Request consultation
§ 00 / Policy

Privacy Policy.

What we collect, what we do with it, and what we never do.

Issuer
Grizzly Systems, Inc.
Entity
Delaware corporation
Office
Emigrant, Montana, USA
Version
1.0
Contact
privacy@grizzlysystems.io

§ 00 · At a glanceThe short version.

This Privacy Policy describes how Grizzly Systems, Inc. (“Grizzly Systems,” “we,” or “us”) collects, uses, shares, and protects information when you use the GrizCam Hardware, the GrizCam Desktop, GrizCam Portal, and GrizCam Mobile software (collectively, the “Services”), and visit our websites including grizcam.com and grizzlysystems.io. The full policy follows. Here is the short version.

  • Your data is yours. You own everything your GrizCam captures — every image, every audio clip, every sensor reading. We are your custodian, not your data broker.
  • We do not sell your data. We do not sell, rent, license, broker, syndicate, or share for cross-context behavioral advertising your raw images, video, audio, or sensor recordings. Ever.
  • We do not browse your data. Our personnel cannot freely view the contents of your recordings. Access is logged, role-restricted, and limited to a narrow set of necessary circumstances such as support you request, security incidents, or valid legal process.
  • We use your data to make GrizCam better — for you. Like Google Photos learning to recognize your dog, or Gmail learning to filter your spam, GrizCam learns from the events your cameras capture so that it detects what matters and ignores what doesn’t. The learning happens inside our AI models. The underlying recordings stay yours.
  • You can opt out of AI training. All customers — every tier — can disable AI training on their data through a setting in the app. Opting out doesn’t reduce features; it just removes your data from the training pipeline going forward.
  • We follow privacy law. Including the GDPR, the UK GDPR, the CCPA, and analogous U.S. state laws. If you are in Europe or California, you have additional rights described in Sections 11 and 12.

This policy is meant to be read. If something is unclear, email privacy@grizzlysystems.io. A human will respond.

§ 01 · Who we are

Grizzly Systems, Inc. is a Delaware corporation with its principal place of business in Emigrant, Montana, USA. We design and operate GrizCam — a multi-sensor monitoring system that combines 360-degree vision, directional audio, and environmental sensing to detect meaningful activity in remote landscapes. Our customers include private landowners, public agencies, conservation organizations, and operators of critical infrastructure.

This Privacy Policy applies to information we collect when you use our Services or visit our websites. It does not apply to third-party services that you may connect to GrizCam (those are governed by the privacy policies of those third parties).

If you have questions about this Policy or our privacy practices, contact our privacy team at privacy@grizzlysystems.io, or write to: Grizzly Systems, Inc., Attn: Privacy Office, PO Box 239, Emigrant, MT 59027, USA.

§ 02 · Information we collect

We collect three categories of information.

2.1 Information you give us.

This is information you provide directly when you create an account, configure a GrizCam, contact support, or otherwise interact with us:

  • Account information: name, email address, phone number, organization name, billing address, and account credentials.
  • Payment information: payment card details and billing history. Payment cards are processed by our payment processor and we do not store full card numbers on our systems.
  • Communication content: messages you send to support, survey responses, and content you submit through forms on our websites.
  • Camera configuration: the names, locations, and settings you assign to your GrizCam devices.

2.2 Information your GrizCam captures.

This is the data your GrizCam Hardware generates while operating. We call this “Customer Data” in our End User License Agreement, and we treat it as belonging to you. It includes:

  • Images, video, and infrared or thermal media captured by the device cameras.
  • Audio recordings and bioacoustic readings captured by the device microphones.
  • Sensor readings: GPS coordinates, radar returns, magnetometer readings, barometric pressure, humidity, temperature, ambient light, gas and air-quality readings, and similar environmental telemetry.
  • Detection events, alerts, and the classifications produced by our AI models on the device or in the cloud.
  • Any labels, annotations, comments, or notes you add to events.

Your GrizCam may incidentally capture information about other people (for example, a person walking through the camera’s field of view, or a voice within audio range). You are responsible for ensuring you have any required legal basis and notice for placing your camera where you do, and this Policy addresses how we handle that captured content when it reaches our Services.

