Legal

Privacy Policy

Last updated: April 5, 2026

The short version: your data is yours. We collect only what we need to run Graav. We don't sell it, share it with advertisers, or do anything with it beyond operating the service. The longer version is below.

Who we are

Graav is a web application that helps Etsy sellers track profit, margins, and business performance. It is operated by Casey McCallister. When we say "Graav", "we", "us", or "our" in this policy, we mean the Graav service and its operator.

What we collect and why

Account information. When you register, we collect your email address and a securely hashed version of your password. Your email is used to log you in, send you important account notifications, and if you opt in, occasional product updates. We never store your password in plain text.

Shop data you enter. Graav stores the monthly figures you enter: revenue, visits, sales, ad spend, shipping costs, and expenses. This data lives in our database and is used only to power your dashboard. We do not analyse, aggregate, or share your shop data with anyone.

Billing information. Payments are handled entirely by Stripe. Graav never sees or stores your credit card details. Stripe may collect and process payment data in accordance with their own privacy policy.

Basic usage data. We log standard server information such as IP addresses and page requests. This is used for security, debugging, and keeping the service running. We do not use third-party analytics tools or tracking pixels.

What we do not do

We do not sell your data to anyone, ever.
We do not share your data with advertisers or marketing platforms.
We do not connect to your Etsy account or access any data from Etsy directly.
We do not use your shop data to train AI models or share it for any research purpose.

Third-party services

Graav uses a small number of trusted third-party services to operate:

Stripe for payment processing. Stripe is PCI-compliant and handles all card data.
Postmark for transactional email (account confirmations, password resets). We pass them your email address for the purpose of delivering these messages.
DreamHost for web hosting and database storage. Your data is stored on servers operated by DreamHost in the United States.

Data retention

We keep your account and shop data for as long as your account is active. If you cancel your subscription or request deletion of your account, we will remove your personal data within 30 days. Anonymised, non-identifiable usage logs may be retained longer for security purposes.

Your rights

You can request a copy of your data, ask us to correct inaccurate information, or ask us to delete your account at any time by contacting us. We will respond within 30 days.

Cookies

Graav uses a single session cookie to keep you logged in. We do not use advertising cookies, tracking cookies, or any third-party cookie-based analytics.

Changes to this policy

If we make material changes to this policy, we will notify registered users by email before the changes take effect. The "last updated" date at the top of this page will always reflect the most recent version.

Questions?

If you have any questions about this privacy policy or how we handle your data, get in touch at hello@graav.io.