Operated by Shodash Labs™ Inc
Last updated: April 22, 2026
Shodash Labs™ Inc ("Company," "we," "us," or "our") operates Grishya™, a community platform where creators build and manage private communities ("Platform"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Platform.
By using the Platform, you consent to the practices described in this Privacy Policy.
Grishya is a platform where creators ("Community Owners" or "Owners") build and manage private communities. Community Owners manage their community's members, content, and offerings. Users who join a community become Members of that community. The Platform acts as a technology facilitator and does not determine or control the independent data processing practices of Community Owners, except to the extent required by law.
The Platform enables interaction between Community Owners and Members through community content, discussions, and offerings.
The Platform acts as a facilitator of community engagement and does not itself determine the content, methodology, or outcomes of any community's offerings.
While each Community Owner controls their community's membership, content, and offerings, Grishya retains access to all content and data hosted on the Platform for the purpose of operating and improving platform-wide features and services.
Grishya is designed to enable creators to build and manage private communities where Members can connect, interact, and engage with content and with one another. The Platform enables Community Owners to create and offer content and offerings within their communities.
Members may participate in these offerings, or engage directly with the community through content and collaborative activities. The Platform provides a secure and organized digital environment to support these interactions, allowing Members and Community Owners to share insights, ask questions, and collaborate around shared interests.
As a facilitator, the Platform provides the tools and infrastructure for community engagement, but does not determine or control the content, methodology, or outcomes of any community's offerings, which remain under the sole responsibility of the Community Owners.
The primary purpose of processing Personal Data through the Platform is to enable the delivery, administration, and continuous improvement of services. This includes creating and managing user accounts; facilitating membership, participation in community activities and offerings; enabling communication between Members and Community Owners; processing subscriptions, payments, and refunds; providing technical and customer support; and ensuring secure access to Platform features.
Personal Data and community content are also processed to operate and improve platform-wide features and services. This processing maintains the integrity, security, and reliability of the Platform, including monitoring system performance, preventing fraud or misuse, detecting unauthorized access, and complying with applicable legal, regulatory, and contractual obligations. Limited technical and usage data may be used for analytics and platform optimization to improve user experience and service quality, without engaging in intrusive profiling or automated decision-making that produces legal or similarly significant effects on Users.
We process Personal Data only to the extent reasonably necessary to fulfill these purposes, and strictly in accordance with User consent, contractual necessity, legitimate business interests, and applicable data protection laws.
By using the Platform or Services and/or by providing your information, you consent to the collection and use of the information you disclose on the Platform in accordance with this Privacy Policy, including but not limited to your consent for sharing or using your information as described herein.
Our processing activities rely on lawful bases such as contractual necessity, consent, and compliance with legal obligations. Users must provide explicit consent before uploading any data that may contain personal information. Consent is captured electronically through our interfaces, and Users retain the right to withdraw it at any time.
Consent provided by Users shall be freely given, specific, informed, and unambiguous, and may be withdrawn at any time in accordance with applicable laws. Where Users provide data that includes personal information, consent will be recorded electronically and retained for audit purposes.
If you disclose any personal information relating to other people to us, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.
You may consent to providing your email address for the purpose of receiving marketing emails from us. While you may unsubscribe at any time, we cannot recall any email we have already sent. If you have any further enquiries about how to withdraw your consent, please contact us using the details provided in the Contact Us section.
We collect, process, and retain the following categories of information as necessary to deliver our Services (collectively referred to as "Personal Data" or "Data"):
The Platform is not directed toward children below the age at which valid consent for data processing may be provided under applicable law. We do not knowingly collect or process Personal Data of minors without verifiable consent from a parent or legal guardian, where such consent is required.
Where we become aware that Personal Data of a minor has been collected without appropriate consent, we will take reasonable steps to delete such data or suspend processing until lawful consent is obtained. Access to certain services or content may be restricted where age-based consent requirements cannot be satisfied.
