Privacy Policy

Last updated: June 26, 2025

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You. We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.


Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:


Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You.

Account Setup Data:

While setting up for Your account, we may ask you to provide certain personally identifiable information to enable setup, secure access, and full functionality. Such data includes, but is not limited to:

Information Collected While Using the Application:

While using Our Application, in order to provide features of Our Application, We may collect:

Location Data:

With your Prior permission, the Application may access certain location-related information from your device. This data is used to support functionality that may depend on general or approximate location, such as enabling access features, improving service performance, or supporting property-specific configurations. Location data is never collected without your consent and can be disabled at any time.

Diagnostic and Performance Data:

Includes crash logs, app version, mobile OS details, error messages, system load times, device-level access logs, and performance metrics such as time-to-unlock, sensor responsiveness, and smart device uptime. This information helps us improve app reliability, optimize system performance, and support hardware compatibility.

Operational and Behavioral Data:

We may collect anonymized or aggregated data on how residents, guests, and staff interact with Grata-powered buildings. This includes but not limited to data such as amenity booking information, maintenance ticket information, smart lock information, parking information. These insights might be used by Your property managers to make informed decisions, improve operational efficiency, and enhance resident experiences. No operational or behavioral data is used to personally profile users, and all such data is either anonymized at the source or reported at an aggregate level.

Operational and behavioral data is typically anonymized at the source or reported in aggregate form. However, in limited circumstances—such as when needed to investigate a building-level issue, fulfill a service request, or respond to a safety concern, certain data points may be accessible in a form that is not anonymized. In such cases, access is restricted to authorized personnel and used solely for operational, safety, compliance purposes, or legal purposes.

We use this information to provide features of Our Service, to improve and customize Our Service. The information may be uploaded to the Company’s servers and/or a Service Provider’s server or it may be simply stored on Your device.

You can enable or disable access to this information at any time, by contacting Info@grata.life.

Tracking Technologies and Cookies:

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. The technologies We use may include:

Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser. Learn more about cookies: What Are Cookies?.

We use both Session and Persistent Cookies for the purposes set out below:

Type: Session Cookies

Administered by: Us

Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.

Type: Persistent Cookies

Administered by: Us

Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.

Tracking Technologies and Cookies are generally used for:

Managing Cookie and Tracking Preferences:

You can manage or disable cookies through your browser settings. Most browsers allow you to block or delete cookies and set preferences for when cookies are stored. Please note that disabling essential cookies may impact certain functionalities of the Grata App. For more details on how we use cookies, please refer to the “Cookies and Tracking Technologies” section.

Usage data:

Usage data is collected automatically when you use the Service.

This may include:

This information helps us support essential app functionality, analyze performance across devices, maintain system reliability, and identify technical issues. Usage data is never used to personally profile individuals.

Access and Deletion of Your Data:

You have the right to request access to the personal data we have collected about You. Upon verification of your identity, we will provide a summary of the information we hold.

You may also request that the Company deletes Your personal data from Our systems. We will comply with such requests unless retention is required by law, for legitimate operational purposes, or to resolve disputes and enforce agreements.

Please note: Some features of the Grata App may rely on specific data to function properly (e.g., access credentials, smart device settings, or usage preferences). Deleting your personal data may result in limited functionality or loss of access to certain services.

To request access or deletion, contact us at info@grata.life. We will respond to all verified requests within the timeframes and rules required by applicable privacy laws in the country the Company is headquartered.


Retention of Your Personal Data

The Company retains Your Personal Data for as long as Your account remains active or for the duration necessary to fulfill the purposes outlined in this Privacy Policy. This includes compliance with applicable legal requirements, resolution of disputes, and enforcement of agreements or policies

Operational data, such as smart lock activity logs, access records, maintenance requests, usage analytics, and related diagnostic data, will generally be retained indefinitely. This extended retention supports ongoing operational management, performance analytics, security audits, and continuous service improvement.

If You have questions or concerns regarding data retention, please contact us directly at info@grata.life.


Use of Automated Processing

Certain features of the Grata App may use automated processing of data including but not limited to: HVAC usage information, or leak detection events, automated processing is exclusively used to enable real-time alerts, prioritize safety-related actions, or support building operations. This automation is used exclusively for functional, operational, or security purposes and does not involve profiling or decision-making that has legal or significant personal effects.


Data Sharing

We may share Your personal information in the following situations:

Transfer of Your Personal Data:

Your information, including Personal Data, is processed at the Company’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to, and maintained on, computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ from those from Your jurisdiction. Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer. The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

Business Transactions:

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy. In such cases, the Company will take reasonable steps to ensure the receiving party honors the commitments we have made in this Privacy Policy or provides you with notice of material changes and your available choices.

Third-party Data Processing and Protection:

When your personal information is shared with Third-Party service providers or vendors, we will make Our best reasonable efforts to ensure they handle Your personal information securely and responsibly, in line with applicable privacy laws in your given jurisdiction. While we cannot guarantee Third-Party practices, we actively seek to engage with trusted providers, encourage best practices, and attempt to verify their compliance with industry-standard privacy and security measures.

Law enforcement:

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a law enforcement agency).

