Privacy Policy

Last updated: 4 December 2025

This Privacy Policy describes how Grand Heritage Society (“we,” “us,” or “our”) collects, uses, stores, and protects personal information when the user accesses grandheritage.co (the “Site”), purchases a membership, or interacts with our services.

By using the Site, the user agrees to the practices outlined in this Privacy Policy.

1. Information We Collect

We collect the following types of information:

1.1 Information Provided by the User

  • Name

  • Shipping address

  • Billing address

  • Email address

  • Payment details (processed securely by third-party payment providers)

  • Messages or submissions sent to us

  • Information shared during AI companion chat interactions

1.2 Automatically Collected Information

When the user accesses the Site, we may collect:

  • IP address

  • Device information

  • Browser type

  • Cookies and tracking data

  • Pages viewed, visit duration, and referral sources

1.3 Membership Data

For subscribed members:

  • Membership type

  • Renewal dates

  • Delivery history

  • Customer service interactions

  • Chat activity logs (AI companion messages may be processed for service improvement and safety)

2. How We Use the Information

We use personal information to:

  • Process and deliver monthly letters and membership materials

  • Provide access to the 24/7 companion chat

  • Manage user accounts, billing, and subscription renewals

  • Respond to customer inquiries

  • Improve the Site and services

  • Detect and prevent fraud or misuse

  • Comply with applicable laws

We do not sell or rent personal data to third parties.

3. Legal Bases for Processing (GDPR Compliance)

Where GDPR applies, we process personal data under the following legal bases:

  • Contract performance – to deliver memberships and services

  • Legitimate interest – to enhance the user experience and secure our platform

  • Consent – for optional communications, cookies, or marketing

  • Legal obligation – to comply with laws and regulations

4. Sharing Personal Information

We may share information with:

4.1 Service Providers

Trusted external partners who help us operate our business, including:

  • Payment processors (Stripe, PayPal, Shopify Payments, etc.)

  • Shipping and mailing providers

  • Customer support platforms

  • Cloud and hosting providers

  • AI service providers (for the companion chat)

These partners only receive data necessary to perform their services and are required to handle it securely.

4.2 Legal Requirements

We may disclose information if required by:

  • Court orders

  • Government authorities

  • Legal processes

  • To protect against fraud, abuse, or security threats

5. AI Companion Chat Data

The user’s interactions with the AI companion may be:

  • Logged for safety monitoring

  • Used to improve response quality

  • Stored securely

  • Not used for advertising or sold to third parties

The user should avoid sharing sensitive or private information in chat conversations.

6. Cookies & Tracking Technologies

We may use cookies and similar technologies to:

  • Maintain login sessions

  • Remember preferences

  • Analyse site traffic

  • Improve performance

  • Personalize user experience

The user may manage cookie preferences through the browser settings.

7. Data Retention

We retain personal data only as long as necessary to:

  • Provide services

  • Fulfil legal obligations

  • Resolve disputes

  • Enforce agreements

Membership and chat data may be retained for a reasonable period after cancellation unless deletion is requested.

8. Data Security

We implement reasonable physical, technical, and administrative safeguards to protect personal data from:

  • Unauthorized access

  • Disclosure

  • Loss

  • Alteration

  • Misuse

However, no system is 100% secure, and we cannot guarantee absolute protection.

9. International Transfers

If the user resides outside the United Kingdom or the European Union, the user’s information may be transferred and stored in other countries.
We ensure that any such transfers comply with applicable data protection laws.

10. User Rights (GDPR & UK GDPR)

Where applicable, the user has the right to:

  • Access personal data

  • Correct inaccurate information

  • Request deletion (“right to be forgotten”)

  • Restrict or object to processing

  • Request data portability

  • Withdraw consent (for consent-based activities)

Requests can be made by emailing:
📧 hello@grandheritage.co

11. Children’s Privacy

Our services are not intended for individuals under 16 years old.
We do not knowingly collect data from minors.
If such data is discovered, we will delete it promptly.

12. Links to Third-Party Sites

The Site may include external links.
We are not responsible for the privacy practices or content of third-party websites.

13. Changes to This Policy

We may update this Privacy Policy from time to time.
Updates take effect upon posting to the Site.
The user’s continued use of the Site signifies acceptance of the updated policy.

14. Contact Information

For privacy-related questions or requests, contact us at:

📧 hello@grandheritage.co