Gracy Privacy Policy Overview
We care deeply about your rights as a Gracy customer and we will always respect your trust. We've done our best to clearly lay out our policies here. If you see an opportunity for improvement, please let us know by emailing We're providing this Privacy Policy to explain our practices regarding the collection, use and disclosure of information that we receive from our Customer and individual Users (who we will refer to as "you," as applicable) when you access or use our web site and the Gracy service (which we collectively refer to as the "Service").Please note that, unless we define a term in this Privacy Policy, a capitalized term used in this Privacy Policy has the meaning defined in our Terms of Service. So, please make sure that you have read and understand our Terms of Service. You should also understand that this Privacy Policy only applies to our Service and not to any Third Party Service or other third party website, service or application you may use with our Service, which should have their own published policy.
Modification of this Privacy Policy
We may revise this Privacy Policy from time to time, as new features, technology, or legal requirements arise. You may always determine if this Privacy Policy has changed by checking the Effective Date at the top of this page. If we make a significant change, we’ll notify you and, where required, seek your consent. If we update this Privacy Policy, you are free to decide whether to accept the updated terms or to stop using the Service; your continued use of the Service after the effectiveness of that update will be deemed to represent your consent to the provisions in the updated Privacy Policy.
Collecting Information
Personal Information
When we refer to "personal information" in this Privacy Policy, we mean information that can be associated with a specific person and could be used to identify that specific person whether from that data alone or from that data in combination with other information that we have access to. We do not consider personal information to include information that has been made anonymous or aggregated so that it can no longer be used, whether in combination with other information or otherwise, to identify a specific person. The personal information we collect includes, but is not limited to, personal information of the kinds described below:
  1. information you provide when subscribing for the Service, including Customer Information such as email, phone number, name, account information, and etc;
  2. information you include in the employee feedback data including any group or individuals with whom you are associated in a Third Party Service;
  3. information you provide in connection with any customer support, product evaluation, dispute resolution and other communications with our Service and personnel; and
  4. information regarding the geographic location where your computing device is located when interacting with our Service.
Content from a Third Party Service
When you deploy the Gracy Service within a Third Party Service, you specifically authorize our Service to take certain actions, including collecting Customer Information (to the extent made available by such Third Party Service), and indexing and processing the Customer Data. Your Customer Data is reviewed automatically by our proprietary algorithms to enable you to configure how our Service will operate for you. No humans at Gracy will be involved in this process. For example, you may wish to measure employee satisfaction and employee sentiment, or analyze certain workflows, or obtain intelligence on your top performers. You may configure our Service to look for certain keywords and other indicators in the communications in the Third Party Service, which will provide you these insights. Your Administrator(s) may elect to obtain reports detailing these analyses, and share these with others. Our Service only stores Customer Data that are explicitly required to operate our Service, for you.
You may also configure our Service’s algorithms to monitor Customer Data for certain keywords in order to promote the exchange of employee feedback among Users. Our Service can spot communications containing positive feedback, and prompt Users to give “kudos” and other compliments to others. Our Service may also be used as a tool to provide constructive and anonymous feedback. Our Service will process this type of employee feedback data for use by the Customer, so that it may be distributed among Users or limited to Administrator – determined personnel.
Other Automatically Collected Information
We use cookies, tracking pixels and similar technologies in our Service to collect information that helps us provide our Service to you, and to learn how our Service is used.
Using Information
Personal Information
We use your personal information for the following purposes:
  1. to establish the Customer account with our Service, and to communicate with the Administrator and Users regarding the Customer account;
  2. to establish authorization for our Service to access the Third Party Service(s) that the Administrator requests;
  3. to operate, improve and personalize our Service for Users
  4. to provide you information regarding our Service and other services or products, or redeem promotional offers (consistent with your communications preferences), including sponsored gifts or rewards;
  5. to provide reports and other information in the Customer dashboard;
  6. to create User profiles; and
  7. to contact Administrators and Users to detect, prevent and mitigate fraudulent or illegal activities, investigate or inform about any security issues, enforce our Terms of Service with you or other applicable policies, and comply with our legal obligations.
Third Party Service Information
We process the information obtained from a Third Party Service in the manner directed by your Administrator(s) in order to provide the Service (e.g., to promote Users feedback, monitor User sentiment and provide insights to the Customer relating to its Users)
Our Service operates on computers owned and/or operated by Gracy and located in third-party data centers in the United States and, possibly in other countries in the future. These computers store all Users’ feedback and performance data collected in the manner required to perform according to the Administrator’s configuration of the Service (including any relevant Customer Data obtained from the Third Party Service(s)), all in an encrypted form using industry standard security.
We do not enable our personnel to access Customer Data obtained from a Third Party Service, or disclose such Customer Data to third parties, except in the following limited circumstances:
  1. you request assistance from us with respect to any relevant Customer Data obtained from a Third Party Service, in which event our customer support personnel will obtain your prior consent to our accessing the Customer Data on the Third Party Service (including anything stored on such Third Party Service in addition to the relevant content provided to you in your Users’ communications, to other Users or our Service);
  2. we believe our Terms of Service have been violated and confirmation is required, or we otherwise have an obligation to review the Customer Data in the Third Party Service;
  3. we believe it is necessary to protect the rights, property or personal safety of Gracy, its Customers or Users (including to protect against potential spam, malware or other security concerns); or in order to comply with our legal obligations, such as responding to warrants, court orders or other legal processes.
As part of the Service we may share aggregate, anonymous demographic information, survey results, market trends, and other analysis that we create based on the information we receive from you and other customers. Such information will never identify you, your organization, or your Users. We may also share information via the Service to the Third Party Service(s) you link to the Service. For example, if you use the Service to send a survey to your Users via Slack, we may share the results of that survey to your Users via Slack.