2.3 Information we collect automatically.

When you use our Services we automatically collect operational and technical information:

  • Device telemetry: firmware version, sensor health, battery level, signal strength, error and crash reports, and similar diagnostic signals from your GrizCam Hardware.
  • Software telemetry: app version, operating system, browser type, IP address, session identifiers, and feature-usage signals from GrizCam Desktop, GrizCam Portal, and GrizCam Mobile.
  • Cookies and similar technologies on our websites and in the GrizCam Portal. See Section 6.

2.4 Information from third parties.

We may receive information about you from third parties, including: payment processors (confirmation of payment), identity verification providers (where applicable to enterprise sales), and integration partners you choose to connect (for example, a SCADA system or land-management platform).

§ 03 · How we use information

We use the information described in Section 2 for the following purposes:

3.1 To provide the Services.

This includes hosting and storing your Customer Data, generating alerts and detections, displaying events and recordings to you and your authorized users, sending notifications, providing customer support, and processing payments.

3.2 To secure the Services.

This includes investigating suspected fraud, abuse, or violations of our terms; detecting and mitigating security incidents; debugging errors; and complying with legal obligations.

3.3 To communicate with you.

This includes sending you transactional communications about your account, billing notices, security alerts, product updates, and (with your permission) marketing about features and offerings.

3.4 To improve our products and AI models.

This is the use that most readers want to understand. The next section is devoted to it.

§ 04 · How we use your data to improve GrizCam

4.1 Why this matters.

GrizCam is a machine-learning product. Its value comes from being able to look at a quarter-second of video, listen to a half-second of audio, and decide “this is a person” or “this is the wind in the grass” — accurately, on battery power, in the middle of nowhere. The way machine-learning products get better at that is by learning from real-world examples.

Most modern software you use already works this way. Google Photos learns to recognize the people in your library so you can search for them. Gmail learns from billions of messages to filter spam from your inbox. Your phone keyboard learns the words you type most often. In each case, the underlying content stays yours, but the system gets better at its job by learning patterns from it.

GrizCam is built on the same principle, applied to the field-monitoring domain. When your camera captures a bull elk crossing a fence line, our AI models can learn — at a statistical, pattern level — what bull elk crossing fence lines look like. That makes GrizCam more accurate the next time a bull elk crosses your fence line — and the next time anyone’s bull elk crosses anyone’s fence line.

The short way to think about it: your raw data stays yours. The patterns our AI learns from it become part of GrizCam itself, and benefit you and every other GrizCam customer in the form of better detection.

4.2 What we do with your data for AI training.

If you have not opted out (see Section 4.5), we use your Customer Data to:

  • Train and improve detection accuracy. Reduce false positives, reduce missed detections, and improve the speed and battery efficiency of detection on the device.
  • Develop new detection capabilities. Such as species identification, behavior prediction, environmental anomaly detection, and threat detection.
  • Validate and benchmark AI model performance. Including human-in-the-loop labeling on narrowly scoped, supervised samples under the access controls described in Section 4.4.
  • Refine the GrizCam Hardware. Using insights from real-world data to improve firmware, sensor calibration, edge inference, and power management.

4.3 What we do not do with your data.

These commitments apply regardless of whether you have opted out:

  • We do not sell your raw data. We do not sell, license, broker, syndicate, share for cross-context behavioral advertising, or otherwise distribute your raw images, video, audio, or sensor recordings to any third party.
  • We do not show your data to other customers. Other customers will never see your raw recordings through our Services, including through any cross-customer dataset, feed, or marketplace.
  • We do not use your data to identify specific individuals. We do not knowingly use Customer Data to perform face recognition, biometric identification, or persistent identification of specific individuals, except where you yourself have lawfully configured such functionality on your own captures.
  • We do not let our employees freely browse your recordings. See Section 4.4.

