Gryphin Logo
Gryphin
Legal

Privacy Policy

Your privacy matters to us. Here's how we protect it.

Last updated: April 16, 2026

Privacy at a Glance

  • • We collect only what's necessary to provide our services
  • • We never sell your personal data to third parties
  • • You can export or delete your data at any time
  • • We use industry-standard encryption to protect your information

Beta Services Notice

Gryphin is currently offered as a beta service. While we protect your data with the same safeguards described in this policy, please be aware that during the beta period:

  • Features, data models, and integrations may change, be reset, or be removed without notice.
  • We may contact you for product feedback, usability studies, or beta-related announcements.
  • Usage telemetry is collected more actively to help us identify bugs and improve the product.
  • We recommend keeping your own backups of critical content until the service reaches general availability.

1. Introduction

Laika Dynamics Ltd ("Gryphin," "we," "us," or "our"), a company registered in New Zealand, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, applications, and services (collectively, the "Services").

Please read this Privacy Policy carefully. By using our Services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us, including:

Account Information

Name, email address, password, and profile picture

Payment Information

Billing address and payment method, tokenised and processed by Stripe

Content

Boards, cards, comments, attachments, and other content you create

Communications

Messages you send to us or other users

Waitlist & Beta Signups

Email address and any optional details you submit to join the waitlist or beta programme

Integration Data

Information you authorise us to access through connected services (e.g. Google Calendar, Google Drive)

2.2 Information Collected Automatically

When you use our Services, we automatically collect:

Device Information

Browser type, operating system, device identifiers

Usage Data

Pages visited, features used, time spent on the Services

Log Data

IP address, access times, referring URLs

Cookies

Small files stored on your device (see Cookie Policy)

Push Tokens

Device push notification tokens if you install our mobile app and opt in to notifications

Product Analytics

Anonymised event data captured via PostHog to understand feature usage

2.3 AI-Powered Features

Some Gryphin features (such as task breakdown, summarisation, and AI chat) are powered by third-party large language model providers, including OpenAI and OpenRouter.

When you use these features, the content of your prompts — which may include card titles, descriptions, comments, or other information you choose to submit — is transmitted to those providers solely to generate a response.

We select providers whose API terms prohibit using your content to train their models. We do not send your data to AI providers unless you actively use an AI feature.

3. How We Use Your Information

We use the information we collect to:

🛠️Provide, maintain, and improve our Services
💳Process transactions and send related information
📧Send technical notices, updates, and support messages
💬Respond to your comments, questions, and requests
📊Monitor and analyze trends, usage, and activities
🔒Detect, investigate, and prevent security incidents
Personalize and improve your experience
📢Send promotional communications (with your consent)

4. Information Sharing

We may share your information in the following circumstances:

With Your Consent

When you explicitly authorize us to share your information with third parties.

Team Members

With other members of your workspace who need access to collaborate.

Service Providers

With vendors who help us operate our Services (hosting, analytics, support).

Legal Requirements

When required by law or to protect our rights, privacy, safety, or property.

Business Transfers

In connection with a merger, acquisition, or sale of all or part of our assets.

🚫 We never sell your personal information to advertisers or data brokers.

4.1 Sub-Processors

We use the following third-party service providers to operate our Services:

Supabase

Database, authentication, file storage, and real-time services

Vercel

Application hosting, edge delivery, and analytics

Cloudflare

CDN, edge workers, security, and DDoS protection

Stripe

Payment processing and subscription management

Resend

Transactional email delivery

OpenAI

AI model provider for certain AI-powered features

OpenRouter

AI model routing for task breakdown, chat, and suggestions

Google (Workspace APIs)

Optional Calendar and Drive integrations (only when you connect them)

PostHog

Product analytics and feature usage insights

Sentry

Error monitoring and performance tracking

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

🔐

Encryption

AES-256 encryption at rest and TLS 1.3 in transit

🛡️

Access Controls

Row-level security, role-based access, and optional multi-factor authentication

🔍

Monitoring

Continuous error and access monitoring, with ongoing security reviews

6. Data Retention

We retain your information for as long as your account is active or as needed to provide you Services. We will also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Account Deletion: When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal purposes.

7. International Data Transfers

Gryphin is operated from New Zealand, but several of our sub-processors are based in, or operate infrastructure in, other countries including the United States, the European Union, the United Kingdom, and Australia. By using the Services, you acknowledge that your personal information may be transferred to and processed in those jurisdictions.

Where we disclose personal information overseas, we take reasonable steps to ensure it is protected in a manner comparable to the New Zealand Privacy Act 2020 — for example, by relying on providers that offer contractual data-protection commitments, recognised certifications, or equivalent safeguards such as Standard Contractual Clauses.

8. Children's Privacy

Gryphin is not directed to children under the age of 16, and we do not knowingly collect personal information from anyone under that age. If you believe a child has provided us with personal information, please contact us at legal@gryphin.app and we will take steps to delete it.

9. Your Rights

Depending on your location, you may have the following rights:

Access

Request a copy of the personal data we hold about you

Correction

Request correction of inaccurate or incomplete data

Deletion

Request deletion of your personal information

Portability

Receive your data in a structured, machine-readable format

Objection

Object to certain types of data processing

Withdraw Consent

Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at support@gryphin.app. We will respond to your request within 20 working days, as required under the New Zealand Privacy Act 2020.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us:

Laika Dynamics Ltd

114 Kennedy Road, Marewa

Napier 4110

New Zealand

Get in Touch

support@gryphin.app

For data protection inquiries, contact us at legal@gryphin.app

Terms of Service|Cookie Policy|Security