Privacy Policy

Grapla ("we", "us", "our") is operated from Dublin, Ireland. This policy explains what personal data we collect when you use the Grapla iOS app and this website, how we use it, and your rights under the General Data Protection Regulation (GDPR).

We collect the minimum data necessary to operate the service. We do not sell your personal data to third parties.

Depending on how you use Grapla, we may process the following:

• —Usage data — which positions, techniques, and transitions you view, to power the Pathfinder feature and personalise your experience.
• —Subscription status — your active tier (Explorer, Competitor, Black Belt), managed entirely by Apple In-App Purchase. We do not store payment card details.
• —Device information — iOS version and device model, collected by Apple and shared with us in aggregate for crash reporting.
• —Crash logs — anonymous stack traces sent via Apple's built-in crash reporting to help us fix bugs.

Under GDPR, we rely on the following legal bases:

• —Contract performance — processing your account and subscription data is necessary to deliver the service you signed up for.
• —Legitimate interests — analysing usage patterns (in aggregate) to improve app features and content.
• —Legal obligation — retaining billing records as required by Irish tax law.

• —Authenticate you and maintain your account session.
• —Restore your subscription tier across devices.
• —Personalise drill paths and Pathfinder suggestions based on your usage history.
• —Send transactional emails (account creation, password reset) — no marketing emails without explicit consent.
• —Diagnose crashes and improve app stability.

We do not sell or rent your personal data. We share data only with:

• —Apple Inc. — for In-App Purchase billing and App Store analytics. Apple's privacy policy governs their handling of this data.
• —Vercel Inc. — this website is hosted on Vercel. Server logs may include your IP address for a limited period.
• —Law enforcement — only where required by a valid legal obligation under Irish or EU law.

We retain your account data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where retention is required by law (e.g. billing records, which we keep for 7 years under Irish Revenue requirements).

If you are in the European Economic Area, you have the right to:

• —Access — request a copy of the personal data we hold about you.
• —Rectification — ask us to correct inaccurate data.
• —Erasure — ask us to delete your data ("right to be forgotten").
• —Portability — receive your data in a machine-readable format.
• —Restriction — ask us to restrict processing while a dispute is resolved.
• —Object — object to processing based on legitimate interests.
• —Withdraw consent — where processing is based on consent, withdraw it at any time.

To exercise any of these rights, email us at privacy@grapla.app. We will respond within 30 days. You also have the right to lodge a complaint with the Data Protection Commission (Ireland) at dataprotection.ie.

This website uses no advertising or analytics cookies. Vercel may set a strictly necessary session cookie for performance and security. The Grapla iOS app does not use third-party advertising SDKs.

Grapla is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

We may update this policy as the app evolves. Material changes will be communicated via an in-app notice. Continued use after the effective date constitutes acceptance of the updated policy.

Data controller: Grapla, Dublin, Ireland.
Email: privacy@grapla.app