4.4 Human access to your data.

We have engineered our systems and our internal policies to keep our personnel out of your raw recordings. Specifically:

  • Routine review of raw Customer Data by Grizzly Systems personnel is prohibited.
  • Access by personnel is permitted only in the following narrow circumstances: (a) when you specifically request support involving your data; (b) when we are investigating a security incident or suspected abuse or violation of our terms; (c) when preparing a narrowly tailored, supervised sample for the purpose of validating model performance or training pipelines, under written confidentiality and access-logging controls; or (d) when complying with valid legal process.
  • All such access is logged, role-restricted, and time-limited.
  • The AI training itself is performed by automated systems on our infrastructure, not by humans browsing your folders.

The practical effect: training our AI on your data does not mean our engineers are watching your camera feeds. It means a machine-learning system is updating its weights based on patterns in the data, then moving on. The data is not made available to humans in the loop except under the controls above.

4.5 How to opt out of AI training.

You can opt out of having your Customer Data used for AI training at any time:

  1. In the GrizCam Portal, GrizCam Desktop, or GrizCam Mobile, navigate to Settings → Privacy → Exclude My Data From AI Training, and toggle it on; or
  2. Send a written request to privacy@grizzlysystems.io with the email address associated with your account.

Opt-out is available to every customer regardless of plan or tier. Opting out does not reduce the features available to you, does not increase your price, and does not affect the alerts you receive or the storage of your data. It simply removes new data captured by your devices from the AI training pipeline going forward.

Opt-out takes effect for Customer Data ingested after the opt-out is processed (typically within thirty (30) days). Opting out does not require us to retroactively delete or retrain AI models, aggregated data, or derived data that already incorporated your Customer Data before the opt-out took effect. The information already learned, in the form of model patterns and weights, is not your raw data and does not identify you — but you should know that opting out cannot “un-learn” what has been learned from your data already.

4.6 Aggregated and derived data.

We may create aggregated, anonymized, or de-identified data from Customer Data — including statistical insights, benchmarks, model weights, embeddings, and feature representations. This aggregated and derived data does not identify you or your land, and we may use, license, publish, and commercialize it without restriction. Aggregated and derived data is not Customer Data.

§ 05 · When we share information

We share information only in the limited circumstances described below. We do not sell Personal Data or Customer Data.

5.1 Service providers.

We use third-party service providers (also called “sub-processors” under European law) to operate the Services. These include cloud hosting providers, content-delivery networks, payment processors, customer-support tooling, analytics providers, and similar vendors. We require service providers to handle information on our behalf under written contracts that include confidentiality and data-protection obligations consistent with this Policy. A current list of sub-processors is available at grizcam.com/sub-processors, or by emailing privacy@grizzlysystems.io.

5.2 Authorized users on your account.

If your Subscription includes multiple seats, the other authorized users you invite will be able to access Customer Data within your account. You control who has access.

5.3 Legal compliance and safety.

We may disclose information when we have a good-faith belief that doing so is necessary to: (a) comply with a valid legal process, court order, or lawful government request; (b) enforce our terms; (c) detect, prevent, or address fraud, security, or technical issues; or (d) protect the rights, property, or safety of Grizzly Systems, our customers, or the public. When permitted by law, we will give you notice before responding to a request involving your account.

5.4 Business transfers.

If Grizzly Systems is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of company assets, information may be transferred to a successor in interest, subject to the commitments in this Policy.

5.5 With your consent.

We may share information for other purposes with your consent or at your direction (for example, when you choose to share a detection event with a third party from within the Portal).

§ 06 · Cookies and similar technologies

Our websites and the GrizCam Portal use cookies and similar technologies (such as local storage and pixel tags) to operate the site, remember your preferences, secure your session, measure usage, and (where applicable and consented) deliver marketing. We use:

  • Strictly necessary cookies to authenticate you, secure your session, and deliver core features. These cannot be disabled.
  • Functional cookies to remember your preferences (such as theme and language).
  • Analytics cookies to understand how our Services are used, so we can improve them. On our marketing websites this includes Google Analytics 4 (anonymized IP, aggregate page views and sessions) and Microsoft Clarity (heatmaps and anonymized session recordings of interactions on the page; form input is masked by default and is not recorded). Both load only after you accept analytics cookies on the consent banner.
  • Marketing cookies only on our marketing websites, only where consented under applicable law.

