Legal

Privacy Policy

How we collect, use, and protect your personal information.

Effective: February 1, 2026 Last Updated: February 1, 2026

GroSum ("we", "our", "us") operates the www.grosum.com website and the GroSum performance management platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

1. Information We Collect

Personal Information: When you register, request a demo, start a free trial, or contact us, we may collect:

  • Full name, email address, and phone number
  • Company name, job title, and company size
  • Billing and payment information (processed via secure third-party providers)

Platform Data: When your organization uses GroSum, we process:

  • Employee profile data (as provided by your organization)
  • Performance review content, ratings, and feedback
  • OKR/goal data, check-in notes, and pulse survey responses
  • 360° feedback submissions

Automatically Collected Information:

  • IP address, browser type, device information, and operating system
  • Pages visited, time spent, referral source, and click patterns
  • Cookies and similar tracking technologies (see our Cookie Policy)

2. How We Use Your Information

We use your information for the following purposes:

  • To provide, maintain, and improve the GroSum platform
  • To process your requests, demos, and trial signups
  • To send transactional emails (account setup, review cycle notifications)
  • To send marketing communications (only with your consent; unsubscribe anytime)
  • To provide customer support and respond to inquiries
  • To generate aggregated, anonymized analytics for product improvement
  • To detect, prevent, and address security issues and fraud

3. Data Sharing & Third Parties

We do not sell your personal data. We may share information with:

  • Service Providers: Cloud hosting, email delivery, payment processing, and analytics providers who process data on our behalf under strict confidentiality agreements
  • Your Organization: Platform data is accessible to authorized administrators within your organization as configured by them
  • Legal Requirements: When required by law, subpoena, or government request
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with prior notice)

4. Data Security

We implement industry-standard security measures including:

  • SSL/TLS encryption for all data in transit
  • AES-256 encryption for data at rest
  • Role-based access controls and audit logging
  • Regular security assessments and vulnerability testing
  • SOC 2 aligned infrastructure and practices

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. If you or your organization terminates the account, we will delete or anonymize your data within 90 days, unless retention is required by law. Website form submissions are retained for up to 24 months.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your personal data
  • Object to or restrict certain processing activities
  • Data portability (receive your data in a structured format)
  • Withdraw consent for marketing communications

To exercise these rights, contact us at [email protected].

7. International Data Transfers

GroSum operates globally and may transfer data across borders. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses where applicable.

8. Children's Privacy

GroSum is a business-to-business platform and is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date. Continued use of our services after changes constitutes acceptance of the revised policy.

10. Contact Us

For any privacy-related questions or requests: