Privacy

Gravexa, LLC (“Gravexa,” “we,” “us”) publishes this site to describe our services and to let prospective clients reach us. We collect very little, we don't sell anything to advertisers, and we keep this short on purpose.

If you only read one paragraph: we collect the email address (and any details) you choose to send through the contact form or newsletter, and we count anonymous page views through Vercel Analytics. We don't use cookies on this site. We don't share your information with advertisers, data brokers, or affiliates. You can ask us what we have about you, ask us to delete it, or unsubscribe from the newsletter at any time by emailing info@gravexa.com.

Who we are

Gravexa, LLC is a Delaware limited liability company. The fastest way to reach us is info@gravexa.com. Gravexa is the controller of the personal data described in this policy.

What we collect, and why

Contact form.When you write to us through the form on the contact page, we receive whatever you submit, typically your name, email address, company, and the content of your message. We use that to reply to you and to keep a record of the conversation. Legal basis: legitimate interest in responding to inbound business inquiries; in some jurisdictions, the contractual-steps basis if you're asking about an engagement.

Newsletter. If you sign up for our quarterly field notes, we collect your email address and add it to our newsletter list (managed by Resend). We use that address only to send the newsletter. Legal basis: your consent, which you can withdraw at any time. Every newsletter includes a one-click unsubscribe; unsubscribing is final and we honor it immediately.

Analytics.We use Vercel Analytics in cookieless mode to count page views and referrers in aggregate. This means we see things like “the audit-checklist post got 200 reads this week,” not “this particular visitor read this particular post.” No cookies are set, no fingerprinting is performed, and no third-party trackers run on this site. Legal basis: legitimate interest in understanding which of our writing is useful.

Server logs.Our hosting provider (Vercel) records standard request logs (IP address, timestamp, requested URL, user-agent) for security and abuse prevention. These are retained on Vercel's standard schedule and are not used to build a profile of you.

We do not collect special-category data (health, biometric, racial, political, religious, sexual-orientation, trade-union membership), payment information, or precise geolocation. We do not knowingly collect information from anyone under 16; if you believe a child has submitted information to us, email info@gravexa.comand we'll delete it.

Who we share it with

We share personal data only with the service providers that make the site work, and only as needed for them to do their job:

• Vercel, site hosting and analytics
• Resend, sending and managing newsletter delivery and transactional email from the contact form
• Microsoft 365, receiving and storing inbound mail to @gravexa.com addresses
• Cloudflare Turnstile, anti-spam challenge on the contact and newsletter forms; runs in privacy-friendly mode without cookies

Each of these is bound by its own data-processing terms with us. We don't sell your personal information, we don't share it for cross-context behavioral advertising, and we don't disclose it to advertisers, data brokers, or affiliates. We may disclose data if compelled by valid legal process or where reasonably necessary to protect the rights, property, or safety of Gravexa, our users, or the public.

Where it goes

Our service providers are primarily in the United States. If you're writing to us from the European Economic Area, the United Kingdom, or Switzerland, your data is transferred to the US under the standard contractual safeguards our processors maintain (typically the EU Standard Contractual Clauses or equivalent). You can ask us for a copy of the safeguards in place.

How long we keep it

• Contact-form correspondence: for as long as needed to resolve your inquiry, and then for a reasonable period after (typically up to 24 months) to maintain a record of the conversation. If you ask us to delete it sooner, we will.
• Newsletter list:until you unsubscribe, at which point your email address is removed from the active list. Suppression records (the fact that an address unsubscribed) may be retained to ensure we don't email you again by accident.
• Analytics: aggregated counts, not tied to identifiable individuals.
• Server logs:kept on our hosting provider's standard schedule.

Your rights

Depending on where you live, you may have some or all of the following rights regarding your personal data:

• Access. Ask what we have about you.
• Deletion / erasure. Ask us to delete it.
• Correction / rectification.Ask us to fix something that's wrong.
• Portability. Ask for a copy in a structured, machine-readable format.
• Objection / restriction. Object to or restrict certain processing.
• Opt out of “sale” or “sharing.” We don't sell or share personal information for cross-context behavioral advertising, but you have the right to opt out and we honor it by default.
• Withdraw consent. Where we rely on consent (the newsletter), you can withdraw it at any time without affecting prior processing.
• Non-discrimination.We won't treat you differently for exercising any of these rights.
• Complaint.If you're in the EEA, UK, or Switzerland, you can lodge a complaint with your local supervisory authority. In California or other US states with comparable rights, you may contact your state attorney general.

To exercise any of these, email info@gravexa.comwith enough context for us to verify you're the person whose data is involved. We respond within 30 days (or 45 days for California requests, extendable by another 45 with notice), and acknowledge California requests within 10 business days.

Security

We rely on widely accepted technical and organizational measures appropriate to the limited data we hold: encrypted transport for everything on the wire, strong authentication on the systems we administer, and access limited to the people who need it. No method is perfectly secure; if we learn of a personal-data breach affecting you, we'll act in line with applicable law, which generally means notifying you and the appropriate authority without undue delay.

Cookies and similar technologies

This site does not set cookies. We do not use third-party advertising or social-tracking pixels. If that ever changes, we'll update this policy, post a banner, and ask for consent where it's required.

Children

This site and our services are directed to businesses, not to children. We do not knowingly collect personal data from anyone under 16. If you believe we have, please contact us and we'll delete it.

Changes to this policy

We'll update this policy when our practices change. The “Last updated” date at the top reflects the most recent revision. For material changes, we'll post a notice on the site (and, for active newsletter subscribers, in the next newsletter) before the change takes effect.

Contact

Privacy questions and rights requests: info@gravexa.com.