Privacy Policy

Last updated: March 9, 2026

This Privacy Policy describes how GrnEdge LLC ("GrnEdge," "we," "us," or "our") collects, uses, discloses, and protects information in connection with our CRM Plumber website, application, and related digital services (the "Platform"), and explains your privacy rights and choices.

By using the Platform, you agree to this Privacy Policy. If you do not agree, please do not use the Platform.

1. Roles and Scope

For all users of the Platform, GrnEdge acts as a Controller (or "Business" under U.S. state privacy laws). We determine the purposes and means of processing your Personal Data in connection with the Platform.

We primarily conduct business in the United States. If we transfer or process data outside your jurisdiction, we use appropriate safeguards (see "International Transfers" below).

2. Definitions

• Personal Data means information that identifies or is reasonably linkable to an individual.
• Sensitive Personal Information (CPRA) includes precise geolocation, government IDs, financial account credentials, racial/ethnic origin, health data, etc.
• Platform means the CRM Plumber website, application, and all related services.
• User Data means data uploaded by users (such as CSV files) for processing through the Platform.

3. Information We Collect

A. Information You Provide

• Account registration details (email address and password).
• CSV files and data you upload for auditing, deduplication, email validation, and merging.
• Support requests and communications you send us.
• Billing and payment information when you purchase credits (processed by Stripe; we do not store your full credit card numbers).

B. Information Collected Automatically

• Device and usage information (IP address, browser type, operating system, pages viewed, timestamps, referral URLs).
• An essential session cookie used to maintain your authentication and in-session application state (see "Cookies & Tracking" below).
• Interaction data used to maintain service functionality and performance.

We do not intentionally collect Personal Data from children under 13 (see "Children's Privacy").

4. How We Use Personal Data

We use Personal Data to:

• Operate, secure, and improve the Platform.
• Process and audit your uploaded CRM data (CSV files) for duplicates and data quality issues.
• Validate email addresses through our email validation service.
• Provide AI-assisted duplicate merge suggestions.
• Process payments and manage your credit balance.
• Send transactional emails (account verification, password resets, security notices).
• Conduct internal troubleshooting and usage monitoring.
• Comply with law, enforce agreements, and protect rights, safety, and integrity.

Legal bases (GDPR/UK GDPR, where applicable): consent; performance of a contract; legitimate interests (e.g., securing and improving the Platform); compliance with legal obligations.

5. AI and Automated Processing

We use artificial intelligence (AI) services, including trusted third-party providers such as OpenAI, to process information and provide duplicate merge suggestions, data analysis insights, and other outputs.

• AI outputs may be incomplete or contain errors. You are responsible for reviewing and verifying AI-generated merge suggestions before accepting them.
• We do not use your Personal Data to train public AI models.
• We may use aggregated or de-identified data to improve features and performance.
• Where required by law, we obtain consent or provide opt-out mechanisms for AI-related processing.

6. Third-Party Services

To provide the Platform's functionality, we use trusted third-party service providers in the following categories:

• AI Service Providers — We use third-party AI services to power duplicate merge suggestions and data analysis. Your data may be processed by these providers in accordance with their data processing terms.
• Email Validation Providers — We use a third-party service to validate email addresses you submit through the Platform.
• Payment Processors — Payment processing is handled by a third-party payment processor. We do not store your full credit card numbers or banking details.
• Email Delivery Providers — We use a third-party service to deliver transactional emails (account verification, password resets). Your email address is shared with this provider for that purpose.
• Cloud Infrastructure Providers — We use industry-standard cloud hosting providers to store and process data securely.

7. Cookies & Tracking

The Platform uses an essential session cookie to maintain your authentication and in-session application state (such as your current audit progress). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

• "Sell" vs "Share" (CPRA) — We do not sell Personal Information. If we begin "sharing" Personal Information for cross-context behavioral advertising in the future, we will update this Policy and provide appropriate opt-out mechanisms.
• Sensitive Personal Information — We do not disclose or use Sensitive Personal Information to infer characteristics.

