Privacy

Privacy Policy

Greve helps B2B teams research prospects, build personalized outreach pages, and track engagement. This policy explains what we collect, why we collect it, who we share it with, and the choices you have. We do not sell your personal data.

Last updated July 3, 2026

Summary

If you only read one section, read this. We collect account details, the URLs and content you submit to generate pages, usage signals that keep the product running, and engagement data when someone opens a shared outreach link. We use trusted providers for sign-in, payments, AI copy, email delivery, and file storage. You can ask us to delete your account. We aim to be plain about all of it.

  • We do not sell personal information to advertisers or data brokers.
  • Demo mode works without an account; we use a browser fingerprint only to enforce free limits.
  • Generated pages can be shared on public links. Only put in what you are comfortable sharing.
  • AI features send public website text to our model provider to draft copy.
  • You can contact us anytime to access, correct, or delete your data.

Who this policy applies to

This policy covers visitors to greve.io (and related domains), people who use the free demo, registered users, and anyone who opens a Greve-generated outreach page at a public share link. If you use Greve on behalf of a company, you are responsible for making sure your use complies with your employer's policies and with laws that apply to your outreach.

Questions or requests: hello@greve.io. We try to respond within a few business days.

Information we collect

Account and profile data. When you sign in with Google, we receive your name, email address, and Google account identifier. If you complete onboarding, we store your organization name and how you heard about Greve. You may also save a sender name and email for outreach messages.

Content you provide. This includes prospect and company URLs, generated page copy, template choices, angles, email subjects, and edits you make in the editor. We store generated pages so you can share, track, and update them.

Usage and product data. We log actions such as page generation, dashboard visits, credit usage, billing events, and errors. This helps us run the service, prevent abuse, and improve reliability.

Engagement on shared pages. When a prospect opens a public link (for example /m/[id]), we may record views, time on page, and return visits so you can prioritize follow-up. We do not intentionally identify visitors by name unless they choose to identify themselves.

Marketing site analytics. On our marketing pages we may record path visits, referrer, UTM parameters, and browser fingerprint (for demo quota). If you accept analytics cookies in our banner, we store that preference and may log additional visit data to understand what content is useful.

Technical data. IP address, browser type, device information, and timestamps are collected in server logs and security systems. This is standard for operating a web application.

How we use your information

  • Provide core features: research, page generation, sharing, engagement tracking, and follow-up tools.
  • Authenticate you and keep your account secure.
  • Process payments and manage subscriptions and credits.
  • Send transactional emails such as welcome messages, demo follow-ups, and account notices.
  • Enforce demo limits and prevent fraud or abuse.
  • Improve the product through aggregated usage analysis.
  • Comply with law and respond to valid legal requests.

We do not use your private outreach content to train public AI models for unrelated products. Our AI provider processes prompts to generate your page copy as part of delivering the service you requested.

Legal bases (EEA / UK users)

If GDPR or UK GDPR applies, we rely on: (1) contract to provide the service you signed up for; (2) legitimate interests to secure our platform, prevent abuse, and improve features in ways that do not override your rights; (3) consent where required for non-essential cookies or certain marketing; and (4) legal obligation where we must retain or disclose data by law.

How we share information

We share data only with service providers that help us run Greve, under contracts that require them to protect it and use it only for our instructions:

  • Google: OAuth sign-in (name, email, profile identifier).
  • OpenAI: public text from URLs you submit, used to draft outreach copy.
  • Dodo Payments: subscription billing; we do not store full payment card numbers.
  • Email delivery (SMTP): transactional messages to your inbox.
  • Cloud hosting and database providers: to store application data.
  • Amazon S3 (or equivalent object storage): email preview images attached to outreach.

We may also disclose information if required by law, to protect rights and safety, or in connection with a merger or acquisition where the successor is bound by similar privacy commitments. We do not sell personal information.

Public share links

Outreach pages you generate can be accessed by anyone with the link. Treat share URLs like unlisted documents: not secret, but not broadly published unless you send them. Page content may include company names, research snippets, and messaging aimed at a prospect. Do not include passwords, health data, or other sensitive categories unless you have a lawful basis and the prospect expects it.

Cookies and local storage

Essential. Session cookies for sign-in and security. Theme preference (light/dark) may be stored locally.

Analytics (optional). If you accept analytics in our cookie banner, we may record marketing page visits to improve the site. You can change your choice anytime by clearing site data or contacting us.

Local storage. Some dashboard state may be cached in your browser for speed. Cloud-backed features sync to your account when you are signed in.

See also our Terms of Service.

Data retention

We keep account data while your account is active. Generated pages and engagement logs remain until you delete them or close your account, unless we must keep copies for legal or security reasons. Server logs and security records are retained for a limited period, then deleted or aggregated. Cookie consent records are kept to demonstrate compliance.

When you request deletion, we will remove or anonymize personal data within a reasonable time, except where retention is required by law or for dispute resolution.

Security

We use industry-standard measures: encrypted connections (HTTPS), access controls, hashed credentials where applicable, and provider security for infrastructure. No system is perfectly secure. If we learn of a breach that affects your personal data, we will notify you and regulators as required by law.

International transfers

Greve may process data in the United States and other countries where our providers operate. If you are in the EEA, UK, or Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses where required for cross-border transfers.

Your rights and choices

Depending on where you live, you may have the right to:

  • Access a copy of personal data we hold about you.
  • Correct inaccurate information.
  • Delete your account and associated data.
  • Object to or restrict certain processing.
  • Export your data in a portable format where feasible.
  • Withdraw consent where processing is consent-based.
  • Lodge a complaint with your local data protection authority.

To exercise these rights, email hello@greve.io. We may need to verify your identity before fulfilling a request. You can cancel a paid subscription from dashboard settings before deleting your account.

California residents (CCPA / CPRA)

We do not sell or share personal information for cross-context behavioral advertising as defined under California law. California residents may request access, deletion, and correction of personal information, and may opt out of any future sale if our practices change. We will not discriminate against you for exercising privacy rights.

Children

Greve is a B2B product not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us data, contact us and we will delete it.

Changes to this policy

We may update this policy when we launch features, change providers, or adjust legal requirements. We will post the new date at the top of this page. For material changes, we will try to notify you by email or in-app notice. Continued use after the effective date means you accept the updated policy.