Legal

Privacy Policy

Last updated 4 July 2026

This policy explains what personal data we collect, why we collect it, how we use and protect it, and the rights you have over it. Our approach is simple: we collect only what we need to deliver your order, and nothing more.

Who is responsible

Grimoire ("we", "us", "our") is the controller of the personal data described here. Grimoire operates from within the DACH region. For any privacy question or request, contact us at hello@grimoireco.com.

What we collect

We collect only what we need to deliver your order and communicate with you:

How we use your data

We use your data to:

Our legal bases

Where data-protection law such as the GDPR applies, we rely on performance of a contract to deliver your order, legal obligation for tax and accounting records, legitimate interests to run and improve our business and secure our systems, and consent where we specifically request it. You may withdraw consent at any time.

Who we share it with

We do not sell your personal data. We share it only with the service providers who help us operate, and only as far as needed:

ProviderPurpose
StripePayment processing
TallyCollecting your brief responses
CloudflareHosting, domain, and email routing

These providers process data on our behalf under their own terms and security measures. We may also disclose data where we are required to by law.

International transfers

Some of our providers may process data outside your country, including outside the European Economic Area. Where that happens, we rely on appropriate safeguards — such as standard contractual clauses or an adequacy decision — as required by applicable law.

How long we keep it

We keep personal data only as long as necessary for the purposes above: for the duration of your engagement, and afterwards as needed to maintain records, meet legal and tax obligations, and resolve disputes. When data is no longer needed, we delete or anonymise it.

Your rights

Depending on where you live, you may have the right to access, correct, delete, or restrict the processing of your personal data; to object to certain processing; to data portability; and to withdraw consent. To exercise any of these, email hello@grimoireco.com. You also have the right to lodge a complaint with your local data-protection authority.

How we protect it

We take reasonable technical and organisational measures to protect your data against loss, misuse, and unauthorised access. No method of transmission or storage is ever completely secure, but we work to safeguard your information and to use reputable providers who do the same.

Cookies

Our website is intentionally lightweight and does not use non-essential tracking cookies. Third-party tools we link to — such as our payment and brief providers — may set their own cookies, subject to their own policies, when you use them.

Children

Our deliverables are intended for professionals and are not directed at children. We do not knowingly collect personal data from anyone under 16.

Changes to this policy

We may update this policy from time to time. The current version is always available on this page, with the date of the latest revision shown at the top.

Contact us

Questions or requests about your privacy? Email hello@grimoireco.com and we'll respond as promptly as we can.