We understand that data protection is important to you. As a provider of software to professionals — including banks, consultancies and other businesses that routinely work with sensitive and private data — we take data protection very seriously. We only transfer the minimum amount of data we need in order to diagnose and resolve problems and improve our software. We are strongly committed to enforcing a data policy that, without exception, removes sensitive data from messages that are sent to our servers. This Data Policy describes how we handle data in connection with our SOFTWARE PRODUCT (as defined in our Terms and Conditions).
When collecting data, we look at what actions you perform, never what you’re working on. As important as the information we do gather, is the information we do not gather. In particular, we do not gather information that could reveal to us the information or data inside your presentations and spreadsheets, including file names, file paths, text, numbers, data, external data sources etc. To the extent that any information about what you are doing is gathered through our usage tracking systems, it is strictly limited to which actions you perform and how often you do so. As an example, if you connect to an Excel workbook, we may be informed that such an action has been performed, but we will not be told the name of the workbook, the path to it, nor its contents.
When you use Grunt, we need to send a minimum amount of data to validate your license. We do so by sending a fingerprint to identify your computer, and we correlate that with the email address you're using as a license key.
Our metrics tracking system is concerned with actions you perform. This system is necessary to inform us of which features our users utilize. When you perform an action, a message with an identifier associated with that action is sent to our servers. Not all actions will trigger such an event. The identifier is global, in the sense that it is the same for all users. In fact, the identifier is the only thing sent to our servers during metrics tracking in regard to the action you performed. No other data regarding the action is sent. Metrics tracking occurs in the background, and you will not be notified.
From time to time we are notified about unexpected errors. Such unexpected errors are how bugs often will present themselves in software. You may not notice it when it happens, but when such an error occurs, an associated message may be sent to us for purposes of diagnosis and improvement. Such messages are sanitized before leaving your computer, i.e. any raw strings that are present will be removed. Such removed strings might include data, file paths, file names. In other words, sensitive data will not be forwarded to our servers as part of the error message.
To help make your Grunt work easier, Grunt offers certain functionality powered by AI / LLMs:
Grunt does not store any of your personal data, queries, or input data sent through the feature entry points (e.g., clipboard data, Visual Grid data). Grunt also does not use any of your data for training or improving our LLM-based systems.
We anonymize email addresses through a hashing mechanism such that we can cap AI feature usage if a user(s) exceeds their daily amount, as determined per the Grunt plan. We also store anonymized metrics regarding the number of times AI (sub-)features are used to determine the efficacy and popularity of our AI features, under the same metrics tracking policy as detailed above.
Grunt does not pass on user data (e.g., email address, name) to the LLM providers, but user queries and input data (e.g., from clipboard, in the VG) are sent and processed according to our LLM providers’ data policies. User queries and input data sent are processed according to our LLM providers’ data policies. None of our LLM providers train their models on user inputs.
Grunt currently uses OpenAI as our LLM provider. See OpenAI’s terms and conditions, enterprise policy, data controls, and Trust Center