We maintain strict administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of all data processed through the Platform. Security measures include:
We do not sell, process, or rent personal or organizational data. In the unlikely event of a Personal Data breach, we will notify the relevant supervisory authority and affected Users, where required by law, within the timelines prescribed under applicable data protection laws.
We implement security controls consistent with globally recognized standards. Users are responsible for maintaining security of their access credentials and systems used to connect with the Platform.
We engage only with secure cloud infrastructure as sub-processors for hosting, storage, and system operations. All third-party service providers are contractually bound to maintain appropriate security measures and process data only in accordance with our instructions and applicable data protection laws.
Third-Party AI Services. The Platform uses third-party artificial intelligence services to process community content for platform operations, including content moderation, discovery, and service improvement. By using the Platform, Community Owners and Members consent to their content being processed by these services. Content shared with third-party AI service providers is subject to those providers' own data handling and privacy policies. Grishya selects providers whose policies are consistent with our commitment to data protection, but does not control third-party data practices beyond contractual terms.
Google Calendar Integration. Users may optionally connect their Google Calendar account to sync events created on Grishya to their personal Google Calendar. When connected, we access your Google Calendar events (read and write) and your Google account email address. We use this data solely to: (i) create, update, and remove Grishya events on your Google Calendar, and (ii) identify your connected Google account. Your Google OAuth tokens (access and refresh tokens) are stored securely in our database and are used only for the purposes described above. We do not share your Google Calendar data with any third parties. You may disconnect your Google Calendar at any time from your account settings, which will revoke our access.
This Privacy Policy governs the collection, use, and processing of Personal Data across the Platform, including within all communities hosted on it. Community Owners operate under Grishya's policies and are bound by the following obligations regarding Member data and content:
All data processing within communities hosted on the Platform is subject to this Privacy Policy. Community Owners are not independent data controllers for data processed through Platform features, tools, or infrastructure. Community Owners are not employees, agents, joint ventures, or representatives of the Platform.
Grishya reserves the right to suspend or terminate any community or Community Owner account that violates these obligations, Grishya's Terms of Service, or applicable law, without prior notice. Grishya may also report violations to relevant authorities where required or permitted by law.
We collect Personal Data in digital or other forms to perform our business activities and render our services. We collect only the minimum data necessary for the stated purposes and ensure that no excessive, irrelevant, or unnecessary personal data is collected. The following explains the types of data we collect and the legal basis on which this data is processed:
We may use Personal Data for the following purposes:
The Platform uses automated tools for content moderation (e.g., image safety review via third-party services) and content indexing for search and recommendations. These tools support platform operations and do not produce legal effects or similarly significant consequences for Users, including decisions relating to access to services, pricing, eligibility, or contractual rights.
Content flagged by automated moderation systems may be restricted pending manual review. Users are notified when content is rejected and may contact support for further review.
Automated tools and algorithms used by us are limited to supporting platform functionality, content safety, content organization, and service optimization, and operate with appropriate human oversight. Such tools are not used to infer sensitive characteristics, beliefs, or personal attributes of Users.
We retain Personal Data only for as long as is reasonably necessary to fulfil the purposes for which it was collected, including the provision of community services, operation of the Platform, compliance with legal and regulatory obligations, resolution of disputes, and enforcement of applicable agreements.
Personal Data associated with active User accounts is generally retained for the duration of the User's relationship with the Platform. Upon deletion or deactivation of an account, Personal Data is securely deleted or anonymized within a reasonable period, unless continued retention is required or permitted under applicable law, including for compliance with statutory, accounting, tax, or regulatory obligations.
Certain categories of data, such as transaction records, consent logs, and audit trails, may be retained for longer periods where required by law or necessary to establish, exercise, or defend legal claims. Technical logs and usage data are retained for limited periods and are periodically reviewed and deleted or anonymized when no longer required for security, analytics, or operational purposes.
