Privacy Policy

1. Who we are

grāmatr℠ is operated by gramatr, LLC, a Missouri limited liability company. "We," "us," and "our" refer to gramatr, LLC throughout this policy.

Contact: [email protected]
gramatr, LLC · 167 Lamp & Lantern Village, Suite 253, Chesterfield, MO 63017

2. What this policy covers

This policy covers gramatr.com and all grāmatr services — including the website, the platform (app.gramatr.com), the API, and client integrations across Claude, ChatGPT, Gemini, VS Code, Cursor, and other connected tools. Enterprise and team agreements may include additional data processing terms.

3. What we collect

Information you provide

• When you request early access or contact us: name, email address, company (if provided), role, intent (individual, team, enterprise, partner), and message content
• When you create an account: email, authentication credentials (hashed, never stored in plaintext)
• When you use the platform: knowledge graph entities, observations, decisions, preferences, behavioral rules, session handoffs, and any other content you submit

Information the platform generates

As you use grāmatr, the platform generates intelligence data to improve your experience:

• Classification records — when a request is pre-classified (effort level, intent type, skill match, memory tier, context needs, constraints, confidence), the classification decision is recorded
• Learning signals — feedback you provide on classification accuracy, output quality, and interaction effectiveness
• Learning patterns — sequential action patterns, entity clusters, and search refinement trends detected from your usage
• Learning reflections — algorithmic self-assessments generated at the end of complex tasks
• Session metadata — session start/end times, interaction IDs, project associations, and handoff summaries

All platform-generated data is scoped to your account by row-level security and encrypted at rest.

Information collected automatically (website)

• Standard server logs: IP address, user agent, pages visited, referring URL, timestamps
• Google Analytics 4 (measurement ID: G-6210ZW2CHV) — standard site analytics. GA4 uses its own cookies; see Google's cookie policy for details. GA4 data is subject to Google's privacy policy.
• NEXT90 measurement tag — page visit data and engagement behavior for site analytics. See the NEXT90 privacy policy for details on what the tag collects.

Analytics tags run only on production (gramatr.com). They do not run on preview deployments, staging, or localhost.

Cookies

We use essential cookies for session state and authentication. Google Analytics 4 sets its own cookies for site analytics. We do not use advertising cookies.

4. How we use it

• To operate the grāmatr platform — storing your knowledge graph, classifying your requests, routing intelligence, and learning from your feedback
• To review and respond to early-access applications
• To contact you about grāmatr product updates, access, and launch
• To operate, secure, and improve the website and platform
• To generate aggregated, de-identified usage metrics for platform improvement
• To comply with legal obligations

5. How the learning loop works

grāmatr improves through a closed feedback loop. Here is exactly what happens:

• When you send a request, the platform pre-classifies it across seven dimensions (effort, intent, skill match, memory tier, context, constraints, confidence)
• The classification decision is recorded as a classification record scoped to your account
• If you provide feedback (explicit rating, classification correction, or quality assessment), that feedback becomes a learning signal
• Over time, the platform detects patterns in your usage — sequential workflows, entity clusters, search refinements — and uses them to improve routing accuracy for you
• All of this data is isolated to your account by row-level security at the database level

In team plans, team administrators control what intelligence is shared across the team. In enterprise plans, a five-level governance hierarchy (system, enterprise, team, user, project) provides full administrative control over what data is visible at each level.

Opt out of model training. Individual and Team users may opt out of contributing to grāmatr's model training at any time via account settings. Enterprise users are opted out by default — enterprise interaction data never contributes to model training unless an enterprise administrator explicitly enables it.

6. Cross-platform data flow

grāmatr connects to AI tools you already use. When you use grāmatr with a third-party AI tool:

• What flows to the AI provider: The intelligence packet — a pre-classified, context-enriched briefing assembled from your knowledge graph. This packet is delivered to the AI tool as part of your prompt context.
• What stays in grāmatr: Your full knowledge graph, classification records, learning signals, patterns, session metadata, and behavioral rules. These never leave grāmatr's infrastructure.
• What the AI provider sees: The intelligence packet content only — the same way a system prompt works. Each AI provider processes this data according to their own terms and privacy policy.

