Privacy Policy

Last updated: May 22, 2026

This Privacy Policy explains how BLOCKWISE LTD (“Grapes”, “we”, “us”) collects, uses, and shares information when you use the Grapes AI platform and websites (the “Service”). We are committed to handling your information responsibly.

1. Information we collect

Information you provide

Account and contact details (such as name, email, and organization), waitlist sign-ups, and anything you submit when you communicate with us or configure the Service.

Connected-service data

When you connect a third-party account (for example Google Gmail, Drive, and Calendar; Meta WhatsApp and Instagram; or your CRM, billing, and support tools), we access and process data from those accounts within the scope of the permissions you grant, solely to provide the Service. You can revoke access at any time by disconnecting the integration.

Usage and device data

We collect information about how you interact with the Service, such as pages viewed, actions taken, browser and device type, and approximate location derived from your IP address.

Analytics and session replay

We use PostHog for product analytics, error tracking, and session replay (recordings of interactions with our web app) to understand usage and improve the Service. Session replay masks form inputs by default. You can limit this through your browser or cookie controls.

2. How we use information

  • provide, operate, secure, and improve the Service and its AI agents;
  • personalize and support your use of the Service;
  • communicate with you about updates, security, and support;
  • detect, prevent, and address fraud, abuse, and technical issues; and
  • comply with legal obligations and enforce our terms.

3. AI processing and model training

To run agents and features, your inputs, Customer Data, and connected-service data are processed by AI models, including third-party models we use to power the Service. We do not use your Customer Data or connected-service data to train our own general-purpose AI models, and the model providers we use process data we send them under their API terms to return results to us — not, per those terms, to train their general-purpose models. We may use aggregated or de-identified information that cannot reasonably identify you to evaluate and improve the Service.

4. Legal bases (where applicable)

Where the GDPR or similar laws apply, we process personal data on the bases of performance of a contract, our legitimate interests in operating and improving the Service, your consent (which you may withdraw), and compliance with legal obligations.

5. Our role and data processing agreements

For personal data about your account and your use of our website and the Service, Grapes acts as a controller. For Customer Data and connected-service data that we process on your behalf to operate the Service, Grapes acts as a processor (or service provider) acting on your instructions, and you are the controller. For business customers subject to data-protection laws, a data processing agreement (DPA) is available on request and governs that processing.

6. How we share information

We do not sell your personal data. We share information with:

  • Service providers / subprocessors who process data on our behalf, such as Google Cloud Platform (hosting and infrastructure) and PostHog (analytics);
  • AI model providers (such as Google and Anthropic) that process inputs and Customer Data to generate agent results, under their API terms;
  • Third-party APIs you connect, to read and write data as you direct (for example Google and Meta APIs);
  • authorities or others when required by law or to protect rights and safety; and
  • a successor entity in connection with a merger, acquisition, or asset sale.

7. Google user data and Limited Use

Grapes’ use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. We access Google user data only to provide user-facing features of the Service, do not use it for advertising, do not use it to train generalized AI models, and do not transfer or sell it to third parties except as necessary to provide the Service, comply with law, or as part of a merger or acquisition.

8. Cookies and tracking

We use cookies and similar technologies for authentication, preferences, and analytics. You can control cookies through your browser settings; disabling some cookies may affect how the Service works.

9. Data retention

We retain personal data for as long as needed to provide the Service and for legitimate business or legal purposes. When data is no longer needed, we delete or anonymize it. Connected-service data is removed when you disconnect an integration, subject to backups and legal requirements.

10. Security

We use technical and organizational measures designed to protect information, including encryption in transit and access controls. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

11. Your rights

Depending on your location, you may have the right to access, correct, delete, export, or restrict processing of your personal data, and to object or withdraw consent. To exercise these rights, contact us at yoni@tusksec.com. We will respond as required by applicable law. Where we process Customer Data as a processor on behalf of a business customer, we will refer your request to that customer.

12. Data deletion

You can ask us to delete your personal data, including any data we obtained from accounts you connected (such as Google, Meta/Facebook, Instagram, or WhatsApp). To request deletion, email yoni@tusksec.com from the address associated with your account (or include enough detail for us to identify you) and ask us to delete your data. We will process verified requests within 30 days, except where we must retain certain data to comply with law.

You can also revoke our access at any time by disconnecting the integration in the app, and, for Meta services, by removing the app from your Facebook or Instagram settings. Where we hold data only as a processor on behalf of a business customer, we will refer your request to that customer.

13. International transfers

We may process and store information in countries other than yours. Where required, we use appropriate safeguards (such as standard contractual clauses) for cross-border transfers.

14. Children’s privacy

The Service is not directed to children under 16, and we do not knowingly collect their personal data. If you believe a child has provided us data, contact us and we will delete it.

15. Changes to this Policy

We may update this Policy from time to time. We will post the updated version with a new effective date and, for material changes, take reasonable steps to notify you.

16. Contact

For privacy questions or requests, contact us at yoni@tusksec.com.