The short version
- Your grove, your data. No trackers, no ads, no selling your relationships.
- You tell Grove things by voice or text. Grove stores those notes, uses Google's Gemini to extract structured details, and shows them back to you.
- The eight companies that help us run Grove are named below: Google, Anthropic, Clerk, Neon, Vercel, Sentry, Expo, and Resend. None of them use your data for anything other than running Grove.
- You can export or delete everything any time from Settings. Deletion removes your data from our live database within 30 days.
- The rest of this page is the careful version. We've tried to write it like a human, though privacy law has its own vocabulary.
A note on trust
Grove is a private journal of the people you care about — a tender thing to keep on a server, and we take it seriously. This policy explains what we collect, why, who else touches it, and what you can do about any of it. If you'd rather ask a person, email hello@findgrove.com.
"Grove," "we," "us," and "our" mean the team behind findgrove.com. "You" and "your" mean you.
1. Information we collect
From you directly: email and password (hashed by Clerk — we never see it); optional display name, timezone, notification preference, and onboarding flags; your grove content (contacts, seedlings, interactions, notes, voice recordings).
About people other than you. When you add someone to your grove, you tell us things about them — name, how you met, what they like, and sometimes sensitive observations. Grove treats that with the same care as your own data. Section 12 covers their rights.
Generated automatically: basic device/session info, auth events (Clerk), error stack traces (Sentry — configured to strip personal identifiers before sending), and Web Vitals (Vercel Analytics — no identity, no content).
Generated by Grove's AI: structured fields extracted from your content, and AI usage logs recording size and cost but not your content.
When you send feedback. Grove can detect when you shake your phone, so you can quickly open the feedback form — the shake detection runs on your device only and Grove never stores or sends the motion data. Your feedback message is sent to Sentry (Section 4) so the team can read and respond. If you tap Capture this screen in the form, a screenshot of your current screen is attached; screenshots may show whatever's visible (contact names, notes, photos) and are sent only when you choose to attach them.
2. How we use information
We use your information to run Grove's features (voice transcription, extraction, the Daily Canopy, reminders, relationship health), keep your account secure, keep Grove reliable, stay within our AI cost limits, send transactional email via Resend, and respond when you email us.
We do not train AI models on your content (ours or our sub-processors'), sell or share your personal data with advertisers, show ads, or track you across the web.
3. Legal basis for processing (UK & EU)
Under UK GDPR and EU GDPR:
- Contract (Art. 6(1)(b)) — to provide the Service you signed up for.
- Legitimate interests (Art. 6(1)(f)) — security, abuse prevention, error/performance monitoring, AI-cost protection. When we rely on this basis, we balance our interest against your rights and freedoms; you can object any time and we'll review.
- Consent (Art. 6(1)(a)) — for optional things like future product emails. Withdrawable any time.
- Legal obligations (Art. 6(1)(c)) — when the law requires us to keep or disclose something.
Grove content may incidentally include special-category data about others. Where that happens, we rely on Art. 9(2)(e) or treat it as personal-activity processing under the household exemption (Art. 2(2)(c)). Section 12 has more.
4. Who we share information with (our sub-processors)
Grove uses eight companies, each seeing only what it needs. Under UK/EU GDPR these are sub-processors — they process data on our instructions, under written agreements, and can't use it for their own purposes.
| Sub-processor | Region | What it sees | Why |
|---|---|---|---|
| Google (Gemini 2.5 Flash) | US | Voice-note transcripts, contact context | Extraction from voice notes |
| Anthropic (Claude) | US | Minimal user data, only when necessary for a specific investigation; identifying details masked where possible; no local copies kept | Internal engineering / debugging (via Claude API + Claude Code) |
| Clerk | US | Email, password hash, session tokens | Authentication |
| Neon (Postgres) | AWS us-east-1 (US) | All of your grove data | Primary database |
| Vercel | US | Request logs, Web Vitals | Hosting; performance metrics |
| Sentry | US (ingest.us.sentry.io) | Error stack traces, feedback messages, and any screenshot you choose to attach to a feedback submission | Error monitoring + feedback inbox |
| Expo EAS | US | Device push tokens, build artifacts | Mobile builds + push notifications |
| Resend | US | Email address | Transactional email |
We use no third-party analytics SDKs (Mixpanel, PostHog, Amplitude, Google Analytics). Our internal analytics use a strict event allowlist and are scrubbed of PII. We share information outside the list only when legally required (for example, a valid court order) or necessary to protect the rights, property, or safety of Grove, our users, or the public — and only the minimum needed.
We do not sell your personal information, and we do not "share" it for cross-context behavioural advertising as defined by California law. Grove is single-user — there are no sharing features between users.
5. Your privacy rights
Email hello@findgrove.com with the request in the subject line; we reply within 30 days. You can also delete your account yourself at Settings > Account > Delete Account, and export your data at Settings > Account > Export my data.
UK & EU (UK GDPR / EU GDPR): access, rectification, erasure, restriction, objection to legitimate-interests processing, portability (self-service JSON export), withdrawal of consent, and complaint to your local regulator (in the UK, the ICO).
California (CCPA / CPRA): know, delete, correct, opt out of sale or sharing (we do neither), limit use of sensitive personal information (we don't use it in ways that trigger this right), and non-discrimination for exercising rights.