We vigilantly protect the privacy of your account and the Customer Data stored in our computer systems and, whenever we determine it appropriate, we provide you with notice if we believe we are compelled to comply with a third party’s request for information about your account.
Retaining Information
We retain Customer Information, Customer Data and the communications and analytics generated by use of our Service (collectively, the “Service Output”), as long as we believe it is necessary and relevant for the operation of our Service. Service Output is retained at a company and employee level. A Customer Administrator may request that Customer Information and/or Customer Data be deleted from our systems after the termination of a Customer’s subscription. (However, Customers should understand that Users may elect to export and retain their own feedback data.) Under certain circumstances we may retain Customer Information from terminated subscriptions. We do this to ensure that the Service is not interrupted and none of the Service Output is lost due to interrupted Service subscriptions or other unanticipated events. We may also retain Customer Information after a Customer subscription term ends to prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigation, enforce our Terms of Service, comply with applicable legal data retention obligations and take other actions permitted by law.
Information Choices & Access
Personal Information
The Administrator and Users choose what personal information we obtain, by providing us the Customer Information and establishing their personal user profiles in a Third Party Service, and each of them may choose to modify or limit such information. It is the Administrator’s responsibility to ensure the Customer Information is correct, and we may rely upon that information being current. You and each User consents to our using the then-current Customer Information and User address(es) to deliver notices and important messages.
Users may also elect to publish and share certain Service Output, such as accomplishments or achievements as part of their Gracy profile, among other Users of the Service, or more broadly. Gracy is not responsible for the actions of Users who choose to share this Service Output publicly or on their social networks.
Communication Preferences
We do not sell or rent your Customer Information to third parties for their marketing purposes without your explicit consent. We may contact you via email or within the Service with Service-related announcements that we think may be beneficial to you, and special offers. We also may contact you with information about products and services from our business partners. You may opt out of such communications at any time by following the opt-out instructions provided in such messages. You may not opt out of receiving what we consider to be essential Service-related messages, customer service responses or other communications relating to inappropriate use of the Service or requests from third-parties to access information in your account. We may deliver those messages using any of the Customer Information in our records. Please note that if you have agreed to receive marketing communications from any Third Party Service with which you are using Gracy, you must change your communication preferences with them directly.
We will honor any statutory right you might have to access, modify or erase your personal information. You can contact Gracy customer support at to request access. Where you have a legal right to request access or request the modification or erasure of information, we can still withhold that access or decline to correct information in some cases in accordance with applicable law, but will give you reasons if we do so.
Disclosing Information
We exist to provide a valuable service to you, and not to obtain Customer or User information to sell or rent to third parties. In addition to actions you elect to take to enable us to share your credentials with a Third Party Service to integrate Gracy with such Third Party Service, the circumstances in which we disclose information are limited to the following:
  1. we have the Administrator or User’s explicit consent to share the information;
  2. we need to share Customer Information or Customer Data or Service Output with service providers who process data on our behalf in order to operate and improve the features and functionality of the Service; process your payment transactions; fulfil your Service requests; and help us communicate with you as described elsewhere in this Privacy Policy; these providers are subject to strict data protection requirements;
  3. we believe it is necessary to investigate potential violations of our Terms of Service, to enforce the Terms of Service, or where we believe it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud or potential threats against persons, property or the systems on which we operate the Service;
  4. we determine that the access, preservation or disclosure of information is required or permitted by law to protect the rights, property or personal safety of Gracy or Users of the Service, or is required to comply with applicable laws, including compliance with warrants, court orders, subpoenas, legal process, or other lawful government requests (including in response to public authorities to meet national security or law enforcement requirements); or
  5. we do so in connection with the sale or reorganization of all or part of our business, as permitted by applicable law.

We try to minimize the amount of personal information we share to what is directly relevant and necessary to accomplish the specified purpose. As stated above, we do not disclose your Customer Information to third parties for their marketing purposes without your explicit consent.
While we use contractual and other measures to ensure protection of personal information, the laws and regulations relating to privacy and personal information protection in other legal jurisdictions may not be the same as, or similar to, your local privacy laws. The governments, courts, law enforcement or regulatory agencies in these other jurisdictions may be able to request disclosure of personal information through the laws of these countries. In an effort to respect your privacy, we will not otherwise disclose your personal information to law enforcement, other government officials, or other third parties without a subpoena, court order or substantially similar legal procedure, except when we believe in good faith that the disclosure of information is necessary to prevent imminent physical harm, financial loss or to report potentially illegal or fraudulent activity.
Securing Your Information
We are committed to protecting the security of your information and take reasonable precautions to protect it. We protect your information in our systems using technical and administrative security measures designed to reduce the risks of loss, misuse, unauthorized access, disclosure and alteration. Some of the safeguards we use are data encryption, physical access controls to our data centers, and information access authorization controls.
If we learn of a system breach, we may attempt to notify you and provide information on protective steps, if available, using the Customer Information that you have provided to us or by posting a notice on our web site and/or via our Service and other communication platforms. Depending on where you live, you may have a legal right to receive such notices in writing.
Service-Related Details
We also wish to share the following important privacy information related to your use of our Service:
Information from ChildrenWe do not knowingly collect personal information from children without parental consent. If we learn that we have inadvertently obtained information in violation of applicable laws prohibiting collection of information from children without such consent, we will promptly delete it.
Changes to Our Privacy Policies and PracticesWe will inform you of any changes we make to our privacy policies and practices that affect this notice by posting an updated notice on this page and/or by sending you a notice of the update. The date this notice was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting the Site and this notice to check for any changes.
Questions or Concerns
To ask questions or comment about this notice and our privacy policies and practices, please contact us

ⓒ 2022 Oxid LTD.