Privacy Policy
Privacy policy
With effect from: 8 April 2026 (previous version)
Introduction
This notice applies across all websites that we own and operate and all services we provide, including our cloud-based video platforms available via grabyo.com and any other apps or services we may offer (for example, events or training). For the purpose of this notice, we’ll just call them our ‘services’.
This website is not intended for children and we do not knowingly collect data relating to children.
It is important that you read this notice together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.
When we say ‘personal data’ we mean identifiable information about you, like your name, email, address, telephone number, bank account details, payment information, support queries, community comments and so on. If you can’t be identified (for example, when personal data has been aggregated and anonymised) then this notice doesn’t apply. Check out our terms of use for more information on how we treat your other data.
This notice is provided in accordance with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and any other applicable data protection legislation.
We may need to update this notice from time to time. Where a change is significant, we’ll make sure we let you know – usually by sending you an email.
Any term in this notice will not apply to the extent it is incompatible with relevant applicable laws or regulations in the country or jurisdiction that applies to your personal data. Additional or different obligations and rights that may apply in a given country, state, or jurisdiction are set out at the end of this notice.
Who are ‘we’?
When we refer to ‘we’ (or ‘our’ or ‘us’), that means Grabyo Limited (company number 08606400) and all its wholly owned subsidiaries including Grabyo, Inc. (incorporated in Delaware, USA) and Grabyo Pte. Ltd. (incorporated in Singapore). Our headquarters are in the United Kingdom.
We provide easy-to-use cloud-based video platforms for enterprise clients.
Our principles of data protection
Our approach to data protection is built around four key principles. They’re at the heart of everything we do relating to personal data.
Transparency: We take a human approach to how we process personal data by being open, honest and transparent.
Enablement: We enable connections and efficient use of personal data to empower productivity and growth.
Security: We champion industry leading approaches to securing the personal data entrusted to us.
Stewardship: We accept the responsibility that comes with processing personal data.
How we collect your data
When you visit our websites or use our services, we collect personal data. The ways we collect it can be broadly categorised into the following:
Information you provide to us directly: When you visit or use some parts of our websites and/or services we might ask you to provide personal data to us. For example, we ask for your contact information when you sign up for a free trial, respond to a job application or an email offer, participate in community forums, join us on social media, take part in training and events, contact us with questions or request support. If you don’t want to provide us with personal data, you don’t have to, but it might mean you can’t use some parts of our websites or services.
We collect some information about you automatically when you visit our websites or use our services, like your IP address and device type. We also collect information when you navigate through our websites and services, including what pages you looked at and what links you clicked on. This information is useful for us as it helps us get a better understanding of how you’re using our websites and services so that we can continue to provide the best experience possible (eg. by personalising the content you see).
Some of this information is collected using cookies and similar tracking technologies. Please refer to sections “Cookies collected on our platform” and “Cookies collected on our website” below for more information.
The majority of information we collect, we collect directly from you. Sometimes we might collect personal data about you from other sources, such as publicly available materials or trusted third parties like our marketing and research partners. We use this information to supplement the personal data we already hold about you, in order to better inform, personalise and improve our services, and to validate the personal data you provide.
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
If we don’t collect your personal data, we may be unable to provide you with all our services, and some functions and features on our websites may not be available to you.
How we use your data
First and foremost, we use your personal data to operate our First and foremost, we use your personal data to operate our websites and provide you with any services you’ve requested, and to manage our relationship with you. We also use your personal data for other purposes, which may include the following:
To communicate with you. This may include:
- providing you with information you’ve requested from us (like training or education materials) or information we are required to send to you
- operational communications, like changes to our websites and services, security updates, or assistance with using our websites and services
- marketing communications (about Grabyo or another product or service we think you might be interested in) in accordance with your marketing preferences
- asking you for feedback or to take part in any research we are conducting (which we may engage a third party to assist with).
To support you: This may include assisting with the resolution of technical support issues or other issues relating to the websites or services, whether by email, in-app support or otherwise.
