Last updated: June 1, 2025
Gromore is committed to the General Data Protection Regulation (GDPR) and your right to control your personal data. This page explains your data subject rights and how to exercise them.
Right of access
You can request a copy of all personal data we hold about you at any time.
Right to rectification
You can ask us to correct any inaccurate personal data we hold about you.
Right to erasure
You can ask us to delete your personal data (‘right to be forgotten’) in certain circumstances.
Right to restriction
You can ask us to restrict how we process your data while we address a complaint.
Right to data portability
You can request your data in a machine-readable format and transfer it to another service.
Right to object
You can object to processing based on legitimate interests or for direct marketing purposes.
Rights related to automated decision-making
You have the right not to be subject to solely automated decisions that significantly affect you.
Exercise your rights
To exercise any of the rights above, email us at [email protected] with the subject line Data Subject Request. We will respond within 30 days as required by GDPR Art. 12.
Gromore is the data controller for personal data collected through our platform. Our registered contact for data protection matters is: Gromore Data Protection Email: [email protected] Address: Bangalore, Karnataka, India
We collect: • Account information: name, email address, company name, job title • Usage data: pages visited, features used, device and browser info • Creator data you choose to track (public social media profiles) • Payment data: billing address, last 4 digits of payment card (full card data processed by Stripe) • Communications: emails and support tickets you send us
We rely on the following legal bases under GDPR Article 6: • Contract performance (Art. 6(1)(b)): To provide the Gromore service you have subscribed to • Legitimate interests (Art. 6(1)(f)): To improve our product, prevent fraud, and send service-related communications • Consent (Art. 6(1)(a)): For marketing communications and optional analytics cookies • Legal obligation (Art. 6(1)(c)): To comply with applicable law (e.g. financial records retention)
Gromore uses Supabase (EU region) and Vercel (EU region) as primary infrastructure providers. Where data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or we verify that the recipient country provides an adequate level of protection.
We retain your personal data for as long as your account is active or as needed to provide services. After account deletion, we retain data for up to 90 days to allow recovery, then permanently delete it unless we are required by law to retain it longer (e.g. 7 years for financial records under Indian tax law).
We use strictly necessary cookies to keep you signed in. Optional analytics and marketing cookies are only set with your consent. See our Cookie Policy for full details.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, and affected users without undue delay where required under GDPR Art. 33 and 34.
We conduct DPIAs for high-risk processing activities as required by GDPR Art. 35, including for new features involving large-scale processing of personal data or new tracking technologies.
If you are located in the EEA and believe we have not handled your data lawfully, you have the right to lodge a complaint with your local data protection authority. A full list of EU supervisory authorities is available on the European Data Protection Board website.