Privacy Policy

At GroveStreams, we value your privacy and are committed to protecting your personal data in accordance with applicable laws, including the EU General Data Protection Regulation (GDPR), UK GDPR, California Consumer Privacy Act (CCPA), and other relevant regulations. This Privacy Policy explains how we collect, use, share, and protect your information when you visit grovestreams.com, as well as your rights regarding that information.

Who We Are

GroveStreams LLC is the data controller responsible for your personal data. You can contact us at:
  • Email: support@grovestreams.com
  • Address: 13570 Grove Drive, Maple Grove, MN 55311
For GDPR purposes, if we process data of EU residents without an EU establishment, we designate “support@grovestreams.com” as our EU Representative.

What Information Do We Collect About You?

When you sign-up for an account:

  • Profile Information: Your email address, a password, first name, and last name.
  • The time zone setting of your browser at the time of sign-up.
  • Information about your use of this website including your IP address.
  • Information needed for billing including: The amount of data, in bytes, flowing into and out of our platform, the number of SMS texts, the number of emails, the number of transactions, and the number of data streams.
  • Automatically Collected Data: Via Google Analytics and cookies managed by CookieYes:
    • IP address (anonymized by Google Analytics).
    • Browser type, device information, and operating system.
    • Page views, time spent on pages, and navigation patterns.
    • Cookie identifiers for analytics purposes.

When you edit your account profile:

  • Your password, email address, first name, and last name.
  • Optionally, your phone number and your cell phone number.
  • Your time zone.

Billing information:

You will need to optionally enter credit card information if you are paying for a GroveStreams subscription and wish to use a credit card.
  • Information required to process your monthly invoice with a credit card including: Your card number, expiration date, card code, the address used for the card, and a phone number.
  • The shipping address is not required.

Organization Information:

You have the option of creating an Organization after your user profile is created. An organization can be a home, business, or other similar entity.
  • The organization name.
  • The organization address (optional).

Device information and stream data:

Organizations can contain devices along with stream data for each device.
  • Device information, configured by a user of our platform: Unique device identifiers such as MAC address, IP address, the outward facing gateway IP address, and settings of the device you use to access the Services.
  • The time that the device last communicated with our platform.
  • Device stream information, configured by a user of our platform: data uploaded into our platform from the device. All stream data is saved with a time stamp passed into our platform or the time stamp can be optionally set by our platform.
  • Device event notification data, configured by users of our platform, including: Phone numbers for SMS, and email addresses

How we use that information

Your profile information:

  • Email Address: We use your email address as your unique identifier within our platform. We also use it for sending important notifications about the usage of of our service such as billing notifications and other issues. You may configure device events to send notifications to your email address.
  • Phone Number: We do not use your phone number. It is optional and can be used, by you, for device SMS notifications.
  • Credit Card information: We do not store your credit card information or use it directly. We use a 3rd party credit card processor. More information below.
  • Email: We use your email address if you choose to create a GroveStreams Forum profile. More information below.

Device and Stream Data:

  • We do not use or process this data for our own use except for the gathering of metrics for billing purposes, and to optimize it for storage (security and compaction).

Audit Trails and Diagnostics:

  • Some information may reside in logs that record usage of our Service (such as web server logs). This information is used for regulatory record keeping and troubleshooting.

We use your data for the following purposes:

  • Analytics: Google Analytics tracks site usage to enhance user experience and optimize our website (legal basis: consent via CookieYes).
  • Legal Obligations: To comply with applicable laws or respond to legal requests.
  • To register you or your devices for our Service
  • To provide a Service or feature you request
  • To provide customized content and provide personalized services based on your past activities on our Services
  • To provide maintenance services for your account
  • Otherwise with your consent

Data Sharing and Transfers

Third Parties: We share data with:
  • Google Analytics: For site usage analysis (data processed in the US under the EU-US Data Privacy Framework).
  • Service Providers: Only as necessary to support our operations (e.g., hosting), with GDPR-compliant agreements in place.
  • Authorize.net: GroveStreams uses one of the largest providers of credit card-based processing services, Authorize.Net, to manage and store sensitive billing information. When you register a credit card with our service, we will direct you to an Authorize.net secured web page where you will interact directly with their website and your sensitive data will be directly stored in their system. After your information is entered into their system, we will receive a user identifier (a number). We only store that identifier in our system and use it to process your invoice along with a secret Authorize.net API key. We use the Authorize.net HTTP SSL API for communication from our servers to their servers. Your information stored at Authorize.Net will be removed when you delete your GroveStream user profile. Authorize.net Privacy Statement
  • Twillio: We use Twillio for sending your device SMS event notifications to your phone. We do this by passing the notification information, which only includes the phone number and the body of the SMS you configured. Communication with Twillio is done over the Internet using Twillio's API, between our servers and their servers, using HTTPS and SSL. Twillio Privacy Statement
  • Amazon SES: We use Amazon Simple Email Services to send emails from our service. Emails can be from us or from your optionally configured device email event notification. When sending an email we pass the email addresses and the body of the email, using their Java library, which communicates from our servers to Amazon's servers via HTTPS SSL. Amazon AWS Privacy Statement
  • MapBox Maps: We use MapBox Maps to display your device location. We use their java script API library to display the device location on a map. Only the device GPS location, name, and ID is passed to their API. When a device/component is being designed, by you, within our service, you can optionally use the map search field to enter an address to find the device's GPS location. When you do this, the information is passed to the Map Box servers to find the GPS location. MapBox Privacy Statement
  • Ninja Post: We use a 3rd party forum website for our user forum. We only pass your your email address and the current website session token when you choose to use the forum. The forum user profile information and any other information you enter into the forum is stored in their system. Ninja Post Privacy Statement
International Transfers:
  • International Transfers: Data may be transferred to the US (e.g., Google servers). We rely on the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs) to ensure adequate protection.


Cookies and Tracking Technologies

We use cookies and similar technologies:
  • We will store your email address and password, encrypted, as a persistent browser cookie when you choose the "Remember Me" option while signing in.
  • Necessary Cookies: Essential for site functionality (e.g., session management).
  • Analytics Cookies: Set by Google Analytics to analyze site performance, enabled only with your consent via CookieYes.
  • Management: CookieYes manages cookie consent, displaying a banner in GDPR-relevant regions (e.g., EU, UK). You can adjust preferences anytime via the “Cookie Settings” link in the footer.

Your Choices

  • Account Sign-Up: By signing up, you consent to receive email notifications via Amazon SES about your account (e.g., billing, service updates).
  • SMS Notifications: Opt in to SMS notifications via Twilio by configuring device settings—leave blank to opt out.
  • Email Notifications: Opt in to device email notifications via Amazon SES—leave unconfigured to opt out.
  • Billing: By entering credit card details for a paid plan, you consent to Authorize.net processing payments—use the free plan to opt out.
  • Device Location: By adding GPS coordinates, you consent to MapBox displaying them—use default (0,0) to opt out.
  • Cookies: Enable “Remember Me” to store encrypted login cookies—disable cookies in your browser to opt out (note: this may impair functionality).
  • Forum: Create a forum profile to participate via Ninja Post—opt out by not joining or configuring it to disable emails.

What do we do to Keep Your Information Secure?

  • We use appropriate security measures to protect the security of your personal information both online and offline. These measures vary based on the sensitivity of the personal information we collect, process and store and the current state of technology. We also take measures to ensure service providers that process personal data on our behalf also have appropriate security controls in place.
  • Please note that no service is completely secure. While we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.
  • All passwords are stored encrypted and are never unencrypted. If a password is lost a new password must be created as Grove Streams does not have an external or internal API to recover a password so as to prevent anyone from knowing another user's password.
  • If you provision an API Key, you should keep it secret. You should store your API Key in a secure location. You should only use your API key with HTTPS SSL communications. You should not use a single API key for all devices, widgets, or dashboards in case it becomes compromised.
  • Grove Streams employees cannot access your organization and view or edit stream data and dashboards through any user interface. We will request that you add us to the list of organization users in order to assist you with any trouble-shooting.

Data Retention

  • Analytics Data: Google Analytics retains data for up to 14 months (minimum setting), anonymized where possible.
  • Personal Information: Retained as long as your account is active or as needed to provide services, then deleted within 30 days unless legally required otherwise.
  • By default, stream data is retained for two years. You may configure how long data is retained by configuring the "Delete Profile" associated with every stream.
  • Component and Stream Data: Permanently removed immediately when you delete a component or stream via the platform, or when an organization is deleted.
  • Organization Information: Permanently removed within 30 days of you deleting the organization, or automatically by our system if your account becomes inactive for over 2 years.
  • Your personal data, within your profile, is immediately deleted when you delete your profile.
  • Your personal data, residing within our forum, is retained until you delete your forum profile from within the forum.
  • Some information will be retained in audit and diagnostic logs per regulations.

Third-Party Links

This site may contain links to other sites outside our control. GroveStreams.com is not responsible for the privacy practices or the content of such web sites.


Do not Track Signals and Similar Mechanisms

Some browsers send “Do Not Track” signals. Due to lack of a universal standard, GroveStreams does not currently respond to these signals.


Grove Streams as a 3rd Party Data Processor

Grove Streams can also be used as a 3rd party data processor. Some companies use us as a service and can OEM Grove Streams to look like their own service. These companies may use Grove Streams to store other user's data.

These companies will not have access to your credit card information as long as it is being stored in our secure location (you used our service to enter credit card information). These companies can configure Grove Streams organizations so that they have access to some of your profile information once you have been added to an organization via your email address. They can configure the organization so that they have access to all information stored in the organization they Own or have configured to give them rights to do so. If they are storing sensitive information within Organizations, Components, Streams, Dashboards, or Maps, it is their responsibility to ensure it is secured and handled to satisfy regulations in the areas they are operating in.

These types of of Grove Streams users must have their own Privacy page that describes, and satisfies data privacy regulations. They must ensure that their user's personal data is secure and not shared without their knowledge. They must provide links to our Terms and Privacy pages so that their users understand how we are being used and how their personal data is handled.

Data Ownership

  • Consent: We process analytics data (e.g., via Google Analytics) based on your explicit consent obtained through the CookieYes banner.
  • Legitimate Interests: We process basic site usage data (e.g., anonymized IP addresses) to improve our services, provided this doesn’t override your rights.
  • Contractual Necessity: Data provided for account creation is processed to fulfill our service agreement with you.

Privacy Rights

Depending on your location, you may have the following rights:
  • GDPR/UK GDPR (EU/UK Residents):
    • Access: Request a copy of your data.
    • Rectification: Correct inaccurate data.
    • Erasure: Request deletion (“right to be forgotten”).
    • Restriction: Limit processing under certain conditions.
    • Objection: Object to processing based on legitimate interests.
    • Data Portability: Receive your data in a portable format.
    • Withdraw Consent: Revoke consent via “Cookie Settings” or email.
  • CCPA (California Residents):
    • Know: Details of data collected and sold.
    • Delete: Request deletion.
    • Opt-Out: Opt out of data sales (we don’t sell data).
  • Other Regions: Similar rights may apply (e.g., Canada’s PIPEDA, Brazil’s LGPD).

Changes to This Policy

We may update this policy. Changes will be posted here with the “Last Updated” date revised. Significant changes will be notified via email or site notice where required.

Contact Us

For questions, complaints, or to exercise your rights:
  • Email: support@grovestreams.com
  • GDPR Complaints: You may also contact your local Data Protection Authority (e.g., ICO in the UK).


Last Updated: February 21, 2025