To enhance our websites and services and develop new ones: For example, by tracking and monitoring your use of websites and services so we can keep improving, or by carrying out technical analysis of our websites and services so that we can optimise your user experience and provide you with more efficient tools.
To protect: So that we can detect and prevent any fraudulent or malicious activity, and make sure that everyone is using our websites and services fairly and in accordance with our terms of use.
To market to you: In addition to sending you marketing communications, we may also use your personal data to display targeted advertising to you online – through our own websites and services or through third party websites and their platforms.
To analyse, aggregate and report: We may use the personal data we collect about you and other users of our websites and services (whether obtained directly or from third parties) to produce aggregated and anonymised analytics and reports, which we may share publicly or with third parties.
How we can share your data
There will be times when we need to share your personal data with third parties. We will only disclose your personal data to:
- other companies in the Grabyo group of companies
- third party service providers and partners who assist and enable
- other companies in the Grabyo group of companies
- third party service providers and partners who assist and enable us to use the personal data to, for example, support delivery of or provide functionality on the website or services, or to market or promote our goods and services to you. The categories of recipients include technology companies providing hosting services, document management, support, development and communication tools, located in the EU as well as the US, Australia and New Zealand.
- regulators, law enforcement bodies, government agencies, courts or other third parties where we think it’s necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure
- an actual or potential buyer (and its agents and advisers) in connection with an actual or proposed purchase, merger or acquisition of any part of our business
- other people where we have your consent.
International Data Transfers
When we share data, it may be transferred to, and processed in, countries other than the country you live in. These countries may have laws different to what you’re used to. Rest assured, where we disclose personal data to a third party in another country, we put safeguards in place to ensure your personal data remains protected.
For further information, please contact us using the details set out in the Contact Us section.
Security
Security is a priority for us when it comes to your personal data. We’re committed to protecting your personal data and have appropriate technical and organisational measures in place to make sure that happens.
Use of Artificial Intelligence
Grabyo may utilize artificial intelligence (AI) technologies to enhance our services and improve user experience. We are committed to protecting customer data when using AI systems. Grabyo does not use customer-provided data to train AI models or services that we provide. When we engage third-party AI models and services, we conduct thorough evaluations to ensure that customer data is not used for training purposes by these external providers. In cases where fine-tuning AI models could significantly improve the customer experience with our services, we will seek explicit customer consent before using customer data for this purpose.
Retention
The length of time we keep your personal data depends on what it is and whether we have an ongoing business need to retain it (for example, to provide you with a service you’ve requested or to comply with applicable legal, tax or accounting requirements).
We’ll retain your personal data for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. Following that period, we’ll make sure it’s deleted or anonymised.
Cookies collected on our platform
We use so-called “technical” cookies and other similar trackers to carry out activities that are strictly necessary for the operation or delivery of our service. These are essential in order to enable you to move around the platform and use its features, such as accessing secure areas of the platform. Tracker and usage data cookies are collected by the following companies:
- Grabyo Limited – Place of processing: United Kingdom
- Google Ireland Limited – Place of processing: Ireland
- Heap, Inc – Place of processing: USA
- Intercom, Inc – Place of processing: USA
Cookies collected on our website
We collect cookies and other similar trackers on our website. Please refer to our Website Cookies Policy for more information on what type of information is collected, and how to opt out.
How to contact us
We’re always keen to hear from you. If you’re curious about what personal data we hold about you or you have a question or feedback for us on this notice, our websites or services, please get in touch.
As a technology company, we prefer to communicate with you by email – this ensures that you’re put in contact with the right person, in the right location, and in accordance with any regulatory time frames.
Our email is privacy@grabyo.com.
If you are located in the European Union or EEA, you may also contact our Data Protection Representative, DataRep, using the details provided in the Data Protection Representative section below.
Country or state specific provisions
UK and European Economic Area
Data protection representative
Grabyo Limited, which processes the personal data of individuals in the European Union and European Economic Area, in either the role of ‘data controller’ or ‘data processor’, has appointed Data Protection Representative Limited (trading as DataRep) as its Data Protection Representative for the purposes of the EU General Data Protection Regulation (EU 2016/679) in the EU/EEA, in accordance with Article 27 of the GDPR.
