How we collect, use, share, retain, and protect your personal data on the Gravity platform.
XAI Technologies Pvt Ltd ("Gravity AI", "Gravity," "we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy describes how we collect, use, disclose, retain, and protect information when you use our AI agent marketplace platform, website, mobile applications, APIs, and related services (collectively, the "Platform").
This Privacy Policy applies to all users of the Platform, including Users who execute Agents, Builders who create Agents, and Creators who market Agents. By using the Platform, you acknowledge that you have read and understood this Privacy Policy. This Policy works alongside our Terms of Service.
| Data Category | Examples | Applies To |
|---|---|---|
| Account Information | Name, email address, profile photo, password | All users |
| Profile Information | Company name, role/title, industry, location, preferences | All users |
| Payment Information | Billing address, payment method details (stored by third-party processors; Gravity does not store full card numbers) | Users, Builders, Creators |
| Builder Information | Agent descriptions, workflow configurations, prompt templates, payout details, tax identification | Builders |
| Creator Information | Marketing channel details, referral links, payout details, tax identification | Creators |
| User Content | Prompts, inputs, data files, configurations provided to Agents | Users |
| Communications | Messages to support, feedback, survey responses | All users |
| Data Category | Examples |
|---|---|
| Usage Data | Pages visited, features used, Agents executed, Automations configured, time spent, click patterns, search queries |
| Device & Technical Data | IP address, browser type and version, operating system, device identifiers, screen resolution, language settings |
| Log Data | Server logs including timestamps, request URLs, response codes, referrer URLs |
| Performance Data | Agent execution times, success/failure rates, error logs, quality metrics |
| Location Data | Approximate geographic location derived from IP address (no precise geolocation) |
| Source | Data |
|---|---|
| OAuth Providers (e.g., Google) | Name, email, profile photo, and (with permission) calendar events, contacts, and document metadata |
| Connected Tools (e.g., LinkedIn, HubSpot, Stripe) | Data necessary for Agent execution as authorized by you |
| Payment Processors | Transaction status, payment confirmations, refund status |
| Public Sources | Publicly available business information used by Agents during execution as directed by you |
When you execute an Agent, the following data may be processed: Inputs (your prompts and uploaded content), Processing Data (intermediate results, AI model interactions), Outputs (the final result delivered to you), and Execution Metadata (timestamp, duration, Credit cost, Agent identifier, success/failure status, and quality signals).
When you execute an Agent, the Builder receives anonymized performance metrics and quality signals about their Agent's behavior. Builders do not receive your identifiable User Content unless the Agent's function explicitly requires it (e.g., a "review my resume" Agent), and such requirements are disclosed to you before execution.
We share information with vendors who help us operate the Platform: cloud infrastructure providers (e.g., AWS, GCP), AI model providers (e.g., OpenAI, Anthropic), payment processors, email delivery services, customer support tools, and analytics providers. These vendors are contractually obligated to handle your data securely and only for the purposes we specify.
When you connect a third-party tool (e.g., LinkedIn, Gmail, HubSpot) and authorize an Agent to interact with it, data flows between the Platform and that tool as necessary for the Agent to perform its function. You control these connections and may revoke them at any time in account settings.
We may disclose information when we believe in good faith that disclosure is necessary to: (a) comply with applicable law, regulation, or legal process; (b) respond to lawful requests from public authorities; (c) protect our rights, property, or safety, or that of our users or the public; (d) detect, prevent, or address fraud, security, or technical issues.
If Gravity is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and provide you with options regarding your data.
We may share your information with other parties when you give us explicit consent to do so.
| Technology | Purpose | Duration |
|---|---|---|
| Essential cookies | Authentication, security, account session | Session / up to 1 year |
| Functional cookies | Preferences, language, UI state | Up to 1 year |
| Analytics cookies | Usage analytics, feature performance | Up to 2 years |
| Local storage | Caching, offline data, draft saving | Until cleared |
| Data Type | Retention Period |
|---|---|
| Account information | Lifetime of account + 90 days after closure |
| User Content (prompts, inputs) | 30 days for execution caching, then deleted unless required for an active Automation |
| Agent execution outputs | Available in your account for 90 days; downloadable indefinitely by you |
| Payment records | 7 years (for tax and accounting compliance) |
| Usage and log data | 13 months |
| Anonymized aggregated data | Indefinitely |
| Support communications | 3 years from last interaction |
You may request deletion of your account and personal data at any time by emailing privacy@gravity.fast or through account settings. Upon deletion, we will remove your personal data within 30 days, except where retention is required by law (e.g., financial records) or for legitimate business purposes (e.g., fraud prevention).
If you are in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under the GDPR, including the right to lodge a complaint with your local data protection authority. The legal bases for our processing include: contract performance, legitimate interests, consent, and legal obligations.
California residents have rights under the CCPA and CPRA, including: the right to know what personal information is collected, used, shared, or sold; the right to delete personal information; the right to correct inaccurate information; the right to opt out of sale or sharing (Gravity does not sell personal information); and the right to non-discrimination for exercising these rights.
Under India's Digital Personal Data Protection Act, 2023 (DPDPA), Indian residents have the rights of access, correction, erasure, grievance redressal, and nomination. Our Grievance Officer details are in Section 12.
To exercise any of these rights, contact privacy@gravity.fast. We will respond within 30 days (or as required by applicable law).
Agent executions occur in isolated environments. Your User Content is processed only for the duration of the execution and is not shared with other Users.
We only process the User Content necessary for the specific Agent execution. We do not retain inputs or outputs longer than required for the service.
Builders cannot access your raw User Content. They receive only anonymized performance metrics and quality feedback to improve their Agents.
Agents only access connected third-party tools with the specific permissions you grant. You can review and revoke permissions at any time in account settings.
8.1. Gravity is headquartered in India and uses cloud infrastructure providers operating in multiple jurisdictions. Your personal data may be transferred to and processed in countries outside your country of residence, including the United States, the European Union, and India.
8.2. When we transfer personal data across borders, we use safeguards including Standard Contractual Clauses (for EU/UK transfers), adequacy decisions where applicable, and contractual commitments from our service providers.
8.3. By using the Platform, you consent to the transfer of your personal data as described.
9.1. We implement industry-standard technical and organizational measures to protect your personal data, including encryption in transit (TLS 1.2+) and at rest, access controls and authentication, regular security audits and penetration testing, employee security training, incident response procedures, and vendor security assessments.
9.2. Despite our efforts, no system is completely secure. We cannot guarantee absolute security of your data. In the event of a data breach affecting your personal data, we will notify you and applicable regulators as required by law.
10.1. The Platform is not intended for individuals under the age of eighteen (18). We do not knowingly collect personal information from children.
10.2. If we learn that we have collected information from a child under 18, we will delete it promptly.
10.3. If you believe a child has provided us with personal information, please contact privacy@gravity.fast.
11.1. We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
11.2. Material changes will be communicated via email or prominent notice on the Platform at least 30 days before they take effect.
11.3. Your continued use of the Platform after the effective date of revised Privacy Policy constitutes acceptance of those changes.
Gravity AI - Privacy Team
Email: privacy@gravity.fast
Support: support@gravity.fast
Website: gravity.fast
Data Protection Officer (DPO) / Grievance Officer (DPDPA)
Email: dpo@gravity.fast
Registered office: Bangalore, India