Elsewhere. In other jurisdictions with privacy rights (for example, Colorado, Virginia, Connecticut, Utah, Brazil's LGPD, Canada's PIPEDA), we honour requests at parity with the above.
6. Data retention
- Your grove content and account data — kept until you delete it. Account deletion removes personal data from our live systems within 30 days. No automatic time-based deletion; you have full manual control.
- Voice-note source files — processed, then discarded from our pipeline. Google does not retain them long-term per our agreement.
- Error logs and feedback (Sentry) — up to 30 days, then purged. Includes any screenshot you attached to a feedback submission.
- Performance metrics (Vercel) and auth logs (Clerk) — per their defaults.
- Internal analytics and AI usage logs — kept indefinitely in aggregate, PII-scrubbed form; per-user records are removed on deletion request. A formal retention schedule with automatic expiry is in progress.
- Backups — a rolling point-in-time restore window of up to 6 hours, then overwritten.
7. Data security
HTTPS everywhere and TLS to every sub-processor. Neon (AWS RDS) provides encryption at rest. Every API request goes through a single authentication helper that throws on a missing session, and every query scopes data to the signed-in user — you only see your own grove. Sentry is configured to strip personal identifiers before sending. Secrets live in environment variables, not code.
No system is perfectly secure. If we discover a personal-data breach likely to risk your rights, we will notify you and the relevant regulator in line with UK GDPR Art. 33/34 (or local equivalent).
8. International data transfers
Grove is hosted in the United States. If you're outside the US, your data is transferred to and processed in the US. For transfers out of the UK and EU, we rely on Standard Contractual Clauses and the UK International Data Transfer Addendum with our sub-processors, adequacy decisions where they exist, and any additional safeguards required by law. Email hello@findgrove.com to see the SCCs or DPA for a specific sub-processor.
9. Children's privacy
Grove is for users 13 and older. You confirm your age at sign-up. We don't knowingly collect personal information from anyone under 13, and we don't target advertising or behavioural tracking at anyone.
If you're a parent or guardian and believe a child under 13 has a Grove account, email hello@findgrove.com and we'll delete it promptly. Some countries set a higher minimum (for example, 16 in some EU states without parental consent); where that applies, that age governs.
10. AI and automated processing
- Model. Google's
gemini-2.5-flashfor extraction from voice-note transcripts. - Inputs. Transcripts and limited context for the specific task — not your whole grove. Our agreement with Google prohibits training on your content and requires inputs to be discarded after processing.
- Accuracy. AI is useful but imperfect. Always double-check anything important; edit or delete inaccurate AI content from the relevant profile.
- No legal or similarly significant automated decisions. Grove's AI doesn't determine eligibility, deny services, or profile for credit, employment, or anything similar. You are the decider.
- Human involvement. The Grove team reviews errors and improves the extraction prompts. We don't otherwise read your content.
- Internal tooling. Our engineering team uses Anthropic's Claude (via the Claude API and Claude Code) as a general debugging assistant. We only share your data with Claude when it's necessary to diagnose a specific issue, we use the minimum needed, and we mask or anonymise identifying details (names, email addresses, contact identifiers) wherever doing so doesn't break the investigation. We don't keep local copies of what we send. Our agreement with Anthropic prohibits training on that content and limits retention.
AI features can't be turned off individually — they're core to the app.
11. Sensitive information
Grove wasn't designed as a health record or mental-health journal. Because notes are free text, sensitive information may still land in them. Think twice before writing sensitive details about someone who hasn't asked you to, and delete what you no longer need. Grove's extraction prompts are tuned to avoid inventing health or medical details, but may surface what you've said — delete anything you didn't intend to record and let us know so we can look at the prompt.
12. Third-party data subjects — the people in your grove
Grove is unusual: most of the data in it is about other people, not you. Those people — "third-party data subjects" — also have privacy rights.
If someone has told you you're in their Grove and you want to know what's stored, correct it, or delete it, email hello@findgrove.com with "Third-party data request" in the subject line. Tell us who mentioned you if you know (much faster); otherwise give us your email and any identifying details. We respond within 30 days. For deletion, we ask the Grove user to remove your record; if they don't within a reasonable window, we take appropriate action as controller for the platform.
Under UK/EU GDPR, much of this processing falls within the household exemption (personal use outside professional, commercial, or public contexts); there, the Grove user is controller and Grove is processor. Where a use is clearly not personal, we assist the user under Art. 28. We'd rather do more than the law requires than less.
13. Cookies and tracking
Grove sets only essential cookies — the ones Clerk needs to keep you signed in. No advertising cookies, no behavioural tracking, no cross-site trackers, no third-party analytics SDKs. If we ever add non-essential cookies, we'll update this policy and put a consent banner up first.
14. Changes to this policy
- Non-material changes (typos, clarifications, sub-processors already covered generically) take effect when published.
- Material changes (new data categories, new sub-processors handling personal data, new processing purposes, new jurisdictions) take effect only after you review and accept them. The app will prompt you at next sign-in with a summary.
Current version and last-updated date are at the top of this page. Previous versions are kept in our repository.
15. How to reach a human
Email hello@findgrove.com. A real person on the Grove team replies within 7 days.
- Data access, deletion, export, or correction: put that in the subject line. Handled within 30 days.
- Security concerns: "Security" in the subject line.
- Third-party data requests: "Third-party data request" in the subject line.
Data controller: Grove Address: Grove, 539 W. Commerce St #5168, Dallas, TX 75208, USA