Account

Country

Language

Cart

Your cart is empty

Privacy policy

Privacy Policy

Last updated: May 2026


1. Introduction


Gribb World ("we", "us", "our") operates the GRIBB mobile application and the website gribbworld.com. We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR) and applicable Portuguese and EU law.


This Privacy Policy explains what data we collect, why we collect it, how we use it, who we share it with, and what rights you have over your data.


If you have any questions, contact us at: hello@gribbworld.com


2. Who We Are


Gribb World Email: hello@gribbworld.com Website: gribbworld.com Location: Portugal, European Union


As an EU-based company, we operate under GDPR (Regulation EU 2016/679). Your data is processed lawfully, fairly, and transparently.


3. What Data We Collect


3.1 GRIBB App


When you use the GRIBB app, we collect:


Account data: your name and email address, collected when you create an account

Authentication data: a secure token used to keep you signed in (no passwords are stored)

Daily wellness check-in data: self-reported scores for sleep quality, energy levels, stress levels, mood, and focus — entered by you each day

Ritual and protocol data: which rituals and guided programs you use, your streak, completion history, and progress

Audio preferences: tracks you have listened to, tracks you have liked or saved

Subscription data: whether you are a free or Ritual+ subscriber, and your subscription status

App usage data: timestamps of check-ins and ritual completions, used to calculate streaks and generate insights

Wearable data (optional): if you connect Apple HealthKit or Google Health Connect, we may read sleep scores and heart rate variability to pre-fill your daily check-in. This requires your explicit consent and can be revoked at any time.

Error and crash data: anonymous technical error reports via Sentry, used to fix bugs. No personal data is included in these reports.

3.2 gribbworld.com Store


When you make a purchase or interact with our store, we collect:


Name, email address, shipping address, and billing address

Order history and purchase records

Email marketing preferences and unsubscribe status

Cookie and analytics data (see Section 9)

4. Why We Collect Your Data (Legal Basis)


We collect and process your data for the following purposes and on the following legal bases:


Purpose Legal Basis

Creating and managing your account Contract (Art. 6(1)(b) GDPR)

Personalising your daily mushroom ritual Contract (Art. 6(1)(b) GDPR)

Processing your orders and payments Contract (Art. 6(1)(b) GDPR)

Sending transactional emails (OTP, order confirmation) Contract (Art. 6(1)(b) GDPR)

Sending marketing emails Consent (Art. 6(1)(a) GDPR)

Processing wellness check-in data Explicit consent (Art. 9(2)(a) GDPR)

Processing wearable health data Explicit consent (Art. 9(2)(a) GDPR)

Improving our app and fixing bugs Legitimate interest (Art. 6(1)(f) GDPR)

Complying with legal obligations Legal obligation (Art. 6(1)(c) GDPR)

5. Health and Wellness Data


The GRIBB app processes special category data under GDPR Article 9, specifically self-reported wellness indicators including sleep quality, energy, stress, mood, and focus.


We collect this data only with your explicit consent, which you provide during onboarding. You may withdraw this consent at any time by deleting your account.


This data is used solely to:


Generate your personalised daily mushroom ritual

Track your wellness patterns over time

Produce your weekly and monthly insight reports

Your wellness data is never shared with third parties, never used for advertising, and never sold.


Important: GRIBB rituals are for general wellness education and lifestyle support only. They are not medical advice and are not intended to diagnose, treat, cure, or prevent any disease or medical condition. Always consult a qualified healthcare professional for medical concerns.


6. Who We Share Your Data With


We work with a small number of trusted third-party services to operate GRIBB. Each is bound by their own privacy policy and GDPR-compliant data processing agreements:


Stripe (stripe.com) — payment processing for Ritual+ subscriptions. Stripe processes your payment details directly. We never see or store your card number.

Shopify (shopify.com) — e-commerce platform for gribbworld.com orders and product fulfilment.

Resend (resend.com) — transactional and marketing email delivery from hello@gribbworld.com.

Cloudflare R2 (cloudflare.com) — content delivery network used to stream audio tracks. No personal data is stored on Cloudflare R2.

Sentry (sentry.io) — anonymous error and crash monitoring. Personal data is scrubbed before transmission.

Neon (neon.tech) — cloud PostgreSQL database provider where your account and wellness data is stored. Data is hosted in the European Union.

We do not sell, rent, or trade your personal data to any third party for any purpose.


7. Data Retention


We retain your data for as long as your account remains active. Specifically:


Account data and wellness data: retained until you delete your account

Order data: retained for 7 years as required by Portuguese tax law

Email marketing data: retained until you unsubscribe or request deletion

Error logs: retained for 30 days, then automatically deleted

Deleted accounts: all personal data is permanently purged within 30 days of account deletion

8. Your Rights Under GDPR


As an EU resident, you have the following rights regarding your personal data:


Right of access: you can request a copy of all data we hold about you

Right to rectification: you can ask us to correct inaccurate data

Right to erasure: you can request deletion of your account and all associated data

Right to data portability: you can request your data in a machine-readable format

Right to withdraw consent: you can withdraw consent for wellness data processing or marketing emails at any time

Right to object: you can object to processing based on legitimate interest

Right to lodge a complaint: you have the right to complain to the Portuguese data protection authority (CNPD) at cnpd.pt

How to exercise your rights:


In the GRIBB app: go to Profile → Settings → Export my data or Delete my account

By email: hello@gribbworld.com

We will respond to all requests within 30 days

9. Cookies


gribbworld.com uses the following types of cookies:


Essential cookies: required for the store to function (cart, checkout, login). Cannot be disabled.

Functional cookies: remember your preferences and settings.

Analytics cookies: used to understand how visitors use our site (via anonymised data). You can opt out via our cookie banner.

The GRIBB mobile app does not use cookies. We use AsyncStorage on your device to store your authentication token and app preferences locally.


10. Data Security


We take data security seriously and implement the following measures:


All data in transit is encrypted using TLS/HTTPS

Authentication uses secure random tokens (not passwords)

Our database is hosted in the EU with encryption at rest

Access to user data is restricted to authorised personnel only

We conduct regular security reviews of our systems

11. Children's Privacy


GRIBB is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us at hello@gribbworld.com and we will delete it promptly.


12. International Transfers


Your data is stored and processed within the European Union. Some of our third-party providers (such as Stripe and Cloudflare) may process data outside the EU. Where this occurs, we ensure appropriate safeguards are in place including Standard Contractual Clauses (SCCs) approved by the European Commission.


13. Changes to This Policy


We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify you by email. Continued use of GRIBB after changes are posted constitutes acceptance of the updated policy.


14. Contact Us


For any privacy-related questions, requests, or complaints:


Gribb World Email: hello@gribbworld.com Website: gribbworld.com


For data protection complaints, you may also contact: Comissão Nacional de Proteção de Dados (CNPD) cnpd.pt


This policy is effective from May 2026 and replaces all previous versions.



DISCLAIMER * The information on this website is for informational purposes only. No product sold on this website is intended to diagnose, treat, cure or prevent any disease.