Gigrove

Pricing
Customer Portal

Privacy Policy

Effective Date: December 13, 2024
Last Updated: December 13, 2024

1. Introduction

Gigrove Ltd (“we”, “us”, “our”, or “Gigrove”) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our e-commerce builder SaaS platform and related services (the “Service”).

This policy applies to all users of our Service, including visitors to our website, account holders, and end customers of stores built using our platform.

Contact Information:
Gigrove Ltd
27 Old Gloucester Street
London, United Kingdom
WC1N 3AX
Email: privacy@gigrove.com

2. Legal Basis for Processing

We process your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We process your data based on:

  • Contract Performance: To provide our Service to you
  • Legitimate Interests: To improve our Service, prevent fraud, and ensure security
  • Legal Obligation: To comply with legal and regulatory requirements
  • Consent: Where you have given us explicit permission (you may withdraw consent at any time)

3. Information We Collect

3.1 Information You Provide Directly

Account Information:

  • Full name
  • Email address
  • Company name and business details
  • Billing address
  • Phone number
  • Payment information (processed securely through third-party payment processors)
  • VAT/Tax identification numbers (if applicable)

Profile and Business Information:

  • Store name and description
  • Product listings and inventory data
  • Customer data you upload to your store
  • Content you create using our platform
  • Communications with our support team

3.2 Information Collected Automatically

Technical Information:

  • IP address
  • Browser type and version
  • Operating system
  • Device identifiers
  • Time zone settings
  • Pages visited and features used
  • Time and date of access
  • Referring website addresses

Usage Data:

  • Features and tools you use
  • Actions taken within the platform
  • Performance metrics
  • Error logs and diagnostics
  • Search queries within the Service

Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies. See Section 10 for detailed information about cookies.

3.3 Information from Third Parties

We may receive information about you from:

  • Payment processors (transaction confirmations, payment status)
  • Analytics providers (usage statistics, traffic sources)
  • Third-party integrations you connect to your account (shipping providers, marketing tools, etc.)
  • Publicly available sources (to verify business information)

4. How We Use Your Information

We use your personal data for the following purposes:

4.1 Service Provision

  • Creating and managing your account
  • Processing payments and billing
  • Delivering the Service and its features
  • Providing customer support
  • Communicating service updates and important notices

4.2 Service Improvement

  • Analyzing usage patterns to improve functionality
  • Developing new features and tools
  • Testing and optimizing performance
  • Conducting research and analytics

4.3 Security and Fraud Prevention

  • Detecting and preventing fraud, abuse, and security incidents
  • Verifying identity and business legitimacy
  • Protecting against unauthorized access
  • Ensuring platform integrity and compliance

4.4 Marketing and Communications

  • Sending promotional emails about new features (with your consent)
  • Conducting surveys and collecting feedback
  • Providing personalized recommendations
  • Sharing relevant product updates

You may opt out of marketing communications at any time by clicking “unsubscribe” in our emails or contacting us directly.

4.5 Legal Compliance

  • Complying with legal obligations and regulations
  • Responding to lawful requests from authorities
  • Enforcing our Terms of Service
  • Resolving disputes and legal claims

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

5.1 Service Providers

Third-party vendors who provide services on our behalf:

  • Payment processors (Stripe, Wise, PayPal) – for payment processing
  • Cloud hosting providers (AWS, Google Cloud) – for data storage and infrastructure
  • Email service providers – for transactional and marketing emails
  • Analytics providers (Google Analytics) – for usage analysis
  • Customer support tools – for support ticket management
  • Security services – for fraud detection and prevention

All service providers are contractually bound to protect your data and use it only for specified purposes.

5.2 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your data may be transferred to the acquiring entity. You will be notified of any such change.

5.3 Legal Requirements

We may disclose your information when required by law, court order, or government request, or when necessary to:

  • Comply with legal processes
  • Enforce our rights and Terms of Service
  • Protect the safety and security of our users and the public
  • Prevent fraud or illegal activity

5.4 With Your Consent

We may share your information with other parties when you explicitly consent to such sharing.

6. Data Storage and Security

6.1 Data Location

Your data is primarily stored on secure servers located in the European Economic Area (EEA) and the United Kingdom. Some service providers may process data in other jurisdictions with adequate data protection safeguards in place.

6.2 Security Measures

We implement industry-standard security measures including:

  • Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Access controls: Role-based access with multi-factor authentication
  • Network security: Firewalls, intrusion detection, and monitoring
  • Regular security audits: Vulnerability assessments and penetration testing
  • Staff training: Security awareness training for all employees
  • Incident response: Documented procedures for data breach response

6.3 Data Retention

We retain your personal data for as long as:

  • Your account remains active
  • Necessary to provide the Service
  • Required by law or for legitimate business purposes

Specific retention periods:

  • Account data: Retained while account is active, then deleted 30 days after account closure
  • Transaction records: Retained for 7 years for tax and accounting purposes
  • Support communications: Retained for 3 years
  • Analytics data: Anonymized after 26 months
  • Marketing data: Until you unsubscribe or request deletion

You may request earlier deletion of your data subject to legal and contractual obligations.

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

7.1 Right of Access

Request a copy of the personal data we hold about you.

7.2 Right to Rectification

Request correction of inaccurate or incomplete data.

7.3 Right to Erasure (“Right to be Forgotten”)

Request deletion of your personal data, subject to legal obligations.

7.4 Right to Restrict Processing

Request that we limit how we use your data in certain circumstances.

7.5 Right to Data Portability

Request your data in a structured, machine-readable format for transfer to another provider.

7.6 Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

7.7 Right to Withdraw Consent

Withdraw consent for processing where consent was the legal basis.

7.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data protection rights have been violated.

ICO Contact:
Website: https://ico.org.uk
Phone: 0303 123 1113

To exercise your rights, contact us at: privacy@gigrove.com

We will respond to verified requests within 30 days.

8. Children’s Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly.

9. International Data Transfers

If we transfer your data outside the UK or EEA, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the UK ICO
  • Adequacy decisions for countries recognized as providing adequate protection
  • Other approved safeguards under UK GDPR

10. Cookies and Tracking Technologies

10.1 What Are Cookies

Cookies are small text files stored on your device that help us provide and improve our Service.

10.2 Types of Cookies We Use

Essential Cookies (Always Active):

  • Authentication and security
  • Session management
  • Load balancing

Functional Cookies:

  • User preferences and settings
  • Language selection
  • Feature customization

Analytics Cookies:

  • Usage statistics and traffic analysis
  • Performance monitoring
  • User behavior insights

Marketing Cookies (With Consent):

  • Advertising effectiveness
  • Personalized content
  • Retargeting campaigns

10.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect Service functionality.

Browser Cookie Settings:

  • Chrome: Settings > Privacy and security > Cookies
  • Firefox: Settings > Privacy & Security > Cookies
  • Safari: Preferences > Privacy > Cookies
  • Edge: Settings > Cookies and site permissions

10.4 Third-Party Cookies

We use third-party services that may set their own cookies:

  • Google Analytics (analytics)
  • Facebook Pixel (marketing, if applicable)
  • LinkedIn Insight Tag (marketing, if applicable)

11. Data Controllers and Processors

  • Gigrove Ltd is the Data Controller for data collected directly through the Service
  • You are the Data Controller for customer data you collect through stores built on our platform
  • Gigrove Ltd acts as a Data Processor for customer data stored in your stores

When you use our Service to collect customer data, you are responsible for:

  • Providing privacy notices to your customers
  • Obtaining necessary consents
  • Complying with data protection laws
  • Responding to data subject requests from your customers

We provide tools to help you comply with these obligations.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be notified via:

  • Email to registered users
  • Notice on our website
  • In-platform notifications

Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal data:

Email: privacy@gigrove.com
Mail:
Gigrove Ltd
Data Protection Officer
27 Old Gloucester Street
London, United Kingdom
WC1N 3AX

Response Time: We aim to respond to all privacy inquiries within 5 business days.

Document Version: 1.0
Effective Date: December 13, 2024
Last Reviewed: December 13, 2024