Gritworks Collective LLC takes your privacy seriously. This policy explains what information we collect, how we use it, and what choices you have. It applies to all users of gritworkscollective.com and related services.
Effective Date: June 2026.
2. The Data We Collect About You
Age Requirement: You must be 18 or older to use Gritworks Collective. We do not knowingly collect information from anyone under 18. If we discover we have, we will delete it immediately.
Identity Data includes first name, last name, username or similar identifier.
Contact Data includes email address and telephone numbers.
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location.
Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, and feedback.
Questionnaire Data includes responses provided during mission onboarding, focus areas, and personal progress tracking metrics.
Friction Check-in Data includes responses from optional friction mapping quizzes (Flashpoints) used to personalize your mission recommendations.
Third-Party Contact Data — If you designate an Accountability Partner, we store their phone number solely to send program milestone texts on your behalf.
Invited Partner Data — If you invite a partner (Partnering program), we collect and store their email address and any responses they provide to shared check-ins.
3. How We Use Your Personal Data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Where we need to perform the contract we are about to enter into or have entered into with you (e.g., providing advising services).
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal or regulatory obligation.
4. How We Keep Your Data Safe
Security is foundational to everything we build. Here's how we protect your information:
Encryption in Transit — All traffic between your device and our servers uses HTTPS/TLS. Your data is never sent in plain text.
Secure Authentication — We use Google OAuth 2.0. We never store your password — authentication is handled entirely by Google.
Database Protection — Your data is stored in encrypted databases with strict access controls. Backups are encrypted at rest.
Push Notifications — Streak reminders use the Web Push Protocol with VAPID keys. Your subscription is only used for reminders you opted into, and you can turn them off anytime.
No Data Selling — We will never sell, rent, or trade your personal data. Period.
Minimal Collection — We only collect what's needed to run your advising experience.
5. Your Choices & Rights
You have choices about how your data is used:
Opt out of SMS — Reply STOP to any text message or disable SMS in your profile settings.
Push Notifications — You can disable push notifications at any time through your browser or device settings.
Marketing Communications — You may opt out of marketing emails from your profile settings. Transactional emails (account confirmations, security alerts) cannot be disabled.
Data Access — You may request a copy of all personal data we hold about you at any time by emailing info@gritworkscollective.com.
6. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
7. Third-Party Integrations
Our application integrates with the following third-party service providers. We do not sell your personal data to any third parties. Each provider processes only the data necessary to perform their function:
Google — Authentication only. We store your Google-issued user ID and email. No additional Google data is accessed.
Google Gemini AI — The "I'm Stuck" advisor (gritBOT) and mission analysis tools send your message content to Google's Gemini API for response generation. No personally identifiable information is included in AI requests. Google does not use API data for model training per their API terms of service.
Stripe — Payment processing. Stripe collects and stores your payment card information directly. Gritworks Collective does not store full card numbers. Stripe's privacy policy governs their data handling.
Twilio — SMS delivery. Your phone number (and your Accountability Partner's phone number, if designated) is shared with Twilio solely to deliver opt-in SMS notifications (streak reminders, accountability prompts, onboarding messages). Message logs are retained by Twilio per their data retention policy.
Resend — Transactional email delivery. Your email address is shared with Resend to deliver account-related emails (welcome, password reset, enrollment confirmations). Resend does not use your email for marketing purposes.
All third-party providers are contractually prohibited from using your data for any purpose other than providing services to Gritworks Collective.
8. SMS Communications
If you provide a phone number and opt in to SMS notifications during registration, we may send you text messages related to your advising experience. These include:
Onboarding Messages — A welcome text with your login link when you first sign up.
Streak Reminders — Daily reminders to maintain your consistency tracker streaks (if enabled in your profile settings).
Account Alerts — Important updates about your advising enrollment or account status.
Accountability Partner Texts — If you designate an Accountability Partner, they will receive occasional milestone texts (capped at 1–2 per week) on your behalf. Your AP can opt out at any time by replying STOP.
Message Frequency: You may receive up to 2 messages per day during active program periods, depending on your notification preferences and active streaks.
Opting Out: You can opt out of SMS at any time by replying STOP to any message, or by disabling SMS notifications in your profile settings. Reply HELP for support or contact us at support@gritworkscollective.com. Standard message and data rates may apply.
Your Phone Number & Consent: We store your phone number securely and use it only for the purposes described above. We will never share your mobile number or SMS consent with third parties for marketing or promotional purposes. For full details, see our SMS & Mobile Messaging Terms.
9. Your Legal Rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:
Request access to your personal data.
Request correction of your personal data.
Request erasure of your personal data.
Object to processing of your personal data.
If you wish to exercise any of the rights set out above, please contact us at info@gritworkscollective.com.
10. Do Not Sell or Share My Personal Information
Gritworks Collective LLC does not sell or share your personal information with third parties for monetary or other valuable consideration, as defined under the California Consumer Privacy Act (CCPA/CPRA). We do not engage in cross-context behavioral advertising. If this ever changes, we will update this policy and give you a clear way to opt out.
11. Data Breach Notification
In the event of a data breach involving your unencrypted personal information, Gritworks Collective LLC will inform affected California residents within 72 hours of discovery, as required by California Civil Code § 1798.82. Notice will be provided via email to the address on file. If the breach affects more than 500 California residents, we will also notify the California Attorney General.
12. HIPAA & Healthcare Compliance
Gritworks Collective provides coaching and advising, not medical or psychological therapy. As such, we are not a Covered Entity under HIPAA, and the data you share is not considered Protected Health Information (PHI/ePHI). We do not require or execute Business Associate Agreements (BAAs) for standard platform use. However, we voluntarily employ bank-level encryption and security measures that align with strict data protection standards.
13. Delete Your Data
You have the right to request permanent deletion of all your personal data under GDPR (EU) and CCPA (California). This includes your:
Account information (name, email, phone number)
Questionnaire responses and typology results
Mission progress and action logs
Goals, KPI tracking, and streak data
Payment records and enrollment history
Accountability Partner contact information (if designated)
This action is permanent and cannot be undone.
To request data deletion, you can either:
Visit your Profile page and use the "Delete Account" option under Account Details