graipe.ai

Privacy Policy

Last updated: 28 May 2026

1. Overview

This policy explains what data graipe.ai (operated by DTRAS-G Solutions Private Limited) collects, why, and how we protect it. We collect the minimum needed to run the service.

2. Data we collect

  • Account data — name, email, and avatar from your Google sign-in (via Supabase Auth).
  • Billing data — handled by our payment processors (Razorpay, Stripe). We store payment status, amounts, and processor references — never your full card details.
  • Manuscript content — the documents you upload for formatting, and the packages we generate.
  • Usage data — format-run records, credit ledger entries, and basic operational logs.

3. How we use it

  • To format your manuscripts and assemble submission packages.
  • To meter credits, process payments, and prevent abuse.
  • To provide support and send transactional emails (receipts, account notices).
  • To diagnose errors and improve reliability (via aggregated, scrubbed logs).

4. AI processing

Formatting uses large-language-model assistance for tasks such as cover-letter drafting and word-limit compression. On the MCP surface in Bring-Your-Own-LLM mode, this runs on your connected model (e.g. your Claude subscription) and your manuscript text is processed by your provider under their terms. On the web surface, we route the minimum necessary text to our model provider solely to perform the requested task; we do not use your manuscripts to train models.

5. Retention

Account, billing, and format-run records are retained while your account is active and as required for tax and audit compliance. Uploaded manuscript files are retained only as long as needed to deliver and re-download your package; you may request deletion at any time.

6. Sharing

We share data only with the processors that run the service: Supabase (auth + database), our hosting providers (Railway, Vercel), payment rails (Razorpay, Stripe), our email provider, and error-tracking (Sentry, with auth tokens and cookies scrubbed). We do not sell your data.

7. Security

Data is encrypted in transit (TLS). Access is restricted, API keys are stored as salted hashes, and payment webhooks are signature-verified. No system is perfectly secure, but we apply current best practices and review them regularly.

8. Your rights

You may access, correct, export, or delete your personal data. To exercise these rights — including account deletion — email bd@thegraipe.com. Depending on your jurisdiction (e.g. GDPR, India's DPDP Act), additional rights may apply; we honour them.

9. Contact

Data controller: DTRAS-G Solutions Private Limited. Contact: bd@thegraipe.com.