1. Introduction & Scope
GraniteMind AI ("we", "us", or "our") operates as an AI-powered web and mobile application development agency based in Harare, Zimbabwe. This Privacy Policy applies to:
- The GraniteMind AI agency website at granitemind.ai
- All client websites and web applications built and hosted by GraniteMind AI
- All mobile applications developed and maintained by GraniteMind AI
- Our client portal, project management tools, and communication channels
- Any interactions with GraniteMind AI via WhatsApp, email, or social media
This policy governs how we collect, use, store, protect, and share personal information from:
- Prospective clients who contact us or submit enquiries
- Paying clients whose projects we build and maintain
- End-users of the websites and applications we develop for our clients
- Visitors to any website or app hosted on our infrastructure
By using any GraniteMind AI product or service, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use and contact us to arrange data deletion.
2. Data Controller Information
The data controller responsible for your personal information is GraniteMind AI, an AI-powered web and app development agency:
- Address: Harare, Zimbabwe
- Email: privacy@granitemind.ai
- Website: granitemind.ai
- WhatsApp: +263 78 943 7015
For all privacy-related requests, questions, or complaints, please contact us at the email above. We aim to respond within 5 business days.
3. Information We Collect
3.1 Information You Provide Directly
When you engage our services or interact with any GraniteMind AI platform, we may collect:
- Full name and business name
- Email address and phone number (including WhatsApp number)
- Physical or postal address
- Payment information (processed through third-party payment providers; we do not store raw card data)
- Business details including industry, social media handles, and website requirements
- Logos, photos, videos, and other brand assets you supply for website development
- Written content, pricing information, and product/service descriptions you provide
- Communications and correspondence with our team
- Contact-form submissions (your name, email, phone, business, and message)
- Messages you send to our website's AI assistant
3.2 Information Collected Automatically
When users interact with websites or applications hosted by GraniteMind AI, we and our hosting partners may automatically collect:
- IP address and approximate geographic location
- Browser type, version, and operating system
- Device type and screen resolution
- Pages visited, time on page, and navigation paths
- Referring website or source (e.g., Facebook, Google)
- Date and time of access
- Cookies and similar tracking technologies (see Section 8)
3.3 Information from Third Parties
We may receive information about you from:
- Facebook, Instagram, LinkedIn, and other social media platforms when you engage with our advertising
- Meta Pixel data from users who visit GraniteMind AI or client websites
- Referral partners and business associations
- Payment processors (EcoCash, Paynow, Innbucks, and card processors)
3.4 Sensitive Information
GraniteMind AI does not intentionally collect sensitive personal information such as national identification numbers, health data, or financial account credentials. If you share such information inadvertently, please notify us immediately at privacy@granitemind.ai and we will delete it promptly.
4. How We Use Your Information
We process personal information only for the purposes described below, on the following legal bases:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Providing web & app development services | Name, contact, business info, assets | Contract performance |
| Processing payments and issuing invoices | Name, contact, payment details | Contract performance |
| Client communication and project updates | Name, email, WhatsApp number | Contract performance |
| Responding to enquiries via our contact form | Name, email, phone, message | Legitimate interest |
| Operating our website's AI assistant | Messages you send to the assistant | Legitimate interest |
| Hosting and maintaining client websites | Technical and usage data | Contract performance |
| Sending marketing and promotional content | Email, WhatsApp, social media handles | Legitimate interest / Consent |
| Running targeted advertising on Meta, LinkedIn | Behavioral data via Pixel and ad platforms | Legitimate interest |
| Improving our services and tools | Aggregated usage and performance data | Legitimate interest |
| Legal and regulatory compliance | All relevant data as required | Legal obligation |
| Fraud prevention and security | IP address, device, access logs | Legitimate interest |
6. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Our retention schedule is as follows:
| Data Type | Retention Period | Reason |
|---|---|---|
| Client contracts and project records | 7 years | Legal/tax compliance |
| Payment and invoice records | 7 years | Financial regulations |
| Client contact information (active) | Duration of relationship + 2 years | Business continuity |
| Client brand assets (logos, photos, etc.) | Duration of hosting + 6 months | Website maintenance |
| Website usage and analytics data | 26 months (Google Analytics default) | Performance analysis |
| Marketing inquiries (non-converting leads) | 12 months | Sales follow-up |
| WhatsApp communications | 2 years | Customer service records |
| Security and access logs | 90 days | Security monitoring |
7. Your Rights
As a data subject, you have the following rights in relation to your personal information held by GraniteMind AI:
- Right of Access — You may request a copy of the personal data we hold about you.
- Right to Rectification — You may ask us to correct inaccurate or incomplete information.
- Right to Erasure — You may request deletion of your personal data, subject to our legal retention obligations.
- Right to Restrict Processing — You may ask us to pause processing of your data in certain circumstances.
- Right to Data Portability — You may request your data in a structured, commonly used format.