DataRep’s role is strictly limited to serving as a point of contact for data subjects and supervisory authorities on matters relating to the processing of personal data. DataRep is not responsible for Grabyo Limited’s data protection compliance or for any processing of personal data carried out by Grabyo Limited.
If Grabyo Limited has processed or is processing your personal data, you may be entitled to exercise your rights under the GDPR in respect of that personal data. For more details on the rights you have in respect of your personal data, please refer to the European Commission (https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en) or the national Data Protection Authority in your country.
If you are located in the EU/EEA and want to raise a question to Grabyo Limited, or otherwise exercise your rights in respect of your personal data, you may contact DataRep in the following ways:
- By email: datarequest@datarep.com (quoting “Grabyo Limited” in the subject line)
- Online: www.datarep.com/data-request
- By mail: at the most convenient address from the table below
Important: When mailing inquiries, please ensure that you address your letters to “DataRep” and not to “Grabyo Limited”, or your inquiry may not reach us. Please refer clearly to Grabyo Limited in your correspondence. On receiving your correspondence, Grabyo Limited is likely to request evidence of your identity, to ensure your personal data and information connected with it is not provided to anyone other than you.
DataRep has locations in each of the 27 EU countries and Norway and Iceland in the European Economic Area (EEA), so that you can contact them directly in your home country:
| Country | Address |
|---|---|
| Austria | DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria |
| Belgium | DataRep, Rue des Colonies 11, Brussels, 1000 |
| Bulgaria | DataRep, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria |
| Croatia | DataRep, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia |
| Cyprus | DataRep, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus |
| Czech Republic | DataRep, Platan Office, 28. Října 205/45, Floor 3&4, Ostrava, 70200, Czech Republic |
| Denmark | DataRep, Lautruphøj 1-3, Ballerup, 2750, Denmark |
| Estonia | DataRep, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia |
| Finland | DataRep, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland |
| France | DataRep, 72 rue de Lessard, Rouen, 76100, France |
| Germany | DataRep, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany |
| Greece | DataRep, Ippodamias Sq. 8, 4th floor, Piraeus, Attica, Greece |
| Hungary | DataRep, President Centre, Kálmán Imre utca 1, Budapest, 1054, Hungary |
| Iceland | DataRep, Laugavegur 13, 101 Reykjavik, Iceland |
| Ireland | DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland |
| Italy | DataRep, Viale Giorgio Ribotta 11, Piano 1, Rome, Lazio, 00144, Italy |
| Latvia | DataRep, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia |
| Liechtenstein | DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria |
| Lithuania | DataRep, 44A Gedimino Avenue, 01110 Vilnius, Lithuania |
| Luxembourg | DataRep, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg |
| Malta | DataRep, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta |
| Netherlands | DataRep, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands |
| Norway | DataRep, C.J. Hambros Plass 2c, Oslo, 0164, Norway |
| Poland | DataRep, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland |
| Portugal | DataRep, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal |
| Romania | DataRep, 15 Piața Charles de Gaulle, nr. 1-T, București, Sectorul 1, 011857, Romania |
| Slovakia | DataRep, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia |
| Slovenia | DataRep, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia |
| Spain | DataRep, Calle de Manzanares 4, Madrid, 28005, Spain |
| Sweden | DataRep, S:t Johannesgatan 2, 4th floor, Malmo, SE – 211 46, Sweden |
If you have any concerns over how DataRep will handle the personal data they will require to undertake our services, please refer to their privacy notice at www.datarep.com/privacy-policy.
Retention
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us.
In some circumstances you can ask us to delete your data: see Your rights below for further information.
Your rights
It’s your personal data and you have certain rights relating to it. When it comes to marketing communications, you can ask us not to send you these at any time – just follow the unsubscribe instructions contained in the marketing communication, or send your request to privacy@grabyo.com.
