LAST UPDATED · [DATE]
How we handle your account information and the sales-rep performance data you upload to Grit Board. This page is a working scaffold — final copy is pending.
[ Who Grit Board is, what this policy covers, and the distinction between data about our customers (managers) and the sales-rep data they upload. ]
[ Account data (manager name, email, org). Uploaded roster data — sales-rep names, teams, activity metrics (dials/convos/meetings/deals), pipeline, quota. Usage/log data. ]
[ For uploaded rep data, the customer is the data controller and Grit Board is the processor acting on their instructions. Clarify each party’s responsibilities. ]
[ To provide the boards/games, authenticate managers, operate and improve the service. State what we do NOT do (e.g. no selling of data). ]
[ If serving EU/UK/LATAM users: lawful bases for processing (contract, legitimate interest, consent) per GDPR/LGPD as applicable. ]
[ Third parties that process data on our behalf — e.g. Supabase (database + auth), hosting provider, email/SMTP provider. Link to a maintained sub-processor list. ]
[ How long account and uploaded season data is kept, and what happens on account deletion or cancellation. ]
[ Technical and organizational measures (encryption in transit, access scoping per org, etc.). Avoid over-promising. ]
[ Data is stored in the US (Supabase us-east-2). Mechanisms for cross-border transfer if serving non-US users (SCCs etc.). ]
[ Access, correction, deletion, portability, objection — and how managers exercise them, plus how rep-data subject requests are routed to the customer (controller). ]
[ Service is not directed to children; not knowingly collecting their data. ]
[ How we notify of updates and how the “last updated” date works. ]
[ How to reach us with privacy questions — email and (if required) a postal address / data-protection contact. ]