Privacy Policy

Effective date: 14 July 2026

The short version: the GRIND desktop app is local-first. Your beats, loops, contacts and submission history stay on your computer. This website collects personal data only when you apply for the private beta or contact us, and we do not sell personal data to anyone.

1. Who is responsible for your data

GRIND is operated by its founder, an individual based in France, who acts as the data controller for the processing described in this policy (the "controller" within the meaning of Regulation (EU) 2016/679, the GDPR). The controller's full identity is available on request through the contact address below, and will be published here once GRIND operates through a registered business entity.

Contact for anything related to personal data: contact@grindapp.io.

2. What this policy covers

This policy covers three things: the grindapp.io website, the private beta application process, and the data behavior of the GRIND desktop app during the private beta. If a future feature changes any of this, this policy will be updated before that feature ships.

3. Data we collect and why

Private beta application

When you apply, the application form asks for information such as your name or producer name, your email address, and answers about your music library, workflow and the problems you want solved. We use this to review applications, select testers, communicate with you about the beta and, for selected testers who complete the feedback cycle, manage founder pricing eligibility.

Legal basis: steps taken at your request prior to entering into a contract (Article 6(1)(b) GDPR) and our legitimate interest in running a small, well-matched test group (Article 6(1)(f) GDPR).

How you found us

When you open the application form, we pass along basic attribution values if they are present in the page address: campaign parameters (utm_source, utm_medium, utm_campaign, utm_content, utm_term), a referral value (ref), an invite code (invite_code) and which button you used (cta_location). This tells us which channels bring in applications. It is not used to build advertising profiles.

Legal basis: legitimate interest in measuring where applications come from (Article 6(1)(f) GDPR).

Email

If you write to us, we keep the correspondence for as long as needed to handle your request and our relationship with you.

Hosting logs

Our hosting provider processes technical data (such as IP addresses and requested pages) in server logs for security and delivery of the website. We do not use this data to identify visitors.

Cookies and tracking

This website sets no advertising or analytics cookies and runs no third-party trackers. The application form (Tally) may use strictly necessary cookies for the form to function when you open it. Because we only use technical storage that is strictly necessary, no cookie consent banner is required.

4. The GRIND desktop app

GRIND is local-first by default. During the private beta:

Feedback you send us during the beta (messages, screenshots, recordings you choose to share) is processed to improve the product, on the basis of our legitimate interest and, where you volunteer it, your consent.

5. Who processes data for us

We use a small number of service providers acting as processors:

These providers process data only on our instructions under data processing agreements.

6. International transfers

Some providers (such as Netlify) are located in the United States. Where personal data is transferred outside the European Economic Area, we rely on an adequacy decision such as the EU-US Data Privacy Framework where the provider is certified, or on the European Commission's Standard Contractual Clauses.

7. How long we keep data

8. Your rights (EU/EEA and UK)

You can ask us at any time to access, correct, delete or receive a copy of your personal data, to restrict or object to its processing, and to withdraw any consent you gave (without affecting past processing). Write to contact@grindapp.io and we will respond within one month.

You also have the right to lodge a complaint with a supervisory authority. In France that is the CNIL (cnil.fr); you may also complain to the authority of your own country of residence.

9. California and other US residents

We do not sell personal information and we do not share it for cross-context behavioral advertising, as those terms are defined in the California Consumer Privacy Act as amended by the CPRA. California residents may request access to, deletion of, or correction of their personal information, and will not be discriminated against for exercising those rights. Use the same contact address above; we honor these requests for all US residents regardless of state.

10. Children

The website and the beta program are not directed at children under 16, and we do not knowingly collect their data. If you believe a minor has applied, contact us and we will delete the data.

11. Security

Application data lives with processors chosen for their security practices, access to it is limited to the people running the beta, and the desktop app keeps your creative work on your own machine by design, which is the strongest protection we can offer for unreleased music.

12. Changes to this policy

If we change this policy, the new version will be posted here with a new effective date. If a change meaningfully affects how your data is used, we will tell applicants and testers by email before it takes effect.

13. Contact

GRIND (France) ยท contact@grindapp.io