Privacy Policy

When you use GROLLS, we collect the following types of information:

• Name and surname: To personalize your experience and fulfill orders
• Email address: For account management, order confirmations, and communication
• Contact details: Phone number (if provided) for delivery coordination and order updates
• Order and transaction details: Products ordered, quantities, payment information, and delivery preferences
• Delivery/collection preferences: Addresses, collection points, and scheduling information
• Authentication information: Account credentials when you sign up with email, or authentication tokens when using Google Sign-In

Google Sign-In specifics: When you choose to sign in with Google, we receive basic profile information including your name, email address, and a profile identifier. We never receive or store your Google password. Google Sign-In is an optional authentication method that you can choose instead of creating a password-protected account.

We use the information we collect to:

• Account management: Create and maintain your GROLLS account
• Process and fulfill orders: Handle your orders, payments, and deliveries
• Communicate about orders: Send order confirmations, delivery updates, and respond to your inquiries
• Improve products and services: Analyze usage patterns to enhance your experience
• Authentication: Verify your identity when you sign in using email/password or Google Sign-In via Supabase
• Comply with legal obligations: Meet legal requirements and respond to lawful requests

GROLLS offers Google Sign-In as a convenient way to access your account. Here's how it works:

• Google Sign-In is handled through Supabase, our authentication provider
• We request only basic scopes: your profile information (name) and email address
• Google Sign-In is completely optional — you can always create an account with email and password instead
• You can disconnect your Google account from GROLLS at any time through your account settings or by contacting us
• We do not have access to your Google password or any other Google account information beyond what you authorize

Your personal information is stored and managed through Supabase, a secure cloud platform that provides authentication and database services.

We implement reasonable security measures to protect your data, including:

• Encrypted data transmission (HTTPS)
• Secure authentication protocols
• Access controls limiting data access to authorized personnel only
• Regular security assessments and updates

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to maintaining industry-standard protections.

We respect your privacy and do not sell, rent, or trade your personal information to third parties for marketing purposes.

We may share your information only in the following circumstances:

• Service providers: With trusted third-party service providers who help us operate our website, process payments, manage deliveries, or provide customer support. These providers are contractually obligated to protect your information and use it only for the purposes we specify
• Legal requirements: When required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users
• Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, with notice provided if applicable

We use essential cookies and similar technologies to:

• Maintain your authentication session when you sign in
• Remember your preferences and settings
• Ensure the website functions correctly

We do not use advertising tracking cookies or third-party analytics that track your behavior across other websites without your explicit consent. Essential cookies are necessary for the website to function and cannot be disabled.

You have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information, subject to legal and operational requirements
• Withdraw consent: Withdraw your consent for certain data processing activities, where applicable
• Account deletion: Delete your GROLLS account at any time through your account settings or by contacting us

To exercise these rights, please contact us using the contact information provided at the end of this policy.

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

Specifically:

• Account information is retained while your account is active
• Order and transaction records are kept for accounting and legal compliance purposes
• When you delete your account, we will delete or anonymize your personal information, except where we are required to retain it for legal, tax, or regulatory purposes

If you request account deletion, we will process your request within a reasonable timeframe and confirm when your data has been removed.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

• Update the "Last updated" date at the top of this policy
• Notify you of significant changes via email or a notice on our website
• Provide you with an opportunity to review the updated policy before it takes effect, where required by law

Your continued use of GROLLS after changes to this policy constitutes acceptance of the updated terms.

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:

We will respond to your inquiry within a reasonable timeframe and in accordance with applicable data protection laws.