Service Agreements & Data Privacy

• Service Scope & General Terms
• Data Privacy Policy
• GDPR & International Compliance
• NDA & Custom Contracts
• Responsible Disclosure Policy

Service Scope & General Terms

Scope of Service

Each GrintOps service is provided on a subscription or project basis, with a clear definition of:

• Deliverables
• Duration & expiration
• Access methods (portal or API)

General Terms

• Services are delivered as-is based on the selected plan
• Upgrades/downgrades can be requested via the portal
• Communication primarily via portal or registered email

Service Availability

• Standard coverage is Mon–Fri (09:00–18:00 GMT+7)
• Emergency handling available for Enterprise tier

Data Privacy Policy

What Data We Collect

• Contact and company information
• Service usage logs (non-intrusive)
• Uploaded data (reports, configs, tickets)

How We Use the Data

• Service delivery & support
• Performance monitoring
• Communication related to services

Your Rights

• Request data deletion (except legal obligations)
• Request a copy of stored data (Enterprise only)
• Opt out of marketing communications

Data Storage

• All data stored in encrypted environments (EU/SG)
• Backed by our private VPS

Third-party Access

We do not share your data with third parties, except:

• Billing platforms (Paypal, Stripe, etc)
• Legal/government requests (with due process)

GDPR & International Compliance

GDPR Principles We Follow

• Data minimization
• Purpose limitation
• Transparency
• Security by design

Client Controls

• Ability to delete services and data via portal
• Data Export feature for Enterprise tier
• Consent-based data collection

Other Regulations

• HIPAA (for health-related services)
• ISO/IEC 27001-aligned practices (internal only)
• Data processing agreement (DPA) available on request

NDA & Custom Contracts

NDA Policy

• GrintOps uses a standard NDA template for all engagements
• Custom NDAs are accepted (pending legal review)
• NDA can be signed digitally (PDF or e-signature)

Custom Contracts

• Enterprise clients may submit their own contract drafts
• GrintOps provides templated contracts covering scope, SLA, billing, and termination
• All contracts are reviewed within 3–5 working days

Responsible Disclosure Policy

Reporting Security Issues

If you discover a vulnerability in any GrintOps service, platform, or open-source integration, please:

1. Email: support@grintops.com
2. Do not publicly disclose until resolved
3. Provide detail: affected service, reproduction steps

Recognition

• Valid reports may receive public acknowledgment or bounty
• Severity and impact determine response priority

Our Commitment

• We take security reports seriously and aim to respond within 2 business days