Privacy Policy

Last updated: Feb 10, 2026

Grand Thera Technologies Ltd. (“Grand Thera”, “we”, “our”, or “us”) is committed to protecting personal data and maintaining the highest standards of privacy, security, and data governance. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you access our websites, platforms, and digital services (collectively, the “Services”) or interact with us in a professional or business context.

By using our Services, you acknowledge the practices described in this Privacy Policy.

1. SCOPE OF THIS POLICY

This Privacy Policy applies to personal data processed by Grand Thera in connection with its business operations, including website interactions, platform usage, communications, partnerships, and enterprise engagements. This Policy applies primarily to business and professional contacts, as Grand Thera operates predominantly in a B2B and enterprise environment. It does not apply to third-party platforms or services not controlled by Grand Thera.

2. PERSONAL DATA WE COLLECT

Grand Thera may collect personal data that you provide directly, data generated through the use of our Services, and data obtained from legitimate business sources. This may include professional identification details such as name, email address, company affiliation, and role, as well as technical and usage information such as device data, system logs, and interaction data related to our platforms. In enterprise deployments, Grand Thera may process data on behalf of clients under contractual agreements, acting as a data processor rather than a data controller where applicable.

We collect only data that is relevant and proportionate to legitimate business and operational purposes.

3. HOW WE USE PERSONAL DATA

Grand Thera processes personal data to operate, maintain, and improve its Services, to communicate with users and partners, to support enterprise engagements, to ensure platform security and integrity, and to comply with legal and regulatory obligations. Personal data may also be used to evaluate performance, prevent misuse, and support risk management in decision-critical environments. Our processing activities are guided by necessity, proportionality, and privacy-by-design principles.

Grand Thera does not sell personal data.

4. Legal Bases for Processing

Where applicable under GDPR, Brazil’s General Data Protection Law (LGPD) and similar regulations, Grand Thera processes personal data based on legitimate business interests, contractual necessity, legal obligations, or user consent. Legitimate interests include maintaining secure and reliable services, conducting business communications, and improving system performance, provided these interests do not override fundamental privacy rights.

5. Data Sharing and Disclosure

Grand Thera may share personal data with trusted service providers, infrastructure partners, and professional advisors who support our operations under strict confidentiality and security obligations. Data may also be disclosed when required by law, regulation, or valid legal process. In enterprise contexts, data handling is governed by contractual agreements and data processing terms defined with clients.

We do not share personal data for unrelated third-party marketing purposes.

6. International Data Transfers

Grand Thera may process or store data in jurisdictions where it or its service providers operate. When cross-border transfers occur, we implement safeguards designed to ensure adequate data protection consistent with applicable regulations. These safeguards may include contractual protections and recognized compliance mechanisms.

7. DATA SECURITY

This Cookie Policy may be updated from time to time to reflect legal, technical, or operational changes. The “Last updated” date indicates the most recent revision. Continued use of our Services following updates indicates acknowledgment of the revised policy.

8. DATA RETENTION

Personal data is retained only for as long as necessary to fulfill legitimate business purposes, contractual obligations, or legal requirements. When data is no longer required, it is securely deleted or anonymized according to internal governance standards.

9. Your Rights

Depending on your jurisdiction, you may have rights related to access, correction, deletion, restriction, or objection to processing of your personal data. You may also have the right to withdraw consent where consent is the legal basis for processing. Requests are evaluated in accordance with applicable law and operational obligations.

10. Third-Party Services

Our Services may reference or integrate third-party tools or platforms. Grand Thera is not responsible for the privacy practices of external services not under our control. Users are encouraged to review third-party privacy policies where applicable.

11. Updates to This Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or operational changes. The “Last updated” date indicates the latest revision. Continued use of our Services after updates indicates acknowledgment of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or data protection practices, you may contact:

Grand Thera Technologies Ltd.
privacy@grandthera.com
www.grandthera.com

Grand Thera designs its data practices with the same rigor applied to decision-critical systems, prioritizing security, proportionality, and responsible data use.