Privacy Policy
Last updated: February 2026
1. Introduction
Grivn ("we", "our", or "us") operates the grivn.com website and the Grivn deep linking platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.
2. Information We Collect
Account Information
When you create an account, we collect your name, email address, and authentication credentials. If you sign in via a third-party provider (Google, GitHub, Apple), we receive basic profile information from that provider.
Deep Link Click Data
When a user clicks a deep link, we collect the following information for analytics and deferred deep link matching:
- IP address (anonymized after 48 hours — last octet zeroed)
- User-Agent string (browser and OS information)
- Referer URL (the page the click originated from)
- UTM parameters (utm_source, utm_medium, utm_campaign, utm_content, utm_term)
- Accept-Language header
- Screen resolution and timezone (when provided by SDK)
Device Fingerprinting
We generate a SHA-256 hash based on IP address, device type, and operating system. This fingerprint is used solely for deferred deep link matching (linking a click to a subsequent app install) and is not used for cross-site tracking or advertising purposes.
Geographic Data
We derive approximate geographic location (country, region, city) from IP addresses. We do not collect GPS coordinates or precise device location.
Cookies and Tracking Technologies
We use cookies and similar technologies to maintain your session, remember your preferences, and analyze service usage. You can control cookie settings through your browser preferences.
3. How We Use Your Information
- Provide, operate, and maintain our deep linking services
- Process your transactions and manage your account
- Provide analytics and reporting on deep link performance
- Send you service-related communications and updates
- Detect, prevent, and address technical issues or security threats
- Comply with legal obligations
4. Data Sharing and Disclosure
We do not sell your personal information. We may share your data with trusted third-party service providers who assist us in operating our platform (e.g., payment processors, cloud hosting, email services). These providers are contractually obligated to protect your data.
We may also disclose your information when required by law, to protect our rights, or in connection with a business transfer such as a merger or acquisition.
5. Data Security
We implement industry-standard security measures including encryption in transit (TLS/HTTPS), encrypted storage, access controls, and regular security audits. While no method of transmission over the Internet is 100% secure, we strive to protect your data using commercially acceptable means.
6. Data Retention
We retain your personal information for as long as your account is active or as needed to provide our services. When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law.
Analytics Data Retention
- IP addresses: Anonymized after 48 hours (last octet zeroed to x.x.x.0). Full IP is retained for 48 hours solely for deferred deep link matching.
- Raw click data (including anonymized IP, User-Agent, UTM parameters): Automatically deleted after 90 days.
- Aggregated statistics (click counts, device breakdown — no personal data): Retained for 365 days.
- Deferred deep link matching data: Expires after 48 hours, cleaned up within 1 additional day.
You may request deletion of your analytics data at any time through the dashboard or by contacting us.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access and receive a copy of your personal data
- Rectify inaccurate or incomplete data
- Request deletion of your personal data
- Object to or restrict processing of your data
- Data portability
- Withdraw consent at any time
To exercise any of these rights, please contact us at support@grivn.com.
8. SDK Data Collection
Our mobile SDKs (iOS and Android) are integrated by app developers to enable deep linking functionality.
Data Collected by the SDK
- User-Agent string (device model and OS version)
- Screen resolution
- Timezone
- Device language
Data NOT Collected by the SDK
- Advertising identifiers (IDFA/GAID)
- Contacts or address book
- GPS or precise location
- Photos, camera, or microphone data
Opt-Out
App developers can disable analytics data collection by calling setAnalyticsEnabled(false) in the SDK. When disabled, the SDK will not send deferred deep link requests or install confirmation data. Regular deep link handling (Universal Links / App Links) continues to work normally.
9. Children's Privacy
Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will take steps to delete such information promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the service after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have any questions about this Privacy Policy, please contact us at support@grivn.com.