Last updated: January 1, 2026
We collect information you provide directly to us, including account registration details (name, email, company), payment information processed securely through our payment provider, and support communications. We also collect usage data including API call logs, transformation parameters, bandwidth consumption, and performance metrics. We do not access, view, or analyze the visual content of images or videos processed through our platform.
We use collected information to: provide, maintain, and improve our services; process transactions and send billing notifications; respond to support requests; monitor platform security and prevent abuse; send service-related communications; and comply with legal obligations. We never sell your personal data to third parties or use your media content for training purposes.
All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Original media assets are stored in your selected geographic region and are never transferred without explicit consent. Transformation cache data is distributed across our CDN edge locations. We retain API access logs for 30 days and billing records as required by law.
We share data only with: infrastructure providers necessary to deliver our services (under strict data processing agreements); payment processors for billing; and law enforcement when legally required. We do not share, sell, or rent your personal information to advertisers or data brokers.
You have the right to: access your personal data; correct inaccurate information; request deletion of your data; export your data in a portable format; object to processing; and withdraw consent. You can exercise these rights from your dashboard settings or by contacting privacy@grainlux.com. We respond to all requests within 30 days.
We use essential cookies for authentication and session management. Optional analytics cookies help us understand platform usage patterns. You can disable non-essential cookies through your browser settings or our cookie preference center. We do not use third-party advertising trackers or cross-site tracking technologies.
For users in the EU/EEA, data transfers outside the region are protected by Standard Contractual Clauses. You can choose data residency regions (US, EU, APAC) for your original media assets. Our processing infrastructure complies with GDPR, CCPA, and other applicable data protection regulations.
For privacy-related questions, data requests, or concerns, contact our Data Protection Officer at privacy@grainlux.com. You may also reach us through our contact form or by mail at GrainLux, Inc., 548 Market St, Suite 35000, San Francisco, CA 94104. We are committed to resolving any privacy concerns promptly and transparently.