Privacy Policy
Last updated: June 9, 2026
What this policy covers
This is Greyhaven's privacy policy. We build Sovereign AI systems — opinionated, transparent, and secure by design. This policy covers the Greyhaven platform and related services.
Our principles
Greyhaven is built on three principles: Choice, Control, and Clarity.
- Choice: You own your data and choose where it lives.
- Control: You define what data AI can access, and can revoke that access at any time.
- Clarity: You can audit what data was accessed, by whom, and when.
How we store your data
Where your data lives depends on how Greyhaven is deployed:
- Greybox-Cloud (cloud-hosted): Data is stored in our cloud infrastructure on Digital Ocean (Toronto region). We do not own or operate backups at this time.
- Local-first (self-hosted): Data remains entirely on your infrastructure. You control storage, access, and deletion.
Information we collect
We collect the minimum to operate our platform:
- Account information (name, email)
- Usage and diagnostic data (error logs, performance metrics), only with your explicit consent.
We do not collect, store, or analyze the personal data you process through Greyhaven (emails, calendars, contacts, documents, messages). That data stays on your infrastructure.
How we use your information
- Provide and maintain our platform
- Respond to support requests
- Improve our services
With your consent: usage analytics to guide product development.
Data access
Local-first deployments:
- Your data never leaves your infrastructure.
- You have full, exclusive control over all access.
Greybox-Cloud deployments:
- Greyhaven staff (FDE team) may access your data only with your explicit authorization and approval.
- Greyhaven's DevOps team may access the infrastructure that hosts your data for maintenance and operational purposes.
- Access is logged and can be revoked at any time.
Sub-processors
We do not use sub-processors at this time.
Your rights
Under our principles of Choice, Control, and Clarity, you retain full authority over your data.
For everyone, you can:
- See what information we hold about you
- Correct any mistakes in your information
- Request deletion of your information
- Withdraw consent for optional data use
- Export a digital copy of your information
- File a complaint with privacy authorities
For California residents: You have additional rights under California law to know what personal information we collect, delete or correct it, limit how we use sensitive information, and be treated fairly when exercising these rights.
For European and UK residents: You may also object to how we use your information, request we limit data use, transfer your data to other services, and file complaints with your local privacy authority.
Support access
Greyhaven staff may access your environment for support purposes only with your explicit, revocable authorization. You can remove access at any time.
Security
We follow secure-by-design principles:
- Strict access controls
- Regular security reviews
How long we keep your information
We keep your information only as long as we need it for:
- Legal requirements
- Business purposes
- Solving any disputes
- Following our agreements with you
Changes to this policy
If we make important changes to this policy, we'll:
- Post updates on our website
- Let you know when you use our services
Get in touch
Have questions? We're here to help! Contact us at:
Greyhaven Labs Inc.1155 Rue Metcalfe, Suite 1500
Montreal, Quebec, H3B 2V6, Canada
Email: privacy@greyhaven.co
Legal compliance
This policy follows privacy laws in:
- Canada (PIPEDA)
- Quebec
- European Union (GDPR)
- United Kingdom (UK GDPR)
- California (CCPA/CPRA)
- Other applicable US and Canadian laws