Privacy Policy

We collect the following types of information:

• Account information — name, email address, phone number
• Business information — business name, address, bank account details for settlement
• Invoice and transaction data — invoices you create, clients you bill, amounts collected
• WhatsApp messages sent to our bot solely for the purpose of invoice creation
• KYC documents — government-issued ID and proof of business registration
• Usage data — how you interact with the platform, for service improvement

• To provide and operate the Grymey invoicing and payment platform
• To process payments and settle funds to your designated bank account
• To send invoice notifications, payment confirmations, and reminders to your clients
• To verify your identity and business through our KYC process
• To comply with Nigerian financial regulations and legal obligations
• To detect and prevent fraud and unauthorised account activity
• To improve our platform based on usage patterns

When you use our WhatsApp bot to create invoices, the messages you send are processed by our AI system to extract invoice details such as client name, amount, and description. This message content is used solely to generate invoices on your behalf.

WhatsApp message content is not stored permanently beyond what is necessary to complete the invoice creation. We do not use your WhatsApp messages for advertising or share them with third parties except as required to operate the service.

We do not sell your personal data. We share data only with trusted service providers necessary to operate our platform:

• Payment processors — Anchor and Monnify, for payment collection and settlement
• Cloud infrastructure — Supabase (database and storage) and Vercel (hosting)
• Communication services — Resend (email delivery) and Meta (WhatsApp Business API)
• AI services — Anthropic Claude API, for invoice extraction from natural language

We may disclose your information if required to do so by Nigerian law or regulatory authorities.

We implement industry-standard security measures to protect your data including encryption of data in transit (TLS) and at rest, access controls limiting who within our team can access your data, and regular security reviews of our platform and infrastructure.

No system is completely secure. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate information in your profile
• Export your invoice and client data
• Request deletion of your account and personal data
• Opt out of non-essential communications

To exercise any of these rights, contact us at privacy@grymey.com. We will respond within 30 days. Note that we are required by Nigerian financial regulations to retain certain transaction records even after account deletion.

We use essential cookies to keep you logged in and maintain your session. We do not use advertising or tracking cookies. We may collect anonymous usage analytics to understand how the platform is used and improve our product.

We retain your personal data for as long as your account is active. Transaction and invoice records are retained for a minimum of 7 years as required by Nigerian financial regulations, even after account closure.

We may update this Privacy Policy from time to time. We will notify you by email of material changes at least 30 days before they take effect. Continued use of Grymey after that date constitutes acceptance of the updated policy.

For privacy-related questions or requests: