Griffo - Chat Security for Slack

This privacy policy explains how we handle any information
collected when you use Griffo security.

Last updated: October 1st, 2025

Griffo, Inc. (“Griffo”, “we”, “our”, “us”) is committed to protecting your privacy.
This Privacy Policy explains how we collect, use, and share your personal information when you use our website www.trygriffo.com (the “Website”), the Griffo Core platform, and our Cybersecurity Services
(together, the “Services”).

By using our Services, you agree to this Privacy Policy.

1. Who We Are

Griffo provides cybersecurity training and awareness tools to businesses. When you use our Services, we may act as:

Data Controller for data we collect about you directly (e.g., when you sign up for an account, pay for a subscription, or contact us).
Data Processor when we process your employees’ data on behalf of your company for training and reporting purposes. In that case, your company remains the Data Controller.

2. What Information We Collect

We collect information to provide and improve our Services, including:

Account Information: Name, email address, company details, login credentials.
Payment Information: Billing address, payment card details (processed securely by Stripe – we don’t store your full card details).
Usage Data: Training progress, login activity, responses to cybersecurity simulations, device/browser information.
Communications: Emails, feedback, or messages sent to us.

Cookies & Tracking: We use cookies and similar technologies to operate the Website and improve user experience.

3. How We Use Your Information

We use your information to:

Provide access to the Griffo Core platform.
Process payments and manage subscriptions.
Deliver cybersecurity training to your staff.
Maintain and improve the security and performance of our Services.
Communicate with you (support, product updates, promotions where legally permitted).
Comply with legal obligations (e.g., tax, fraud prevention).

4. Legal Basis for Processing (GDPR)

We process your data under the following lawful bases:

Contract: To deliver the Services you subscribed to.
Consent: For optional cookies, marketing communications.
Legal obligation: For accounting, tax, and compliance purposes.

Legitimate interests: To improve our Services and ensure security.

5. Sharing Your Information

We only share your data with:

Service Providers: Stripe (payments), hosting providers, customer support tools (e.g., Intercom).
Legal Authorities: When required by law or to protect our rights.
Business Transfers: In case of merger, acquisition, or sale of assets.

We do not sell your personal information.

6. International Data Transfers

Your information may be stored and processed in the EU, the US, or other countries. Where transfers occur outside the EU/EEA, we rely on standard contractual clauses or other safeguards as required by GDPR.

7. Data Retention

We retain your data only for as long as necessary:

Account data: While you have an active subscription, plus a reasonable period afterward to comply with legal obligations.
Payment records: As required by financial regulations (typically 7–10 years).
Training data: For the duration of your company’s subscription, then deleted or anonymized at termination.

8. Your Rights (EU/EEA Users)

You have the right to:

Access your data.
Correct inaccurate data.
Request deletion (“right to be forgotten”).
Restrict or object to processing.
Request data portability.
Withdraw consent (for optional processing).
Lodge a complaint with your local Data Protection Authority.

To exercise your rights, contact us at hello@trygriffo.com.

9. Security

We take appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, misuse, or disclosure. However, no system is 100% secure.

10. Children’s Privacy

Our Services are not intended for individuals under 18. If we discover that we have collected data from a minor without proper authorization, we will delete it.

11. Third-Party Links

There are some Griffo Cybersecurity Services that include subscription-based billing ("Subscription(s)"). On a regular and periodic basis, you will receive advance bills (also known as the "Billing Cycle"). Depending on the subscription plan type you choose when buying a subscription and which is detailed on the website or in the order form, billing cycles are either established on a monthly or annual basis.

At the end of each billing cycle, your subscription will automatically renew at the conclusion of each billing cycle under the same terms. You can use your online account management page or get in touch with the Griffo customer service staff to cancel your yearly subscription renewal up to one (1) month prior to the end of the billing cycle. Up to the conclusion of the current billing cycle, you will continue to have access to your customer account.

To complete the purchase for your subscription, a legitimate payment method—such as a credit card—is needed. You must give Griffo your full name, address, state, zip code, phone number, and a working payment method in order for him to receive correct and comprehensive billing information. By providing such payment details, you give Griffo permission to charge any such payment instruments for all subscription payments that are incurred through your account.

In the event that automatic billing is unsuccessful for any reason, Griffo will send you an electronic invoice instructing you to proceed manually, by a specific date, and to pay in full for the billing term specified on the invoice.