Legal

Privacy Policy

Effective date: June 12, 2026 · Last updated: June 12, 2026

Short version: Grantio is a developer tool. We collect only what is necessary to operate the service. We do not sell your data. Your Google Play purchase data is processed on your own infrastructure.

1. Who We Are

Grantio is operated by Epignosis. This Privacy Policy explains how we collect, use, and protect information when you use our MCP server, SDK, and associated web tools (collectively, "the Service").

For privacy-related questions, contact us at privacy@epignosishq.com.

2. Information We Collect

We collect the following categories of information:

Category	Examples	Purpose
Account data	Email address, organisation name	Account creation and communication
Configuration data	Project IDs, product mappings, paywall configs	Running the Service on your behalf
Usage data	API call counts, error rates, latency metrics	Service reliability and improvement
Technical data	IP addresses, user-agent strings, request timestamps	Security, rate limiting, abuse prevention

We do not store Google Play purchase tokens or transaction details. Purchase verification requests are proxied to Google's API and the result is returned to your application; we do not persist the raw purchase data.

3. Information We Do Not Collect

End-user personal data from your application's users
Google Play purchase tokens beyond the duration of a single API request
Payment card information or financial data
Sensitive personal categories (health, biometric, etc.)

4. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve the Service
Authenticate requests and enforce rate limits
Detect, investigate, and prevent security incidents or abuse
Send you important notices about the Service (e.g. breaking changes, downtime)
Comply with legal obligations

We do not use your data for advertising or sell it to third parties.

5. Data Sharing

We share data only in these circumstances:

Google APIs — purchase verification requests are forwarded to Google Play Developer API using your own service account credentials.
Infrastructure providers — we use Google Cloud (Firebase) to host the Service. Data is processed in accordance with Google Cloud's data processing terms.
Legal requirements — if required by law, court order, or governmental authority.
Business transfers — in connection with a merger, acquisition, or sale of assets, with notice to you.

6. Data Retention

We retain data for as long as your account is active or as needed to provide the Service. Configuration data is deleted within 30 days of account closure. Aggregated, anonymised usage statistics may be retained indefinitely.

Server logs containing IP addresses and request metadata are retained for up to 90 days for security purposes.

7. Security

We implement industry-standard security measures including:

TLS encryption for all data in transit
Encryption at rest for stored credentials and configuration
Rate limiting and IP-based abuse detection
Regular security reviews of our codebase

No method of transmission or storage is 100% secure. We encourage you to protect your own API keys and service account credentials.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access — request a copy of the data we hold about you
Rectification — correct inaccurate or incomplete data
Erasure — request deletion of your data
Portability — receive your data in a structured, machine-readable format
Objection — object to processing based on legitimate interests
Restriction — request that we restrict processing in certain circumstances

To exercise any of these rights, contact us at privacy@epignosishq.com. We will respond within 30 days.

9. Cookies and Tracking

The Service's web interface uses only functional cookies necessary for authentication and session management. We do not use third-party analytics trackers, advertising cookies, or fingerprinting technologies.

10. Children's Privacy

The Service is intended for developers and is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, contact us and we will delete it promptly.

11. International Transfers

The Service is hosted on Google Cloud infrastructure. Data may be processed outside your country of residence. Where required, we rely on Standard Contractual Clauses or other lawful transfer mechanisms to ensure adequate data protection.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date at the top and, for material changes, notify you by email or via a notice in the Service. Continued use of the Service after changes constitutes your acceptance of the updated policy.

13. Contact

For any privacy-related questions or to exercise your rights:

Epignosis — Data Privacy
Email: privacy@epignosishq.com

For general inquiries: legal@epignosishq.com