You also have rights to:
- know what personal data we hold about you, and to make sure it’s correct and up to date
- request a copy of your personal data, or ask us to restrict processing your personal data or delete it
- object to our continued processing of your personal data
- request transfer of your personal datain a structured, commonly used, and machine-readable format (the right to data portability)
- withdraw consent at any time, where we are relying on your consent to process your personal data. Withdrawing your consent does not affect the lawfulness of any processing we carried out before your withdrawal
You can exercise these rights at any time by sending an email to privacy@grabyo.com.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
If you’re not happy with how we are processing your personal data, please let us know by sending an email to privacy@grabyo.com. We will review and investigate your complaint, and try to get back to you within a reasonable time frame. You can also complain to your local data protection authority. As Grabyo Limited is headquartered in the United Kingdom, our lead supervisory authority is the Information Commissioner’s Office (ICO). You can contact the ICO at https://ico.org.uk or by calling 0303 123 1113.
International Data Transfers
For individuals in the UK or European Economic Area (EEA), your personal data may be transferred outside of these jurisdictions. In such cases your data will only be transferred to countries that have been identified as providing adequate protection for UK or EEA data, or to a third party where we have approved transfer mechanisms in place to protect your personal data – for example by entering into standard contractual clauses adopted and/or approved by the European Commission or UK Information Commissioner’s Office for such purpose, adopting any supplementary measures as may be required under applicable data protection laws. For further information, please contact us using the details set out in the Contact us section.
Lawful basis of processing
Where we collect personal data, we’ll only process it where we collect personal data, we’ll only process it where we have a valid legal basis to do so. The table below sets out the purposes for which we process your personal data and the legal basis we rely on for each.
| Purpose | Description | Legal basis |
|---|---|---|
| Providing our services | Operating our cloud video platforms, managing your account, and delivering the services you’ve requested | Contract |
| Technical support | Assisting with technical support issues or other issues relating to the websites or services | Contract |
| Operational communications | Sending you service updates, security alerts, and other operational messages necessary for the services to function | Contract |
| Service improvement and development | Tracking and monitoring usage of our websites and services to improve them, and carrying out technical analysis to optimise your experience | Legitimate interests |
| Security and fraud prevention | Detecting and preventing fraudulent or malicious activity, and ensuring fair use of our services in accordance with our terms of use | Legitimate interests |
| Marketing to existing customers | Sending marketing communications about Grabyo or related products and services to individuals who already have a relationship with us | Legitimate interests |
| Marketing to prospective customers | Sending marketing communications to individuals who do not have an existing relationship with us, and placing non-essential cookies or similar tracking technologies | Consent |
| Targeted advertising | Displaying targeted advertising to you online, through our own websites and services or through third party websites and platforms | Legitimate interests |
| Analytics and reporting | Producing aggregated and anonymised analytics and reports, which we may share publicly or with third parties | Legitimate interests |
| Research and feedback | Asking you for feedback or to take part in research we are conducting (which we may engage a third party to assist with) | Legitimate interests |
| Legal and regulatory compliance | Complying with applicable laws and regulations, responding to law enforcement requests, and meeting tax and accounting obligations | Legal obligation |
Where we rely on legitimate interests as our legal basis, we have assessed that our interests are not overridden by the impact on your rights and freedoms. You have the right to object to processing based on legitimate interests – see the Your rights section above for details.
State of California
When we are acting as a “business,” as that term is defined in the California Consumer Privacy Act of 2018 (“CCPA”) (as opposed to when we are acting as a “Service Provider,” as defined in CCPA, when we are providing our services), please see our California Privacy Notice for information about how we collect, use, disclose, and otherwise process personal information of individual residents of the State of California within the scope of the CCPA, at Annex B of our Terms of Service.
Canada
Canadian residents may have additional rights under Canadian law. Please see the information provided by the Office of the Privacy Commissioner of Canada for additional details.
You, and we, confirm that it is our wish that this Privacy Policy and all other related policies be drawn up in English. Vous reconnaissent avoir exigé la rédaction en anglais du présent document ainsi que tous les documents qui s’y rattachent.