Privacy Policy

Effective date: 1 March 2026

Grails (grails.design) is committed to protecting your privacy and being transparent about how we handle your data. This policy explains what information we collect, how we use it, and what rights you have.

1. Account Information

When you create an account, we collect your name, email address, and authentication credentials. If you sign in via Google or GitHub, we receive your profile information from those providers (name, email, and avatar).

2. Project Data

Synchronized design data, components, variables, styles, screens, flows, and related project data you create within Grails. This data is stored securely in our database and is scoped to your account — no other user can access it.

3. Usage Analytics

We use Vercel Analytics to collect anonymous usage data such as page views, referral sources, and device type. All data is collected anonymously to help us improve the platform. No personal data is shared with third parties for advertising purposes.

4. Figma Synchronization

When you use the Grails Figma plugin, we extract design data (tokens, components, screens) directly from your Figma files. This data is associated with your project, analyzed to find structural semantic diffs, and synced into your workspace.

5. How We Store Your Data

Account and project data is stored securely using Supabase (PostgreSQL). Authentication sessions are managed by Supabase Auth and stored in the same instance. All connections and data transfers use encrypted transport (HTTPS/TLS).

6. Cookies

Grails uses session cookies or local storage tokens to keep you signed in securely. We do not use advertising cookies, tracking cookies, or any other non-essential cookies across our platform.

7. Third-Party Services

We integrate with the following third-party services:

  • Stripe — processes subscription payments. Your payment card details are handled entirely by Stripe and never touch our servers. See Stripe's Privacy Policy.
  • Supabase — manages our PostgreSQL database and authentication.
  • Google / GitHub OAuth — if you choose to sign in with these providers, we receive your basic profile data. We do not request broader access rights.
  • Vercel Analytics — privacy-preserving web analytics.

8. Data Retention

We retain your account data and project data for as long as your account is active. If you delete your account, we will remove your personal data and project data within 30 days. Anonymous, aggregated analytics data (which cannot identify you) may be retained indefinitely.

9. Your Rights

You have the right to:

  • Access — request a copy of all personal data we hold about you.
  • Correction — ask us to correct any inaccurate information.
  • Deletion — ask us to delete your account and all associated data.
  • Export — download your project data at any time through the export feature.
  • Restriction — ask us to restrict processing of your data in certain circumstances.

To exercise any of these rights, email us at support [at] grails.design. We will respond within 30 days.

10. Children's Privacy

Grails is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete it promptly.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by posting a notice on the service or by email. Continued use of Grails after changes take effect constitutes your acceptance of the revised policy.

If you have questions about this privacy policy, please contact us at support [at] grails.design.