Privacy Policy

2) Information We Collect

We collect information that identifies, relates to, describes, or is capable of being associated with you (“Personal Data”) and other information about you. Examples include: Account and Profile Data: name, email, phone number, company, role, billing information. Content You Provide: texts, images, logos, design briefs, feedback, and other materials you provide to us to perform Services. Transactional Data: order details, payment history, invoices, and related communications. Usage Information: how you use our website and Services, device identifiers, IP address, browser type, referring/exit pages, and timestamps. Technical Data: server logs, error reports, and security-related data. Commercial Information: records of products or services purchased, or considered for purchase. Personal Data from Third Parties: if you authorize, we may obtain information from third-party sources (e.g., payment processors, marketing platforms) to facilitate Services.

 

3) How We Collect Information

Direct Interactions: when you create an account, request services, fill forms, contact us, or communicate with our team. Automated Collection: through cookies, analytics tools, and similar technologies on our site and within Deliverables.

Communications: emails, chat transcripts, and other correspondence.

Integrations and Plugins: data from third-party platforms (e.g., Wix, Shopify) when you connect or integrate with their services through our Deliverables.

 

4) How We Use Your Information

Provide and Manage Services: design, development, deployment, maintenance, and support of websites on platforms like Wix, Shopify, etc. Personalize and Improve: customize experiences, optimize our Services, and analyze usage trends.

Communication: respond to inquiries, provide updates, and send invoices and transactional messages. Security and Fraud Prevention: monitor for security incidents, detect and prevent fraud, and comply with legal obligations.

Legal and Compliance: enforce our agreements, resolve disputes, and comply with laws and regulatory requirements. Marketing (with consent): send marketing communications where permissible; you can opt out at any time.

 

5) Legal Bases for Processing (GDPR context, where applicable)

Performance of a contract: to provide and manage Services you’ve requested.

Legitimate interests: for security, fraud prevention, and internal analytics.

Consent: for activities like marketing communications (where required by law).

Legal obligation: to comply with applicable laws.

 

6) Sharing and Disclosure of Information

Service Providers: we may share with third-party vendors who perform services for us (e.g., payment processing, hosting, analytics, email services), under written agreements that require them to protect Personal Data. Clients/Authorized Persons: you may share information with your own team or affiliates as needed to receive Services. Business Transfers: in connection with a merger, acquisition, restructuring, or sale of assets; in such case, Personal Data may be transferred. Legal Requirements: to comply with law, respond to lawful requests, protect our rights, or enforce our agreements. Aggregate/De-identified Data: we may share aggregated or de-identified information for analytics and business insights.

 

7) Cookies and Tracking Technologies

We and our service providers use cookies and similar technologies to collect information about your use of our site and Deliverables. This helps with analytics, security, and personalized experiences. You can manage cookies via your browser settings. Some features may not function properly if cookies are disabled.

Do Not Track: Our processing does not respond to Do Not Track signals consistently across all browsers and jurisdictions. Where required by law, we offer opt-out controls and consent mechanisms for tracking in applicable jurisdictions.

 

8) Data Transfers and International Data Processing: Your information may be stored and processed in the United States or other jurisdictions where we or our service providers maintain facilities. When you are located outside the United States, you consent to transfer of information to the United States or other jurisdictions with different data protection laws. If required by law or contract, we will implement appropriate safeguards (e.g., Standard Contractual Clauses) for cross-border data transfers. A Data Processing Agreement (DPA) may be executed to govern processing of Personal Data. DPA Note: If you process Personal Data on our behalf (as a client), we will exchange a DPA detailing roles (controller vs. processor), subprocessors, breach notification timelines, data subject rights handling, and security measures.

 

9) Data Retention

We retain Personal Data for as long as necessary to fulfill the purposes described in this policy, including for the purposes of satisfying any legal, accounting, or reporting requirements. When we no longer need Personal Data, we will securely delete, anonymize, or de-identify it, or otherwise retain it as permitted by law.

 

10) Security

We employ industry-standard technical and organizational measures to protect Personal Data from unauthorized access, disclosure, alteration, and destruction. Backups: We implement regular backups where applicable; you are responsible for backups unless otherwise stated. Breach Notification: In the event of a data breach affecting Personal Data, we will notify affected individuals and relevant authorities as required by law and cooperate with you to remediate.

 

11) Data Subject Rights (Your Rights)

Access and Portability: you may request access to your Personal Data and obtain a copy. Correction: you may correct inaccuracies in your Personal Data.

Deletion: you may request removal of Personal Data, subject to legal obligations.

Restriction and Objection: you may restrict or object to processing in certain circumstances. Automated Decision-Making: you have rights related to automated processing where applicable. To exercise rights, contact us using the information below. We may verify your identity before fulfilling requests.

 

12) Marketing and Communication Preferences: You may opt out of marketing communications at any time by using the unsubscribe option in emails or by contacting us. We may continue to contact you for service-related purposes even after you opt out of marketing.

 

13) Third-Party Websites and Services

Our Services may link to third-party websites, apps, or services. We are not responsible for their privacy practices. Review their privacy policies directly.

 

14) Children’s Privacy

Our Services are not directed to children, and we do not knowingly collect Personal Data from children under 16 (or under applicable age) without proper consent where required.

 

15) Do Not Sell My Personal Information (CPRA/CCPA context) California residents: We do not sell Personal Data as defined by the California Consumer Privacy Act (CCPA) or CPRA. If this changes, we will update this policy and provide an opt-out mechanism. To the extent applicable, California residents may exercise CPRA rights including access, deletion, and opting out of the sale/sharing of Personal Data. We will honor these requests consistent with law. Virginia and Colorado residents: We respect your privacy rights under DPVA and CPA, including access, deletion, and opt-out rights where applicable.

 

16) State Privacy Rights (where applicable)

California (CCPA/CPRA): See Do Not Sell and CPRA notices above; provide access, deletion, and opt-out rights; consider a dedicated California privacy notice if you have material California data. Virginia (DPVA): You may request access, correction, deletion, and data-use restrictions where permitted; we provide a clear process for exercising rights. Colorado (CPA): You may request access, deletion, and data-use restrictions where applicable; we provide a process for handling requests.

 

17) Social Engineering and Security Awareness: We may remind clients about phishing and social engineering risks and provide guidance to protect credentials and accounts.

 

18) Accessibility and Compliance

We are committed to accessibility in privacy notices and forms to the extent feasible. If you collect data from users with disabilities, ensure privacy notices and forms are accessible in compliance with applicable laws (e.g., ADA considerations in presentation of privacy information).

 

19) Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated policy with an updated effective date. Material changes will be communicated as required by law or via our site.

 

20) How to Contact Us

For questions, requests, or concerns about privacy, please contact:

Email: support@grobizo.com

Phone: 1-800-803-1910

Address: 330 N Wabash Ave,

Chicago, IL 60611, United States