Privacy Policy

Effective date: 1 January 2026 · Last updated: 1 January 2026 · Version 1.0

This Privacy Policy describes how Grevon® Australia Pty Ltd ("Grevon", "we", "us", or "our") collects, uses, discloses, and safeguards information when you use our platform, website, and related services. Please read this policy carefully. If you do not agree with its terms, please discontinue use of our services.

1. Who We Are

Grevon® Australia Pty Ltd is an AI infrastructure company headquartered in Australia. We provide AI-powered connectivity and booking solutions to hospitality operators, property management system providers, and marketing agencies. Our registered address is available upon request by contacting privacy@grevon.ai.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly when you create an account, subscribe to our platform, contact our support team, or otherwise interact with us. This includes:

Name, email address, phone number, and job title
Company name, billing address, and payment information
Property details, PMS credentials (stored encrypted), and integration configuration
Support enquiries, feedback, and communications

2.2 Information Collected Automatically

When you use our platform or visit our website, we automatically collect certain technical information, including:

IP address, browser type, operating system, and device identifiers
Pages visited, features used, and session duration
API call logs, integration events, and system performance data
Cookies and similar tracking technologies (see Section 7)

2.3 Guest Data (Property Operators)

Through our platform, property operators may transmit guest booking data to Grevon for the purpose of enabling AI-powered booking and search optimisation. This data is processed strictly as a data processor on behalf of the operator. Operators are responsible for ensuring appropriate consent and legal bases for sharing guest data with Grevon, in accordance with our Data Processing Agreement.

2.4 Data From Third Parties

We may receive information about you from third-party services such as your property management system, channel manager, or CRS when you authorise such integrations. We handle this data in accordance with this policy and applicable data processing agreements.

3. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve the Grevon platform and its features
Process bookings, payments, and account transactions
Send service communications, security alerts, and product updates
Respond to support requests and provide technical assistance
Conduct analytics to improve platform performance and user experience
Comply with legal obligations and enforce our Terms of Service
Detect, investigate, and prevent fraudulent or unauthorised activities

We do not sell your personal information to third parties, and we do not use guest booking data for any purpose other than providing the services instructed by the operator.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) or United Kingdom, we process personal data under the following legal bases:

Contract performance: Processing necessary to deliver the services you have subscribed to.
Legitimate interests: Fraud prevention, security, analytics, and platform improvement.
Legal obligation: Compliance with applicable laws and regulations.
Consent: Where you have provided explicit consent, such as for marketing communications.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share information in the following limited circumstances:

Service providers: Trusted third-party vendors who assist in delivering our services (cloud infrastructure, payment processors, analytics tools), all bound by confidentiality obligations.
AI platforms: Anonymised or operator-authorised property data is shared with AI search platforms (such as large language model providers) only to the extent necessary to enable discoverability, in accordance with operator configuration.
Legal requirements: When required by law, regulation, court order, or government authority.
Business transfers: In connection with a merger, acquisition, or sale of assets, with appropriate confidentiality protections.
With your consent: In any other circumstances where you have given explicit permission.

6. International Data Transfers

Grevon operates globally and your data may be transferred to, stored, and processed in countries outside your own, including Australia, the United States, the United Kingdom, and the European Union. Where transfers occur from the EEA or UK, we implement appropriate safeguards including Standard Contractual Clauses (SCCs) as approved by the European Commission, and UK International Data Transfer Agreements where applicable.

7. Cookies and Tracking

Our website uses cookies and similar technologies to enhance your experience, analyse usage, and support our security infrastructure. Essential cookies are required for the platform to function and cannot be disabled. Optional analytics and preference cookies can be managed via our cookie preferences tool, accessible in the footer of our website.

8. Data Retention

We retain personal data for as long as necessary to fulfil the purposes described in this policy, or as required by law. Account data is retained for the duration of your subscription plus a reasonable period thereafter for audit and legal compliance purposes. Guest booking data processed on behalf of operators is retained per the terms of the applicable Data Processing Agreement. You may request deletion of your personal data subject to legal retention obligations by contacting us at privacy@grevon.ai.

9. Your Rights

Depending on your location, you may have the following rights with respect to your personal data:

Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate or incomplete data.
Deletion: Request deletion of your personal data, subject to legal obligations.
Restriction: Request restriction of processing in certain circumstances.
Portability: Request transfer of your data to another provider in a structured, machine-readable format.
Objection: Object to processing based on legitimate interests.
Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact our Privacy Team at privacy@grevon.ai. We will respond within 30 days in compliance with applicable law. You also have the right to lodge a complaint with your local data protection authority.

10. Security

We implement industry-standard technical and organisational measures to protect your data, including AES-256 encryption at rest, TLS 1.3 in transit, role-based access controls, regular penetration testing, and SOC 2 compliance. However, no system is entirely secure, and we cannot guarantee absolute security. We maintain an incident response plan and will notify you of any data breach affecting your personal data as required by applicable law.

11. Children's Privacy

Our platform and services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us immediately at privacy@grevon.ai.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email and/or by posting a notice on our platform dashboard with at least 30 days' notice before the change takes effect. Your continued use of the platform after the effective date constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related enquiries, requests, or complaints, please contact:

Grevon Privacy Team
Grevon® Australia Pty Ltd
Email: privacy@grevon.ai