Privacy policy

How we handle your information.

Plain language. What we collect, what we do with it, who we share it with — and what you can ask us to delete at any time.

Effective May 20, 2026v1.0
Section 01

Overview

This privacy policy describes how GRAIN Method ("we," "us," or "GRAIN") collects, uses, and shares information when you visit grainmethod.com, request an audit, or become a client.

We collect only what we need to run the system you hired us to run. We do not sell your data, and we never share another client's data with you.

[PLACEHOLDER: Your attorney's full overview language here.]

Section 02

What we collect

From visitors to our website:

  • Standard server log data (IP, browser, referrer, pages visited) for security and analytics
  • Google Analytics 4 events, anonymized to the extent possible
  • Any information you submit through the audit application form

From clients:

  • Business information you provide during onboarding (CRM exports, lead data, customer records)
  • Communications between you and our team
  • Usage data from your Mission Control dashboard

[PLACEHOLDER: Detailed data inventory and lawful basis under GDPR / CCPA.]

Section 03

How we use it

We use the information we collect to:

  • Run the lead-response and follow-up automations you've engaged us for
  • Generate attribution reports tied to your account
  • Improve the system over time using anonymized, aggregated signal across the client network
  • Communicate with you about your account, billing, and service

We do not use your data to train external models. We do not sell or rent your data.

[PLACEHOLDER: Specific processing purposes per regulatory framework.]

Section 04

Who we share with

We share data only with subprocessors required to deliver the service. A current list of subprocessors is available on request.

We may disclose information if required by law, court order, or to investigate fraud or security incidents.

[PLACEHOLDER: Full subprocessor list and DPA terms.]

Section 05

Cookies & analytics

We use Google Analytics 4 to understand how visitors find and use the site. GA stores a small set of cookies in your browser. You can opt out via your browser settings or the Google Analytics opt-out browser add-on.

We do not use third-party advertising cookies or remarketing pixels.

[PLACEHOLDER: Full cookie disclosure + categories per ePrivacy / CCPA.]

Section 06

Your rights

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Request deletion of your information
  • Opt out of certain processing
  • Request a copy of your data in a portable format

To exercise any of these rights, email audit@grainmethod.com. We respond within 30 days.

[PLACEHOLDER: Region-specific rights (GDPR / CCPA / CPRA) and verification procedures.]

Section 07

Data retention

We retain client business data for the duration of the engagement plus 90 days after termination, then it is purged from our active systems. Backups are rotated and overwritten within 12 months.

Audit applications from non-clients are retained for 12 months unless you ask us to delete them sooner.

[PLACEHOLDER: Specific retention schedules per data category.]

Section 08

Contact us

Questions about this policy, or your data:

GRAIN Method
Nashville, TN
audit@grainmethod.com

Note for legal review: this document is a structural placeholder. The bracketed sections must be reviewed and filled in by your attorney before this page goes live.

Questions? Just ask.

Honest answers, plain language, no run-around. We'd rather over-explain than leave room for confusion.

Email us Apply for an audit