You can manage cookies through your browser settings or through any cookie banner we present. Blocking some cookies may affect the functionality of the Services. The GrizCam Portal does not include third-party advertising cookies.

§ 07 · How long we keep information

We retain information for as long as needed to provide the Services and for the additional periods described below.

  • Account information: for as long as your account is active, and for a reasonable wind-down period after you close it.
  • Customer Data (recordings, sensor data, events): according to the data-retention period applicable to your Subscription, which you can configure within limits set by your plan. After expiration, we delete Customer Data from our active systems, though copies may remain in routine back-ups for a period before being overwritten.
  • Telemetry and operational logs: typically thirteen (13) months, longer where required for security or legal purposes.
  • Billing records: as required by applicable tax and accounting law (typically seven (7) years in the United States).
  • Aggregated and de-identified data: indefinitely, since it does not identify you.

If you delete your account, we will delete or de-identify your Customer Data in accordance with the schedule above, subject to any legal-hold obligations. Information already learned by our AI models, in the form of model weights and patterns, is not Customer Data and is not deleted by account deletion.

§ 08 · Security

We maintain an information security program with administrative, technical, and physical safeguards designed to protect information against unauthorized access, use, disclosure, alteration, and destruction. Our program includes:

  • Encryption of Customer Data in transit and at rest using industry-standard cryptography.
  • Access controls that restrict employee access to a need-to-know basis, with logging and periodic review.
  • Network segmentation, intrusion detection, and vulnerability management.
  • Secure software development practices, code review, and periodic penetration testing.
  • Vendor risk management for our sub-processors.
  • Incident response procedures, including notification of affected customers and regulators where required by law.

No security program is perfect. If you believe your account has been compromised, contact security@grizzlysystems.io immediately.

§ 09 · Children

Our Services are not directed to children under sixteen (16) years of age, and we do not knowingly collect Personal Data from children under sixteen. If you believe a child has provided us with Personal Data, contact privacy@grizzlysystems.io and we will take steps to delete it.

§ 10 · International data transfers

Grizzly Systems is based in the United States, and we process information in the United States and in other countries where our service providers operate. If you are located outside the United States, your information will be transferred to, stored in, and processed in the United States and other countries that may not provide the same level of data-protection law as your home country.

For transfers of Personal Data out of the European Economic Area, the United Kingdom, or Switzerland, we rely on the European Commission’s Standard Contractual Clauses (and the UK International Data Transfer Addendum and the Swiss FADP addendum, as applicable). Our Data Processing Addendum (DPA), available at grizcam.com/dpa, sets out the legal mechanisms in detail.

§ 11 · European privacy rights (GDPR / UK GDPR / Swiss FADP)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights with respect to your Personal Data:

  • Right of access: to obtain confirmation of whether we process Personal Data about you and a copy of that data.
  • Right to rectification: to have inaccurate Personal Data corrected.
  • Right to erasure: to have your Personal Data deleted in certain circumstances.
  • Right to restriction: to have processing restricted in certain circumstances.
  • Right to data portability: to receive your Personal Data in a structured, machine-readable format and to have it transmitted to another controller.
  • Right to object: to processing based on legitimate interests, and to processing for direct-marketing purposes.
  • Right to withdraw consent: where processing is based on consent.
  • Right to lodge a complaint with a data protection authority in the country of your habitual residence, place of work, or alleged infringement.

11.1 Legal bases.

We process Personal Data on the following legal bases under the GDPR: (a) performance of a contract with you (to provide the Services); (b) legitimate interests (to secure the Services, improve our products, develop AI models, and communicate with you, balanced against your interests and rights); (c) consent (for certain marketing communications and certain cookies); and (d) compliance with legal obligations.

11.2 Controller and contact.

For consumer-facing use of the Services, Grizzly Systems, Inc. is the controller of your Personal Data. For B2B use of the Services where you are a business customer processing Personal Data of third parties through GrizCam, the parties’ relationship is governed by the DPA, and you act as the controller and we as the processor (or sub-processor). Our privacy contact is privacy@grizzlysystems.io. We have not appointed an EU/UK representative as of the date of this Policy; if and when we do, the appointment will be reflected here.

