Data Protection
GroMe - Growing Young Entrepreneurs
GroMe - Growing Young Entrepreneurs
The data controller for the GroMe application ("App") and the website grome.live is:
GroMe
Website: grome.live
Email: hello@grome.live
We are committed to protecting your data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.
For any data protection enquiries, please contact us at: hello@grome.live
GroMe processes minimal personal data. Most user data is stored locally on the device and never leaves it.
The following data is stored on-device using AsyncStorage and is not transmitted to our servers:
Some data is periodically synced to our server for the purposes described below. This data is transmitted securely over HTTPS.
| Data | Purpose | Legal Basis | Retention |
|---|---|---|---|
| Parent email address | Welcome emails, weekly progress reports, withdrawal notifications | Consent | Until consent is withdrawn |
| Teen name and age | Personalising progress reports sent to parents | Consent (parental) | Until consent is withdrawn or data deletion is requested |
| Progress data (challenges completed, mindset points, level, streak, vault balance) | Generating weekly progress reports for parents and improving the app experience | Consent (parental) and Legitimate interest | Until data deletion is requested |
| Device identifier | Linking progress data to the correct profile for reporting | Legitimate interest | Until data deletion is requested |
| Unlock code | Verifying purchase and granting app access | Contract performance | Duration of service |
If a parent email is provided during onboarding, GroMe sends automatic weekly progress report emails every Sunday. These reports contain the teen's name, challenge progress, mindset points, level, streak, and vault balance. Reports are enabled by default and can be disabled at any time via the Parent Zone in the app or by clicking the unsubscribe link in any report email.
We use the following third-party services that may process limited personal data on our behalf:
| Service | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing for unlock code purchases | Payment details (handled directly by Stripe, we do not store card data) |
| Resend | Email delivery | Parent email address |
| Revolut | Optional method for parents to manually send approved withdrawal amounts | No data shared by GroMe; parents use their own Revolut accounts independently |
Each third-party processor operates under their own privacy and data protection policies. We have ensured appropriate data processing agreements are in place.
We process personal data based on the following legal grounds under GDPR Article 6:
GroMe is designed for teenagers aged 12-18. We take extra care to protect the data of young users:
As a data subject, you have the following rights:
To exercise any of these rights, contact us at hello@grome.live. We will respond within 30 days.
You can delete all locally stored data at any time through the App: Settings > Delete Account. This permanently removes all profiles, progress, points, and transaction history from the device.
To request deletion of any server-side data (email address, analytics), contact us at hello@grome.live.
Our servers and third-party processors may be located outside the European Economic Area (EEA). Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where applicable.
In the unlikely event of a personal data breach, we will:
We may update this Data Protection policy from time to time. Material changes will be communicated through the App or via email to registered parents. Continued use of the App after changes constitutes acceptance of the updated policy.
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection supervisory authority.
See also our Privacy Policy and Terms of Service.
Last updated: March 2026