Back to Home

Privacy Policy

Last Updated: December 2025

Our Commitment to Privacy

At GrepLabs, privacy isn't just a feature—it's a fundamental principle. We build products that minimize data collection, process data locally when possible, and give you control over your information.

This Privacy Policy explains how we collect, use, protect, and share information when you use our products and services.

1. Information We Collect

Information You Provide

  • Account Information: Username, email address, payment information (processed securely by third-party payment processors)
  • Profile Information: Optional profile details, preferences, and settings
  • Communication: Messages you send through our services (end-to-end encrypted where applicable)
  • Support Requests: Information you provide when contacting support

Automatically Collected Information

  • Usage Data: Features used, interaction patterns, performance metrics
  • Device Information: Device type, operating system, browser type
  • Log Data: IP addresses, access times, error logs (minimal logging for security)
  • Technical Data: Crash reports, diagnostic information

Information We Don't Collect

We explicitly do not collect:

  • Decrypted message content (messages are end-to-end encrypted)
  • File contents from local-first products (processed locally)
  • Browsing history or website visits
  • Location data without explicit consent
  • Contacts or address book information

2. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve our services
  • Process transactions and manage subscriptions
  • Send service-related communications
  • Respond to support requests
  • Detect and prevent fraud, abuse, and security issues
  • Comply with legal obligations
  • Analyze usage patterns to improve user experience (aggregated, anonymized data)

We do not sell your personal information to third parties. We do notuse your information for advertising or marketing unrelated to our services.

3. Data Processing and Storage

Local-First Processing

Many of our products are designed with local-first architecture:

  • Chai.im: Messages encrypted on your device before transmission
  • Hippo: File indexing and AI processing occur locally
  • Shields AI: DNS filtering happens on your network

Cloud Services

When cloud services are used (e.g., for sync, backup, or collaboration):

  • Data is encrypted in transit (TLS/SSL) and at rest
  • End-to-end encryption is used where applicable
  • We use reputable cloud providers with strong security practices
  • Data is stored in jurisdictions compliant with applicable privacy laws

4. Information Sharing

We share information only in the following circumstances:

  • Service Providers: Trusted third parties who assist in operations (payment processing, hosting, analytics) under strict confidentiality agreements
  • Legal Requirements: When required by law, court order, or government request (we will notify you when legally permitted)
  • Safety and Security: To protect rights, property, or safety of users or the public
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (users will be notified)
  • With Your Consent: When you explicitly authorize sharing

5. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal information
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your personal information
  • Portability: Receive your data in a portable format
  • Opt-Out: Unsubscribe from marketing communications
  • Objection: Object to processing of your information (where applicable)

To exercise these rights, contact us at privacy@greplabs.com. We will respond within 30 days.

6. Data Security

We implement industry-standard security measures:

  • Encryption of data in transit (TLS/SSL) and at rest
  • End-to-end encryption for sensitive communications
  • Regular security audits and vulnerability assessments
  • Access controls and authentication mechanisms
  • Secure development practices and code reviews
  • Incident response procedures

However, no system is 100% secure. We cannot guarantee absolute security, and you use our services at your own risk.

7. Children's Privacy

Our services are not intended for children under 13 (or 16 in the EU). We do not knowingly collect information from children. If you believe we have collected information from a child, please contact us immediately.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your country.

We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) for transfers from the EU/EEA.

9. Retention of Information

We retain information for as long as necessary to:

  • Provide our services
  • Comply with legal obligations
  • Resolve disputes and enforce agreements
  • Maintain security and prevent fraud

When you delete your account, we delete or anonymize your information within 30 days, except where retention is required by law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or prominent notice in our services. The "Last Updated" date indicates when changes were made.

11. Contact Us

For privacy-related questions or concerns, please contact us:

GrepLabs LLC
Email: privacy@greplabs.com
Website: greplabs.com

Data Protection Officer:
Email: dpo@greplabs.com

Return to Home