts as a Processor, please direct your request to the relevant client Controller; we will assist them per the DPA.

    You may lodge a complaint with your local Supervisory Authority.

    Identity verification. We may request information to verify your identity/authority. We will not disclose more than required for verification.

    12) Do Not Track & Global Privacy Control

    Our Platform does not respond to Do Not Track (DNT) signals. We do honor Global Privacy Control (GPC) signals for applicable "do not sell/share" choices.

    13) Children's Privacy

    The Platform is not directed to children under 13. We do not knowingly collect Personal Data from children. If you believe a child has provided Personal Data to us, contact legal@grnedge.com and we will delete it. We do not knowingly sell or share minors' data; California minors (under 16) require opt-in for any sale/share.

    14) Third-Party Links and Services

    The Platform may link to third-party sites or services we do not control. Their privacy practices are governed by their own policies. We encourage you to review them.

    15) Changes to This Privacy Policy

    We may update this Policy periodically. Material changes will be posted here with a new "Last updated" date. Your continued use of the Platform after changes become effective constitutes acceptance.

    16) How to Contact Us

    Disclosures for Contracts (Processor Context)

    When delivering Services under an executed Contract, processing of Client Data is governed by the Contract and DPA. In case of conflict between this Policy and a Contract/DPA with respect to Client Data, the Contract/DPA controls.