- Right to Object — You may object to processing based on legitimate interest, including direct marketing.
- Right to Withdraw Consent — Where processing is based on consent, you may withdraw it at any time without affecting prior processing.
To exercise any of these rights, please contact us at privacy@granitemind.ai with the subject line "Data Rights Request". We will respond within 30 days. There is no charge for reasonable requests.
Please note: some rights may be limited where we have a legal obligation to retain data (e.g., financial records required by Zimbabwean tax law).
9. Data Security
GraniteMind AI implements appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. Our security practices include:
- All websites hosted on our infrastructure use HTTPS/SSL encryption as standard
- Access to client data and project files is restricted to authorised personnel only
- Payment processing is handled exclusively by PCI-DSS compliant third-party providers
- Our website and applications run on managed, redundant cloud infrastructure (Vercel and Supabase) with version control and automated backups
- WhatsApp Business and client communication channels use end-to-end encryption
- Two-factor authentication is enforced on all publishing accounts (Apple Developer, Google Play Console)
- Project management tools (Trello/Notion) are access-controlled per project
Despite these measures, no system is entirely secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected individuals and relevant authorities promptly in accordance with applicable law.
10. International Data Transfers
GraniteMind AI is based in Zimbabwe. Some of our third-party service providers operate outside Zimbabwe — primarily in the United States and the European Union — including Vercel, Google (Workspace, Analytics, and Gemini AI), Meta Platforms, Apple Inc., Resend, ElevenLabs, Supabase, and Base44. When we transfer your data to these providers, we ensure appropriate safeguards are in place through:
- Standard contractual clauses or data processing agreements with each provider
- Use of services that have undergone recognised international privacy certifications
- Compliance with the privacy terms of each provider as set out in Section 5.1
By using our services, you acknowledge that your data may be transferred to and processed in countries outside Zimbabwe, including countries with different data protection standards.
11. Children's Privacy
Our services are not directed at children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected data from a child under 13, we will delete it immediately.
For client websites that serve audiences including minors (e.g., schools, children's retailers), we require the client to implement age-appropriate privacy notices and obtain necessary parental consent as part of their own data controller obligations.
12. Third-Party Links & Embedded Services
Websites and applications built by GraniteMind AI may include links to third-party websites, social media platforms, or embedded services (such as Google Maps, WhatsApp chat buttons, or payment gateways). Once you leave a GraniteMind AI hosted site via such a link, this Privacy Policy no longer applies. We recommend reviewing the privacy policies of any third-party service you use.
Common third-party integrations in our client sites include:
- WhatsApp Business API — for click-to-chat functionality
- Google Maps — for business location display (governed by Google's Privacy Policy)
- EcoCash / Paynow / Innbucks — for online payments (governed by each provider's policy)
- Facebook/Instagram social sharing buttons — subject to Meta's Data Policy
13. Marketing Communications
With your consent or where we have a legitimate interest, we may send you:
- Updates about new GraniteMind AI services and pricing
- Portfolio showcases and case studies
- Industry tips and digital marketing resources
- Promotional offers and seasonal campaigns
We primarily communicate via WhatsApp Business and email. You may opt out of marketing communications at any time by:
- Replying "STOP" to any WhatsApp broadcast message
- Clicking the unsubscribe link in any email
- Contacting us directly at privacy@granitemind.ai
Opting out of marketing will not affect your receipt of service-related communications (e.g., project updates, invoices, hosting notifications).
14. Client Responsibilities as Data Controllers
When GraniteMind AI builds a website or application for a client, the client assumes the role of independent data controller for their end-users' personal information. Clients are responsible for:
- Publishing and maintaining a privacy policy on their own website
- Obtaining necessary consents from their users for data collection activities
- Complying with applicable laws regarding the data they collect through their site
- Notifying GraniteMind AI of any data subject requests related to hosted sites
- Ensuring contact forms, booking systems, and e-commerce checkouts comply with applicable regulations
GraniteMind AI provides template privacy policy guidance to all clients upon project completion. We recommend clients seek independent legal advice tailored to their specific business and industry.
15. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last Updated" date at the top of this document
- Post the updated policy on granitemind.ai/privacy
- Notify active clients via WhatsApp or email where the changes materially affect their rights
Your continued use of our services after any update constitutes acceptance of the revised policy. We encourage you to review this policy periodically.
16. Governing Law & Dispute Resolution
This Privacy Policy is governed by the laws of Zimbabwe. Any disputes arising from this policy or our data processing practices will be subject to the jurisdiction of the courts of Zimbabwe.
If you have a complaint about how we handle your personal data, you should first contact us directly at privacy@granitemind.ai. If your complaint is not resolved to your satisfaction, you may escalate it to the relevant Zimbabwean data protection or consumer protection authority.
17. Contact Us
For all privacy-related matters, please contact our Privacy Officer:
Response time: within 5 business days for general enquiries; within 30 days for formal data rights requests.
