Legal
Privacy Policy
Groflex Technology Inc. — Last reviewed: March 2025
Note: The full legal privacy policy for Groflex Technology Inc. is maintained and kept current by Termageddon, a policy generation service that automatically updates policies when laws change. The complete, legally binding version is available on request and will be embedded here once the Termageddon integration is active. The framework below describes our data practices.
1. Who we are
Groflex Technology Inc. (“Groflex”, “we”, “our”, “us”) operates the website at groflex.ai and provides a governed execution platform for enterprise supply chains. We are headquartered in Canada and operate internationally. Questions about this policy can be directed to mundra.amit@groflex.ai.
2. Data we collect on this website
When you interact with groflex.ai, we may collect the following categories of data:
- →Contact information submitted via forms (name, work email, company, job title)
- →Company profile information (size, industry, number of sites)
- →Referral and attribution data (UTM parameters, referring source)
- →Session analytics data via Google Tag Manager (page views, scroll depth, event interactions)
- →Technical data (browser type, device type, IP address) collected automatically
We do not collect any operational supply chain data through this website. Operational data processed by the Groflex platform (when deployed for enterprise clients) is governed by separate data processing agreements and remains within the client’s environment.
3. How we use your data
Data collected through this website is used for the following purposes:
- →Responding to demo requests and scheduling sessions (legal basis: legitimate interest / contract performance)
- →Sending follow-up communications related to your request (legal basis: legitimate interest)
- →Improving website content and user experience (legal basis: legitimate interest)
- →Analytics to understand how visitors engage with our content (legal basis: legitimate interest)
4. Your rights under GDPR
If you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights with respect to your personal data:
Right of access
Request a copy of data we hold about you
Right to rectification
Request correction of inaccurate data
Right to erasure
Request deletion of your personal data
Right to restrict processing
Request we limit how we use your data
Right to data portability
Request your data in a portable format
Right to object
Object to processing based on legitimate interests
To exercise any of these rights, contact us at mundra.amit@groflex.ai. We will respond within 30 days.
5. Data retention
Contact form submissions and associated correspondence are retained for up to 3 years from the date of last interaction, or until you request deletion. Analytics data is retained in accordance with Google Analytics default settings (up to 14 months).
6. Third-party services
This website uses the following third-party services that may process data:
- →Google Tag Manager and Google Analytics — website analytics and event tracking
- →Vercel — website hosting and infrastructure
- →Resend / Postmark — transactional email delivery (when integrated)
7. Data Processing Agreement (DPA)
Enterprise customers requiring a Data Processing Agreement (DPA) for GDPR or other regulatory compliance purposes can request one by contacting mundra.amit@groflex.ai. A standard DPA is available and can be countersigned as part of the procurement process.
8. Changes to this policy
We may update this policy as our practices change or as applicable laws require. We will note the review date at the top of this page when updates are made. For material changes, we will notify enterprise clients via email.