Ground

If you do not agree with this policy, please do not use the Site or the Service.

1. Who We Are and Our Role in Your Data

Ground is an execution layer for managers at early-stage companies. The Service connects to workplace tools you authorize, such as Gmail, Google Calendar, Slack, Linear, and Notion, to surface stalled work and draft next actions for your review and approval.

We act in two distinct capacities:

  • As a data controller for information about you as a Site visitor, waitlist signup, or account holder, such as your name, email, billing details, and usage data.
  • As a data processor or service provider for the workspace content we process on behalf of our customers, such as messages, emails, calendar events, tickets, and documents from connected tools ("Customer Workspace Data"). The customer, meaning the manager or their company, is the controller of this data and determines what is connected and how it is used. We process Customer Workspace Data solely on the customer's instructions and as described in our Terms of Service and any applicable Data Processing Addendum (DPA).

If you are a teammate of a Ground customer and have questions about how your data is handled in Ground, please contact your organization's administrator first, as they control the connection.

2. Information We Collect

a. Information you provide

  • Account and waitlist information: name, work email, company name, role, and any details you submit when joining the waitlist or onboarding.
  • Billing information: processed by Stripe, our payment processor. We do not store full payment card numbers on our systems.
  • Communications: messages you send us, such as to [email protected], and feedback you share.

b. Customer Workspace Data via connected integrations

When a customer connects a tool, Ground accesses only the scopes granted at authorization:

IntegrationAccess
GmailRead-only
Google CalendarRead-only
SlackRead and send; messages are sent only with manager approval.
LinearRead-only
NotionRead-only

This may include email content and metadata, calendar events, Slack messages and channel data, Linear issues, and Notion pages relevant to the workstreams the customer configures. If our access scopes change, for example by adding write access to a tool, we will update this policy and, where required, request re-authorization.

c. Information collected automatically

  • Usage data: pages viewed, features used, actions approved or dismissed, and timestamps.
  • Device and log data: IP address, browser type, operating system, and cookies or similar technologies for authentication, security, and analytics.

3. How We Use Information

We use information to:

  • Provide, operate, maintain, and secure the Service;
  • Detect stalled workstreams, generate briefs, and draft follow-ups and other actions for the customer's review and approval;
  • Onboard waitlist signups, communicate with you, and provide support;
  • Process payments and manage subscriptions;
  • Monitor, debug, and improve the Service;
  • Comply with legal obligations and enforce our terms.

We do not sell personal information. We do not use Customer Workspace Data for advertising.

4. Google API Services - Limited Use Disclosure

Ground's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Google user data to provide and improve user-facing features of the Service that are prominent in the Ground interface;
  • We do not transfer Google user data to third parties except as necessary to provide these features, to comply with applicable law, or as part of a merger or acquisition with prior notice;
  • We do not use Google user data for advertising;
  • We do not allow humans to read Google user data unless (a) we have your explicit consent for specific data, (b) it is necessary for security purposes, such as investigating abuse, (c) it is required to comply with applicable law, or (d) the data has been aggregated and anonymized;
  • We do not use Google Workspace user data to develop, improve, or train generalized artificial intelligence or machine learning models.

5. AI Processing

Ground uses large language models to analyze connected data and draft actions. Model inference is routed through OpenRouter, and customers may select which underlying model provider processes their data. Contractually and by configuration:

  • Customer Workspace Data submitted for inference is used only to generate outputs for that customer;
  • We do not permit our AI subprocessors to use Customer Workspace Data to train their models;
  • Inference requests are not retained by model providers beyond what is required to deliver the response, per our zero-data-retention configurations where available.

6. How We Share Information

We share information only with:

  • Subprocessors that help us operate the Service, including Google Cloud Platform for hosting and infrastructure, OpenRouter and the customer-selected model provider for AI inference, Stripe for payments, and Google Workspace APIs, Slack, Linear, and Notion for integrations you authorize. A current subprocessor list is available on request at [email protected].
  • Professional advisors, such as lawyers, accountants, and auditors, under confidentiality obligations;
  • Authorities where required by law, subpoena, or to protect rights, safety, and security;
  • A successor entity in connection with a merger, acquisition, or sale of assets, with notice to you.

7. Data Retention

  • Account data: retained while your account is active and as needed for legal, tax, and accounting purposes.
  • Customer Workspace Data: retained while the integration remains connected. When a customer disconnects an integration or deletes their account, associated Customer Workspace Data is deleted from our production systems within 30 days, and from backups within 90 days, except where retention is required by law.

You may request deletion at any time via [email protected].

8. Security

We maintain administrative, technical, and physical safeguards designed to protect information, including encryption in transit and at rest, access controls, and least-privilege scoping of integration permissions. Ground is pursuing SOC 2 compliance and completes Google's required security assessments (CASA) for restricted OAuth scopes. No system is perfectly secure; we cannot guarantee absolute security.

9. Your Rights

Depending on your location, you may have rights to access, correct, delete, port, or restrict processing of your personal information, and to object to processing or withdraw consent.

  • EEA/UK (GDPR): you may exercise these rights by contacting us; you also have the right to lodge a complaint with your supervisory authority. Where we process data as a processor, we will refer your request to the relevant customer, the controller.
  • California (CCPA/CPRA): you have the right to know, delete, correct, and opt out of "sale" or "sharing" of personal information. We do not sell or share personal information as defined by the CPRA.

To exercise any right, contact [email protected]. We will verify your identity before acting on requests.

10. International Transfers

We are based in the United States and process data there. Where we transfer personal data from the EEA, UK, or Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses.

11. Children

The Service is intended for business use by adults. We do not knowingly collect personal information from anyone under 16.

12. Changes to This Policy

We may update this policy from time to time. We will post the updated version with a revised "Last updated" date and, for material changes, notify account holders by email or in-product notice.

13. Contact