GrantaBook a Demo
Legal

Privacy Policy

Last updated: May 4, 2026

This Privacy Policy, together with all schedules, appendices, attachments, any terms of service, and annexes (the “Agreement”) (all of such documents are accessible via https://granta.app) and between iCommute Inc. and all its affiliates (together “us”, “we”, and/or “our”) and you, the individual or company (“you”, “your”, and/or “User”) governs your use of our website application, accessible at https://granta.app, and all pages, templates, products, tools, information, protocols, software, and content located therein (the “Service”), and explains how we collect, safeguard, and disclose information that results from your use of the Service. PLEASE READ THIS POLICY CAREFULLY.

1. Definitions

Unless otherwise defined herein,

“Personal Data” means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).

“Usage Data” is data collected automatically either generated by the use of Service or from Service infrastructure itself (for example, the duration of a page visit).

“Data Controller” means a natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.

For data collected through Granta tenant deployments on behalf of customer organizations (for example, student unions running programs through Granta), Granta operates as a Data Processor, and the customer organization is the Data Controller. For data collected directly through granta.app (marketing-site visitors, direct sign-ups, support inquiries, and similar), Granta acts as a Data Controller.

“Data Processors” or “Service Providers” means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.

“Data Subject” is any living individual who is the subject of Personal Data.

2. Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you. This includes information you provide directly, information automatically collected from your use of the Service, and information from service providers we use to operate Granta (such as authentication, hosting, and analytics providers).

3. Types of Data Collected

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:

(a) Name, email address, student ID (where applicable for tenant deployments), institutional affiliation, uploaded documents (e.g., receipts, course outlines for reimbursement programs), and any other information you choose to provide through the Service.

We may use your Personal Data to contact you with product updates and notifications relevant to your use of the Service. You may opt out of optional communications by emailing legal@granta.app.

Usage Data

We may also collect information that your browser sends whenever you visit our Service or when you access Service by or through a mobile device (“Usage Data”).

This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When you access Service with a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.

4. Use of Data

We use the collected data for various purposes:

(a) to provide and maintain our Service;

(b) to notify you about changes to our Service;

(c) to allow you to participate in interactive features of our Service when you choose to do so;

(d) to provide customer support;

(e) to gather analysis or valuable information so that we can improve our Service;

(f) to monitor the usage of our Service;

(g) to detect, prevent and address technical issues;

(h) to fulfill any other purpose for which you provide it;

(i) to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;

(j) to provide you with notices about your account and/or subscription, including expiration and renewal notices, email-instructions, etc.;

(k) in any other way we may describe when you provide the information;

(l) to aggregate pseudonymized or anonymized information for statistical or other purposes; and

(m) for any other purpose with your consent.

5. Consent

How do we get your consent?

When you provide us with personal information to complete a transaction, we imply that you consent to our collecting it and using it for that specific reason only. If we ask for your personal information for a secondary reason, such as for advertisements, we will either ask you directly or your express consent, or provide you with an opportunity to say no.

How do you withdraw your consent?

If after you opt-in and you change your mind, then you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time by emailing us at legal@granta.app.

6. Retention of Data

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.

7. Data Storage and Residency

Customer data submitted through Granta tenant deployments including student personal information collected on behalf of customer organizations is hosted on Google Cloud Platform in Toronto, Canada. Granta does not transfer customer tenant data outside Canada.

8. Disclosure of Data

We may disclose personal information that we collect, or you provide:

(a) Disclosure for Law Enforcement. Under certain circumstances, we may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities.

(b) Business Transaction. If we or our subsidiaries are involved in a merger, acquisition or asset sale, your Personal Data may be transferred.

(c) Other cases. We may disclose your information also:

(i) to our subsidiaries and affiliates;

(ii) to contractors, service providers, and other third parties we use to support our business;

(iii) to fulfill the purpose for which you provide it;

(iv) for the purpose of including your company's logo on our website;

(v) for any other purpose disclosed by us when you provide the information;

(vi) to establish, exercise or defend our legal rights;

(vii) when we believe disclosure is necessary or appropriate to prevent physical or other harm or financial loss;

(viii) in connection with an investigation of suspected or actual illegal activity.

Granta does not sell, rent, or share customer data with third-party advertisers, and does not engage in interest-based advertising.

9. Security of Data

The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

We take security seriously and use appropriate technical measures corresponding to the types of Personal Data we store, and the risks associated with processing such data. In the event of a data breach we will contact those affected as well as any applicable regulators as required by law.

10. Your Data Protection Rights Under PIPEDA

If you are a Canadian resident, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's federal private-sector privacy law.

Under PIPEDA, you have the following rights:

(a) The right to know what personal information we hold about you, how it is used, and to whom it has been disclosed.

(b) The right of access. You have the right to request a copy of your personal information.

(c) The right of correction. You have the right to have your information corrected if it is inaccurate or incomplete.

(d) The right to withdraw consent. You may withdraw your consent for our continued use or disclosure of your information, subject to legal or contractual restrictions and reasonable notice. Note that withdrawal of consent may affect our ability to provide you with the Service.

(e) The right to file a complaint. If you believe we have not handled your personal information in accordance with PIPEDA, you may contact us at legal@granta.app, or file a complaint directly with the Office of the Privacy Commissioner of Canada at https://www.priv.gc.ca.

Where customer organization data is concerned (i.e., data collected through tenant deployments on behalf of student unions or similar customer organizations), requests for access, correction, or deletion should generally be directed to the customer organization in their capacity as Data Controller. Granta will support customer organizations in fulfilling these obligations as a Data Processor.

To exercise your PIPEDA rights regarding data Granta directly controls, please contact us at legal@granta.app. We may need to verify your identity before responding to such requests.

11. Analytics

We may use third party Service Providers (like Google Analytics, Firebase, etc.) to monitor and analyze the use of our Service.

12. CI/CD tools

We may use third party Service Providers (like GitHub) to automate the development process of our Service.

13. Payments

We may provide paid products and/or services within Service. In that case, we use third party services for payment processing (e.g. payment processors).

We will not store or collect your payment card details. That information is provided directly to our third party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

14. Links to Other Sites

Our Service may contain links to other sites that are not operated by us. If you click a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

15. Children's Privacy

Our Services are not intended for use by children under the age of 13 (“Children”).

We do not knowingly collect personally identifiable information from Children under 13. If you become aware that a Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we take steps to remove that information from our servers.

16. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update “Last updated” field at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

17. Contact Us

If you have any questions about this Privacy Policy, please contact us by email: legal@granta.app.

granta · Student union program administration.

© 2026 Granta. info@granta.app · Privacy Policy