Privacy Policy
Last Updated: July 06, 2026
At GRAP Solutions, we prioritize the protection and security of our clients' data, our crowdsourcing partners' personal information, and any datasets ingested or processed within our operations. This Privacy Policy details the types of information we collect, how it is secured, and our compliance with global data protection frameworks like the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the European Union AI Act.
1. Information We Collect
We collect data necessary to provide high-precision AI training data annotation, transcreation, evaluation, and crowdsourced operations. The data collected falls into three categories:
- Client Information: Contact information, organization details, and payment/billing metadata collected when registering an account, requesting quotes, or executing service agreements.
- Contributor and Candidate Data: Full name, email address, payment routing details, language proficiencies, and geographical location supplied by individuals registering through our Sourcing Vendor Portal.
- Machine Learning Datasets: Raw audio, video, text, or image files uploaded to our secure platform for annotation or evaluation. We treat these datasets with strict confidentiality protocols.
2. Use of Ingested Datasets
Any datasets uploaded to the GRAP Solutions platform for annotation, transcription, or localization are used strictly for the fulfillment of client services. We implement strict VPC data isolation. Clients' raw training data is never used to train our internal models, nor is it shared, distributed, or commercialized to third parties. All raw and annotated files are governed by structured Service Level Agreements (SLAs) and Non-Disclosure Agreements (NDAs).
3. Automated Data Processing and PII Scrubbing
In accordance with GDPR compliance and data minimization principles, our managed platform runs automated PII (Personally Identifiable Information) scrubbing pipelines. Any identifiable customer data, credit card numbers, or social security details contained inside raw speech transcripts or image datasets are masked or removed before being dispatched to our human annotator queues.
4. Compliance with AI Regulations
GRAP Solutions is committed to the legal standards surrounding AI dataset creation:
- EU AI Act Training Data Compliance: We verify the legal provenance of all training datasets. We strictly respect "opt-out" requests from content publishers and only leverage training data with verified, ethically compliant lineage.
- Ethical Crowdsourcing Fair Pay: All contributors on our platform are fairly compensated. We do not participate in exploitative labor practices, ensuring transparent worker agreements.
5. Security & VPC Data Isolation
We maintain industry-standard physical, electronic, and administrative safeguards. Data in transit is encrypted using TLS 1.3, and data at rest is encrypted using AES-256. For clients handling highly sensitive or regulated datasets (such as clinical medical annotations), we deploy isolated VPC (Virtual Private Cloud) instances that limit data egress.
6. User Rights & Access Control
Under GDPR and CCPA, you are entitled to several rights concerning your personal information:
- The right to request access to and rectification of your personal data.
- The right to request deletion ("the right to be forgotten").
- The right to restrict or object to the processing of your data.
- The right to withdraw consent at any time.
7. Changes to This Privacy Policy
We may modify this policy periodically to align with changing regulatory guidelines or security updates. Significant modifications will be communicated via our website or by direct notification.