Gram platform x

Privacy Policy

This Privacy Policy explains how Gram platform x processes personal data in connection with the Xgram platform services provided in the Netherlands. We act as a controller for account data and certain operational records, and as a processor where we handle content and assets on behalf of customers. We process data lawfully, fairly, and transparently, and only for specified purposes described below.

Categories of data. We collect account and contact details (such as name, email, company, role), authentication and security information, usage analytics, device and log data, content metadata, and billing identifiers. When acting under customer instructions, we may process media files, annotations, approvals, and workflow artifacts. We avoid collecting sensitive categories unless explicitly required by the service and enabled by the customer.

Purposes and legal bases. We process data to deliver, secure, and improve the platform; provide support; measure performance; and meet legal obligations. Legal bases include performance of a contract, legitimate interests (for service integrity, product improvement, and fraud prevention), consent where required, and compliance with applicable law. Where we rely on legitimate interests, we balance our interests against user rights and implement safeguards.

Retention. We retain personal data only for as long as necessary for the purposes collected, including contractual requirements and legal retention periods. Backups follow rolling schedules with defined expiry. When a customer terminates, we delete or anonymize relevant data within commercially reasonable timelines unless further retention is mandatory.

Sharing. We share data with vetted service providers that support hosting, storage, security, analytics, and payments, under data processing agreements and confidentiality obligations. We may disclose data to authorities when legally required. In the event of corporate restructuring, data may transfer subject to equivalent protections. We do not sell personal data.

International transfers. Where data is transferred outside the European Economic Area, we implement appropriate safeguards such as Standard Contractual Clauses and additional measures aligned with guidance from supervisory authorities. We monitor developments affecting international data flows and adjust controls accordingly.

Security. We use layered technical and organizational measures: encryption in transit and at rest, access controls, audit logging, vulnerability management, and incident response procedures. Employees receive training on data protection and secure handling of information. Customers can further strengthen security through roles, permissions, and review workflows within the platform.

Data subject rights. Individuals in the EU and UK have rights to access, rectify, erase, restrict, port, and object to certain processing, as well as the right to withdraw consent where processing is based on consent. Requests can be submitted via email using the contact details below. We will verify identity and respond within applicable timelines.

Cookies and similar technologies. Our services use essential cookies for authentication and service continuity, as well as optional analytics cookies to understand usage patterns. Users can manage preferences through browser controls. For details on specific cookies and retention, contact us using the information below.

Children. Our services are designed for professional use. We do not knowingly process personal data of children under applicable age thresholds. If you believe a child provided data, contact us so we can take appropriate action.

Controller and contact. Gram platform x, Berenstraat 12, 1016 GH Amsterdam, Netherlands, is the controller for relevant processing. You can contact us at X-gramm.com@gmail.com or by phone at + (31) 64 829-57-31. For questions, complaints, or requests, please include sufficient details for verification.

Supervisory authority. You may lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). We encourage contacting us first so we can address your concerns promptly.

Changes. We may update this Policy to reflect operational, legal, or regulatory changes. Material updates will be announced within the service. Continued use of the service after an update indicates acceptance of the revised Policy.

Data processing agreements. Where required, we offer a data processing agreement governing our role as a processor for customer-controlled content and related artifacts. Customers are responsible for obtaining appropriate consents and ensuring their instructions comply with applicable laws.

Contact details

For legal notices, please refer to our internal legal information page and support documentation available from the dashboard.