Legal

Privacy Policy

Last updated: April 16, 2026

The short version: your data is yours. We collect only what we need to run Graav. We don't sell it, share it with advertisers, or do anything with it beyond operating the service. The longer version is below.

Who we are

Graav is a web application that helps Etsy sellers track profit, margins, and business performance. It is operated by Casey McCallister. When we say "Graav", "we", "us", or "our" in this policy, we mean the Graav service and its operator.


What we collect and why

Account information. When you register, we collect your email address and a securely hashed version of your password. Your email is used to log you in, send you important account notifications, and if you opt in, occasional product updates. We never store your password in plain text.

Shop data you enter. Graav stores the monthly figures you enter: revenue, visits, sales, ad spend, shipping costs, and expenses. This data lives in our database and is used only to power your dashboard. We do not analyse, aggregate, or share your shop data with anyone.

Billing information. Payments are handled entirely by Stripe. Graav never sees or stores your credit card details. Stripe may collect and process payment data in accordance with their own privacy policy.

Basic usage data. We log standard server information such as IP addresses and page requests. This is used for security, debugging, and keeping the service running. We also use Plausible Analytics to understand how visitors use the site. Plausible is privacy-friendly — it collects no personal data, uses no cookies, and does not track you across sites.


What we do not do


Third-party services

Graav uses a small number of trusted third-party services to operate:


Data retention

We keep your account and shop data for as long as your account is active. If you cancel your subscription or request deletion of your account, we will remove your personal data within 30 days. Anonymised, non-identifiable usage logs may be retained longer for security purposes.


Your rights

You can request a copy of your data, ask us to correct inaccurate information, or ask us to delete your account at any time by contacting us. We will respond within 30 days.


Cookies

Graav uses a single session cookie to keep you logged in. We do not use advertising cookies, tracking cookies, or any third-party cookie-based analytics.


If you are in the EU or California

If you are a resident of the European Union, you have rights under GDPR: the right to access, correct, or delete your personal data; the right to restrict or object to processing; and the right to data portability. Note that your data is stored on servers in the United States.

If you are a California resident, you have rights under the CCPA: the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of your personal information. We do not sell personal information.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.


Changes to this policy

If we make material changes to this policy, we will notify registered users by email before the changes take effect. The "last updated" date at the top of this page will always reflect the most recent version.

Questions?

If you have any questions about this privacy policy or how we handle your data, get in touch at [email protected].