You are responsible for ensuring your use of grāmatr with third-party AI tools complies with those providers' terms. We recommend reviewing the privacy policies of the AI tools you connect.

7. How we share it

We do not sell your personal information. We share information only with:

Vendor	What they do	Where
Cloudflare	Website hosting (Cloudflare Pages), CDN, DDoS protection	Global edge, US-based company
Google (GA4)	Website analytics	US/EU
NEXT90	Website measurement	US (self-hosted infrastructure)

Platform data (your knowledge graph, classification records, and learning signals) is stored on infrastructure operated by gramatr, LLC. We share data with third parties only when:

• Legal requirements — disclosure is required by law, court order, or to protect rights and safety
• Business transfers — in connection with a merger, acquisition, or sale of assets, with notice to affected users
• Your direction — when you connect a third-party AI tool, the intelligence packet is delivered to that provider as described in Section 6

8. How we protect it

• Encryption at rest — all platform data is encrypted at the storage level
• Row-level security — enforced at the PostgreSQL database level. Every query is scoped to your user ID via per-transaction session variables. This is architectural isolation, not application-level filtering.
• Encryption in transit — all connections use TLS
• API key security — API keys are SHA-256 hashed before storage. Raw keys are shown once at creation and never stored in plaintext.
• Access controls — access to customer data is limited to personnel with a business need

For a fuller picture of our security posture, see the Security page.

9. How long we keep it

Data type	Retention
Knowledge graph entities and observations	Until you delete them or close your account
Classification records	Until you delete them or close your account
Learning signals and patterns	Until you delete them or close your account
Session metadata	90 days, then automatically archived
Early-access applications	As long as needed to evaluate and communicate, deleted on request
Server logs	30 days
GA4 data	Per Google Analytics default retention (currently 14 months)

Upon account cancellation, all raw data — knowledge graph entities, observations, classification records, learning signals, and session metadata — is permanently deleted within 30 days of export confirmation. Aggregated model improvements (classification accuracy, pattern weights, fine-tuned parameters) derived from your data during your active subscription are retained as gramatr intellectual property and are not reversed upon deletion. Deletion is prospective: your data will not contribute to future training, but models already improved are not unwound.

10. Your rights

Everyone

• Export your data at any time
• Delete individual entities, observations, or your entire knowledge graph
• Request full account deletion

EU/UK residents (GDPR)

• Access — request a copy of your data
• Correction — fix inaccuracies
• Deletion ("right to be forgotten") — request deletion
• Portability — receive your data in a machine-readable format
• Restriction — limit how we process your data
• Objection — object to processing based on legitimate interests
• Withdraw consent — for anything processed based on consent

Our lawful bases for processing are: legitimate interests (operating the platform and evaluating applications), consent (where you provide it), contractual necessity (providing the service you subscribed to), and legal obligations.

You may lodge a complaint with your local supervisory authority.

California residents (CCPA/CPRA)

• Right to know what personal information we collect and the categories of sources
• Right to delete your personal information
• Right to correct inaccuracies
• Right to opt out of "sale" or "sharing" — we do not sell or share in the CCPA sense
• Right to non-discrimination for exercising these rights

To exercise any right: email [email protected]. We will respond within the timelines required by applicable law (30 days for GDPR, 45 days for CCPA).

11. International transfers

grāmatr is operated from the United States. If you access the platform from outside the U.S., your information will be transferred to, stored, and processed in the U.S. We rely on Standard Contractual Clauses (SCCs) with our sub-processors for EU/UK transfers.

12. Children

grāmatr is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact [email protected] and we will delete it.

13. Changes to this policy

We may update this policy as grāmatr evolves. When we do, we will update the "Last updated" date above. For material changes, we will provide notice via the platform or email. Continued use of the platform after changes constitutes acceptance.

14. Contact

Questions about this policy or your personal information: [email protected]

gramatr, LLC · Missouri, USA

Related: Terms of Service · Security