8. How We Disclose Personal Data

We may disclose Personal Data to:

• Service Providers who assist with hosting, security, email delivery, payment processing, email validation, or AI processing (obligated by contract to confidentiality and limited use).
• Affiliates under common control (subject to this Policy).
• Business transfers (e.g., merger, acquisition, asset sale).
• Legal and safety obligations (lawful requests, enforcement of terms, protection against harm or fraud).

We do not sell Personal Information.

9. Data Retention

We retain Personal Data only as long as reasonably necessary for the purposes described in this Policy or as required by law.

• Account records — Retained for as long as your account is active. You may request account deletion by contacting legal@grnedge.com.
• Uploaded CSV data and session data — Retained temporarily during your active use of the Platform and removed when no longer needed for service delivery.
• Credit and transaction metadata — We store records of credit purchases and usage within the Platform. Full payment and billing details are maintained by our third-party payment processor and governed by their own retention policies.
• Email validation cache — 90 days from the date of validation.

10. Security

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption in transit (HTTPS/TLS). Our cloud infrastructure providers may also encrypt data at rest.
• Hashed and salted password storage — we never store your password in plain text.
• Parameterized database queries to protect against injection attacks.
• Rate limiting on sensitive endpoints (login, password reset).
• Role-based access controls within the application.

No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

11. International Transfers

We primarily process data in the United States. If we transfer Personal Data internationally, we rely on appropriate safeguards, such as the EU Standard Contractual Clauses (and UK Addendum, where applicable), and conduct transfer assessments as required by law.

12. Your Privacy Rights

A. U.S. State Rights (including CA/VA/CO/CT/UT and similar laws)

Subject to exceptions, you may have the right to access, correct, delete, or obtain a portable copy of your Personal Information, and to opt out of targeted advertising ("sharing"), the sale of Personal Information (which we do not do), or profiling producing legal or similarly significant effects (which we do not conduct).

• Submit requests at legal@grnedge.com.
• We will respond within 45 days (we may extend once by 45 days with notice).
• If we deny your request, you may appeal within 45 days; appeal instructions will be included in our response. You may also contact your state Attorney General.

B. California (CPRA) Specifics

• Do Not Sell or Share My Personal Information. We do not sell Personal Information. If we begin sharing Personal Information for cross-context advertising, we will provide opt-out controls and honor GPC signals.
• Sensitive Personal Information. We do not use or disclose Sensitive Personal Information to infer characteristics; if that changes, we will provide required notices and controls.
• Non-discrimination. We will not discriminate against you for exercising your rights.

C. GDPR/UK GDPR (if applicable)

Rights include access, rectification, erasure, restriction, portability, and objection; withdrawal of consent where processing is based on consent. You may lodge a complaint with your local Supervisory Authority.

Identity verification. We may request information to verify your identity or authority. We will not disclose more than required for verification.

13. Do Not Track & Global Privacy Control

Our Platform does not currently respond to Do Not Track (DNT) or Global Privacy Control (GPC) signals. If we implement cross-context behavioral advertising in the future, we will honor GPC signals for applicable "do not sell/share" choices.

14. Children's Privacy

The Platform is not directed to children under 13. We do not knowingly collect Personal Data from children. If you believe a child has provided Personal Data to us, contact legal@grnedge.com and we will delete it. We do not knowingly sell or share minors' data; California minors (under 16) require opt-in for any sale or share.

15. Third-Party Links and Services

The Platform may link to third-party sites or services we do not control. Their privacy practices are governed by their own policies. We encourage you to review them.

16. Changes to This Privacy Policy

We may update this Policy periodically. Material changes will be posted here with a new "Last updated" date. Your continued use of the Platform after changes become effective constitutes acceptance.

17. How to Contact Us

• Email: legal@grnedge.com
• Mail: GrnEdge LLC, PO Box 92, Pomfret Center, CT 06259
• Website: grnedge.com/contact