11.3 Exercising your rights.

To exercise any of these rights, email privacy@grizzlysystems.io with enough information for us to verify your identity. We will respond within one (1) month, extendable by two (2) further months for complex requests. There is generally no charge.

§ 12 · California privacy rights (CCPA / CPRA)

12.1 Categories collected.

In the past twelve (12) months, we have collected the following categories of Personal Information (as defined by the CCPA): identifiers (such as name, email, IP address); commercial information (such as billing records); internet or other network activity (such as cookie and usage information); geolocation data (from your GrizCam devices and, where applicable, our mobile app); audio and visual information (Customer Data); professional or employment-related information (for enterprise sales); and inferences drawn from the above. Sensitive Personal Information may include precise geolocation data from your GrizCam devices.

12.2 Sources.

We collect this information directly from you, automatically from your use of the Services, from your GrizCam devices, and from third parties such as payment processors and integration partners.

12.3 Purposes.

We collect this information for the business purposes described in Sections 3 and 4 of this Policy.

12.4 Disclosures.

In the past twelve (12) months, we have disclosed Personal Information to the categories of recipients described in Section 5: service providers; authorized users on your account; legal and safety recipients; and business-transfer recipients.

12.5 No sale or sharing.

We do not sell Personal Information or Customer Data, and we do not share Personal Information for cross-context behavioral advertising, as those terms are defined under the CCPA. We do not have actual knowledge that we sell or share the Personal Information of consumers under sixteen (16) years of age.

12.6 Your rights.

If you are a California resident, you have the following rights:

  • Right to know what Personal Information we collect, use, disclose, and (if applicable) sell or share.
  • Right to delete Personal Information we have collected from you, subject to certain exceptions.
  • Right to correct inaccurate Personal Information we hold about you.
  • Right to opt out of the sale or sharing of Personal Information (not applicable, as we do not do either).
  • Right to limit the use and disclosure of Sensitive Personal Information.
  • Right to non-discrimination for exercising any of the above rights.

To exercise these rights, email privacy@grizzlysystems.io. We will verify your identity using information already on file with us. You may also designate an authorized agent to make a request on your behalf.

§ 13 · Other U.S. state privacy rights

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and certain other U.S. states have rights similar to those described in Section 12, including rights to access, correct, delete, and obtain a portable copy of their Personal Data, and to opt out of targeted advertising, sale of Personal Data, and certain profiling. We do not engage in the sale of Personal Data, targeted advertising involving cross-site data, or solely automated decision-making with legal or similarly significant effects on consumers. To exercise rights under your state’s law, email privacy@grizzlysystems.io.

Montana residents, including residents of Yellowstone County where we are headquartered, are entitled to the rights set forth in the Montana Consumer Data Privacy Act.

§ 14 · Automated decision-making and profiling

Our AI models make automated decisions about what your GrizCam captures — for example, classifying a movement as “vehicle” versus “animal” versus “wind in grass” and deciding whether to send you an alert. These decisions are integral to how the Services work and you direct them when you configure your alert preferences. We do not use Personal Data to make solely automated decisions that produce legal or similarly significant effects on you (such as denying you a Service or differential pricing based on profiling).

§ 15 · Third-party links and integrations

Our Services may contain links to, and integrations with, third-party websites, services, and platforms (such as land-management software, communication systems, and government deployment platforms). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy notices before sharing information with them.

§ 16 · Changes to this policy

We may update this Privacy Policy from time to time. If we make a material change, we will notify you through the Services or by email, and will identify the effective date of the change. The current version is always posted at grizcam.com/privacy with the “Last Updated” date at the top. Your continued use of the Services after the effective date of an updated Policy constitutes your acceptance of the changes.

§ 17 · How to contact us

For privacy questions, requests, or concerns:

Entity
Grizzly Systems, Inc.
Privacy
privacy@grizzlysystems.io
Security
security@grizzlysystems.io
Legal
legal@grizzlysystems.io
Web
grizcam.com/privacy
Mail
Grizzly Systems, Inc., Attn: Privacy Office, PO Box 239, Emigrant, MT 59027, USA
© Grizzly Systems, Inc. · All rights reserved.