Legal
Last updated: April 16, 2026
Graav is a web application that helps Etsy sellers track profit, margins, and business performance. It is operated by Casey McCallister. When we say "Graav", "we", "us", or "our" in this policy, we mean the Graav service and its operator.
Account information. When you register, we collect your email address and a securely hashed version of your password. Your email is used to log you in, send you important account notifications, and if you opt in, occasional product updates. We never store your password in plain text.
Shop data you enter. Graav stores the monthly figures you enter: revenue, visits, sales, ad spend, shipping costs, and expenses. This data lives in our database and is used only to power your dashboard. We do not analyse, aggregate, or share your shop data with anyone.
Billing information. Payments are handled entirely by Stripe. Graav never sees or stores your credit card details. Stripe may collect and process payment data in accordance with their own privacy policy.
Basic usage data. We log standard server information such as IP addresses and page requests. This is used for security, debugging, and keeping the service running. We also use Plausible Analytics to understand how visitors use the site. Plausible is privacy-friendly — it collects no personal data, uses no cookies, and does not track you across sites.
Graav uses a small number of trusted third-party services to operate:
We keep your account and shop data for as long as your account is active. If you cancel your subscription or request deletion of your account, we will remove your personal data within 30 days. Anonymised, non-identifiable usage logs may be retained longer for security purposes.
You can request a copy of your data, ask us to correct inaccurate information, or ask us to delete your account at any time by contacting us. We will respond within 30 days.
Graav uses a single session cookie to keep you logged in. We do not use advertising cookies, tracking cookies, or any third-party cookie-based analytics.
If you are a resident of the European Union, you have rights under GDPR: the right to access, correct, or delete your personal data; the right to restrict or object to processing; and the right to data portability. Note that your data is stored on servers in the United States.
If you are a California resident, you have rights under the CCPA: the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of your personal information. We do not sell personal information.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
If we make material changes to this policy, we will notify registered users by email before the changes take effect. The "last updated" date at the top of this page will always reflect the most recent version.
If you have any questions about this privacy policy or how we handle your data, get in touch at [email protected].