Other legal requirements:

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

Security of Your Personal Data:

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

Grata applies industry-standard anonymization techniques, including removal of identifiers and data obfuscation. We ensure that anonymized data cannot be reasonably re-linked to individuals. Aggregated, anonymized data, such as amenity usage trends, lock access patterns, or maintenance ticket frequencies, may be used to power operational benchmarks, or anonymized analytics dashboards. We will never sell or share personally identifiable information. Users may opt out of anonymized data use by contacting us at Info@grata.life.

Breach Notification:

In the event of a data breach that poses a real risk of significant harm, we will notify affected individuals and the appropriate privacy authorities as required by law.


Children’s Privacy & Parental Consent

Our Service and related services are intended for use by individuals aged 18 and older. If you are under 18, you may only use the Grata App with the express consent and/or supervision of a parent or legal guardian. We do not knowingly collect personal data from children under 13 without verifiable parental consent. If you are under the age of 13, you may only use the Grata App or associated services with the express consent and/or supervision of a parent or legal guardian. If we learn that we have collected personal information from a child under 13 without parental consent, we will delete that data as quickly as possible. Parents or guardians who believe that their child has provided us with personal information may contact us at Info@grata.life to review or delete the information.

For residents of certain jurisdictions where the minimum age of consent is higher (e.g., 14 in Quebec), we will comply with the applicable legal age requirements and may request additional verification before processing any personal data.


Third-Party Services and External Links

Third-Party Tools and Services:

The Grata App may integrate with or provide access to Third-Party tools, hardware, and services, including but not limited to smart locks, HVAC systems, leak detectors, internet, or providers. These Third-party providers operate independently and are governed by their own terms of use and privacy policies.

We do not control, and are not responsible for, the content, functionality, accuracy, availability, or privacy practices of any Third-party services. Your use of these services may be subject to additional terms and conditions or require separate user agreements. We recommend reviewing the policies of any Third-party providers you engage with through our platform.

Links to Other Websites:

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Our Service may contain links to other websites that are not operated by Us. If you click on a Third-Party link, you will be directed to that Third-Party’s site. We strongly advise you to review the Privacy Policy of every site you visit.


Smart Device Usage

Smart Locks:

When a smart lock is operated it will capture usage information that includes the date and time the door is locked or unlocked and the user ID of the person performing the action. This information is captured whether using the Grata app or the physical PIN pad. Smart lock usage data, including access logs and activity timestamps, usage data may be used to support operational analytics, resident engagement insights, and building security reports. This data is essential to ensure the proper functioning of the app’s door access features, including unlocking, user permissions, and audit history. All personal identifiers are removed prior to use unless explicitly authorized by the user or required for compliance, security, or operational purposes.

HVAC:

When a connected HVAC system is active, it will capture performance data including the date and time of operation, temperature setpoints, runtime durations, system status changes, and fault alerts. This information is captured automatically whether initiated through the Grata App or directly on the thermostat.

HVAC data, including system activity and usage metrics, is made available within the Grata App to help residents manage their indoor environment, monitor comfort levels, and view equipment status. In certain cases, such as when a fault is reported or abnormal usage is detected, this data may also be accessible to authorized property managers to support diagnostics or coordinate timely maintenance. All personal identifiers are removed prior to any broader usage unless explicitly authorized by the user or required for compliance, safety, or building operations.

Leak Detection:

When a connected leak detection sensor identifies water or abnormal moisture conditions, it will capture event data including the date and time of detection, sensor zone, and system response logs. This data is recorded whether triggered via the Grata App or directly through the sensor hardware. This information is necessary to ensure the leak alert functionality within the app works correctly, including notifications, response tracking, and system status updates. Leak detection data is made accessible within the Grata App to alert residents of potential water issues and allow for timely self-awareness and action. In certain situations—such as when a leak persists, triggers repeated alerts, or poses building-wide risk—authorized property managers may also access relevant sensor data to coordinate emergency response or initiate repairs. All personal identifiers are removed prior to any broader usage unless explicitly authorized by the user or required for safety, compliance, or operational response.


Choice

You may choose not to activate your Grata user account and refrain from using the Grata app for the purposes described above, however, In certain cases, your property manager or building operator may require the use of Our Application for core building services such as access control, HVAC, leak detection, payment processing, maintenance ticketing, amenity bookings, or visitor access management. These service mandates are determined solely by your building or property management team—not by the Company.

Grata provides the underlying platform but does not determine building-level policy regarding service requirements or resident participation. For questions about mandatory use of Grata services in your building, please contact your property manager directly.


Advertisements

Within a dedicated space of the Grata App advertisements are presented. Those advertisements are based on app usage data in combination with user-submitted profile information and building location. You are not required to view or click on advertisements as a condition of service. Advertisements are fully managed by Grata.


Accessibility

If you require these Terms in an alternate format due to a disability, please contact us at info@grata.life.


Residents' Rights Section

As a user or resident utilizing the Our Application and associated services, you have specific rights regarding the handling of your personal data

To exercise any of these rights or for further clarification about them, please contact us directly at info@grata.life. We will promptly address your requests in compliance with applicable laws and regulations in the country of origin.


Changes to this Privacy Policy

We reserve the right to update Our Privacy Policy at any time. We will notify You of any changes by posting the new Privacy Policy on this page.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the “Last updated” date at the top of this Privacy Policy.


Contact Us

If you have any questions about this Privacy Policy, You can contact us: