This Privacy Policy describes how Granola Consulting (“Granola”, “we”, “us”) processes personal data when you use HoneyGold, our hosted performance-intelligence product. Granola is established in the Republic of Ireland. This policy should be read with our Terms of Service.
1. Roles: controller and processor
Granola is the data controller for account, billing, onboarding, support, and website data relating to HoneyGold customers.
For Customer data you upload or process in your dedicated HoneyGold environment (for example, dashboard metadata, user accounts you create, query definitions, and connection settings to your warehouses), Granola generally acts as a data processor on your instructions. You are responsible for providing any required notices to your users and for the lawfulness of processing in your organisation. A data processing agreement (DPA) is available on request for business customers.
2. Personal data we collect
Depending on how you interact with HoneyGold, we may process:
- Account and onboarding data: organisation name, address, contact name, email, phone, job title, plan selection, and consent records;
- Billing data: invoicing contacts, payment status, and transaction references (payment card data is handled by our payment provider, not stored by us);
- Service usage data: login timestamps, IP address, browser type, audit logs, and operational telemetry needed to run and secure the service;
- Support communications: content of emails or tickets you send to us;
- Customer data in your tenant: as configured by you, which may include personal data about your employees or end users.
We do not intentionally collect special categories of personal data through HoneyGold unless you configure the service to process them; if you do, you must ensure an appropriate legal basis and safeguards.
3. How we use personal data and legal bases (GDPR)
Where EU/EEA/UK GDPR applies, we rely on the following bases:
- Contract — to provide HoneyGold, provision your environment, and administer your subscription;
- Legitimate interests — to secure the platform, prevent abuse, improve reliability, and communicate service-related updates (balanced against your rights);
- Legal obligation — for tax, accounting, and regulatory requirements;
- Consent — where you opt in (for example, accepting these policies during onboarding or optional marketing, if offered).
4. Hosting and subprocessors
HoneyGold hosted tiers are deployed to Amazon Web Services (AWS) infrastructure. Your dedicated stack typically includes network, compute (for example ECS Fargate), and a PostgreSQL database for application metadata in the region selected at provisioning.
We use additional subprocessors for purposes such as email delivery, monitoring, and support tooling. A current subprocessor list is available on request at [email protected].
5. International transfers
If personal data is transferred outside the EEA/UK, we use appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms, unless a valid derogation applies.
6. Retention
We retain controller data for as long as your account is active and for a reasonable period thereafter for legal, tax, and dispute resolution purposes. Provisioning job records and consent versions are retained in line with our onboarding audit requirements.
Customer data in your tenant is retained according to your configuration and deleted or returned after termination of the service, subject to backup cycles and legal holds.
7. Security
We apply measures such as encryption in transit, access controls, least-privilege administration, and logging. No method of transmission or storage is 100% secure; you must protect your credentials and connected systems.
8. Your rights
If you are in the EU/EEA/UK (or another jurisdiction with similar rights), you may have the right to access, rectify, erase, restrict, object, and port personal data we control about you, and to withdraw consent where processing is consent-based. You may lodge a complaint with the Irish Data Protection Commission or your local supervisory authority.
For requests relating to data we process as your processor, contact your organisation’s administrator; we will assist you as required by our DPA.
Contact: [email protected].
9. Cookies and similar technologies
The HoneyGold application and the Granola Consulting marketing site may use cookies or local storage for session management, security, and preferences.
Essential storage. We may store your cookie consent choice in your browser (local storage) so we do not ask again on every visit.
Analytics (optional). If you choose Accept analytics on www.granolaconsulting.com, we use Google Analytics 4 (Google Ireland Limited / Google LLC) to collect aggregated usage data (for example pages viewed and approximate location). Google may set cookies such as _ga. We enable Google Consent Mode and do not load analytics tags until you accept. You can withdraw consent by clearing site data for this domain or using your browser controls.
You can control cookies through your browser settings. For more about Google’s processing, see Google’s Privacy Policy.
10. Children
HoneyGold is a business service not directed at children under 16. We do not knowingly collect personal data from children.
11. Changes to this policy
We may update this Privacy Policy from time to time. We will post the new version with an updated effective date and, where required, notify account holders of material changes.
12. Contact us
Granola Consulting
Dogpatch Labs, The CHQ Building, Custom House Quay, Dublin, Ireland
Email: [email protected]