Where Personal Data is retained beyond active use, we ensure that such data is subject to appropriate safeguards and access restrictions. Anonymized or aggregated data that does not identify individuals may be retained for analytical, research, or service improvement purposes.
We take reasonable steps to ensure that Personal Data processed is accurate, complete, and up to date, having regard to the purposes for which it is processed. Users are responsible for ensuring that the information they provide is accurate and for promptly notifying us of any changes or inaccuracies.
Where Personal Data is found to be inaccurate or incomplete, we will take reasonable steps to correct or update such data upon request or when otherwise required by applicable law.
We may share your Personal Data only where necessary to provide our Services, to comply with applicable law, or to protect the security and integrity of our systems. We do not sell or share your Personal Data for marketing, profiling, or cross-context behavioral advertising. We follow a strict principle of limited disclosure, ensuring that any sharing of Data is lawful, proportionate, and consistent with the purposes described in this Privacy Policy.
Grishya operates and processes personal data primarily in the United States (us-east). Where personal data originating from the EEA, UK, or other regions with data transfer laws is transferred outside those regions, we implement appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms.
Personal Data is handled in accordance with the Australian Privacy Principles, including requirements relating to cross-border disclosure. Grishya takes reasonable steps, including contractual and security safeguards (such as data processing agreements where applicable), to ensure that overseas recipients of Personal Data handle such data in a manner consistent with Australian privacy obligations.
Users have rights to know, access, correct, and delete Personal Data, and to opt out of the sale or sharing of Personal Data, as defined under applicable law. Grishya does not currently sell or share Personal Data for cross-context behavioural advertising purposes.
Personal Data is collected, used, and disclosed with meaningful consent and in accordance with PIPEDA. Grishya remains accountable for Personal Data transferred to third parties for processing and ensures appropriate contractual and security safeguards are in place.
Processing of Personal Data is carried out on a lawful basis under the GDPR. EU Users have rights including access, rectification, erasure, restriction, portability, and objection. Transfers of Personal Data outside the European Economic Area are subject to appropriate safeguards as required under the GDPR.
Personal Data is processed in accordance with the UK GDPR and the Data Protection Act 2018. UK Users have the right to lodge complaints with the Information Commissioner's Office (ICO), and international data transfers are subject to appropriate safeguards under UK law.
As a User you have specific rights regarding the Personal Data being processed by us. We respect and uphold these rights, ensuring that you maintain control over your Personal Data:
To exercise these rights, please contact us at [email protected]
Users have the right to be informed, in a clear and accessible manner, about how their Personal Data is collected, used, shared, retained, and protected by Grishya. This Privacy Policy, together with any notices provided at the time of data collection, constitutes our fulfilment of this obligation.
A cookie is a small piece of information stored by a web server on a web browser so that it can be later read from that browser. Cookies are useful for enabling the browser to remember information specific to a given User. This is done to recognize your device during future visits to our Platform, primarily to provide a better user experience.
We use essential cookies to enable website functionality and security. Non-essential cookies (e.g., for analytics) are used only with explicit User consent. Users can control cookie preferences through browser settings or consent banners.
We reserve the right, at our sole discretion, to change, modify, add, remove, or impose restrictions on features or services or any portion of this Privacy Policy in whole or in part, at any time. However, our commitment to protecting Users' privacy will remain our main emphasis. Changes in this Privacy Policy will be effective when they are updated on the Platform. You are requested to keep checking the Privacy Policy from time to time for any changes made. Your continued use of the Platform after any changes are posted will be considered acceptance of those changes. Material changes to this Privacy Policy will be communicated to Users via a prominent notice on our Platform prior to their effective date.
If you choose not to provide your Personal Data, which is mandatory to process your request or provide Services, we may not be able to provide the corresponding experience.
If you have any questions, concerns, or requests relating to this Privacy Policy or any of our data protection practices, please contact us:
Email: [email protected]