Groundrise Inc (“Groundrise,” “we,” “us,” or “our”) operates two products: Groundrise (the staff case management platform at groundrise.io) and Groundrise Connect (the client mobile app at connect.groundrise.io). This Privacy Policy explains how we collect, use, store, and protect information across both products. By using either product, you agree to the practices described in this policy.


Section 1

Who We Are

Groundrise Inc is a software-as-a-service (SaaS) company incorporated in the State of Delaware. We provide case management and client engagement technology to social service nonprofits and government agencies across the United States.

For all privacy-related inquiries, contact us at privacy@groundrise.io.

Section 2

Information We Collect

2.1 Information about clients (collected by client organizations and stored in Groundrise):

  • Full name
  • Email address
  • Phone number
  • Date of birth
  • Home address (street, city, state, zip)
  • Housing status and community assignment
  • Service logs and case notes entered by coordinators
  • Program enrollment history
  • SMS opt-in status
  • App usage and authentication data (login timestamps, session activity)
  • Language preference

2.2 Information about staff users (collected directly by Groundrise):

  • Full name
  • Work email address
  • Role and permission level (admin or coordinator)
  • Login activity and session data

Groundrise does not collect payment information. All billing is handled by our payment processor, which maintains its own privacy policy.

Section 3

How We Use Information

  • To provide, operate, and improve the Groundrise platform
  • To enable coordinators to manage client cases, service logs, and program enrollments
  • To send clients SMS notifications they have explicitly opted into via Groundrise Connect
  • To send transactional emails (invitations, password resets, notifications) via our email provider
  • To authenticate users and maintain session security
  • To detect and prevent unauthorized access or fraudulent activity
  • To generate aggregate, de-identified analytics about platform usage

We do not use client data for advertising, marketing, or any purpose unrelated to the delivery of the platform.

Section 4

SMS Messaging

Clients who use Groundrise Connect may receive SMS notifications from their coordinator via the Groundrise platform. SMS messages are only sent to clients who have explicitly opted in by enabling the “Receive SMS updates” toggle on their profile page in the Groundrise Connect app.

Clients may also opt in through two additional methods: (1) by texting JOIN or START to the Groundrise sender number, which automatically updates their opt-in status; or (2) through staff-assisted opt-in, where a coordinator enables SMS on behalf of a client during an in-person intake meeting after receiving verbal consent. Staff-assisted opt-ins require the coordinator to confirm the client’s verbal consent in the platform before the change is saved, and are recorded with a timestamp.

Clients may opt out of SMS at any time by:

  • Toggling off “Receive SMS updates” in the Groundrise Connect app
  • Replying STOP to any SMS message received from Groundrise

Message and data rates may apply. Message frequency varies based on coordinator activity. SMS messages are delivered via a third-party SMS delivery provider. Groundrise does not sell or share phone numbers with third parties for marketing purposes.

Section 5

How We Share Information

Groundrise does not sell, rent, or trade personal information to any third party.

We share information only with carefully vetted third-party service providers who process data on our behalf under strict data processing agreements. These providers handle functions including database infrastructure and data storage, SMS message delivery, transactional email delivery, and payment processing. All providers are prohibited from using data for any purpose other than providing services to Groundrise.

We may also disclose information when required by law, court order, or to protect the rights and safety of users or the public.

Section 6

Data Security

  • All data is encrypted in transit using TLS 1.2 or higher
  • All data is encrypted at rest using AES-256 encryption
  • Access to client records is controlled by role-based permissions — coordinators can only access clients assigned to their communities; admins can access all records within their organization
  • Authentication is handled via secure email/password login with encrypted session tokens
  • Infrastructure is hosted in the United States on SOC 2 Type II compliant cloud providers
  • Staff accounts are de-provisioned immediately upon termination
  • Security incidents are investigated and affected users are notified in accordance with applicable state breach notification laws

Section 7

Data Retention

Data Type Retention Period Notes
Active client recordsDuration of service + 7 yearsSubject to client organization's retention obligations
Inactive client records7 years from last activityArchived after 1 year of inactivity
Service logs and case notes7 years
Staff account data3 years after deactivation
SMS message logs3 years
Authentication and session logs90 days
Backups30-day rolling windowPoint-in-time recovery only

Upon contract termination, Groundrise will provide a complete data export to the client organization within 30 days. All client data is permanently deleted from production systems within 60 days of export confirmation.

Section 8

Your Rights

8.1 Clients

If you are a client using Groundrise Connect, your personal information is managed by the social service organization that enrolled you in the platform. To request access to, correction of, or deletion of your personal information, please contact your coordinator or organization directly. You may also contact us at privacy@groundrise.io and we will work with the appropriate organization to fulfill your request.

You have the right to opt out of SMS communications at any time by replying STOP or toggling off SMS in the app.

8.2 California Clients (CCPA)

If you are a California client, you have the following rights under the California Consumer Privacy Act (CCPA), as amended effective January 1, 2026:

  • The right to know what personal information is collected about you and how it is used
  • The right to request deletion of your personal information
  • The right to correct inaccurate personal information
  • The right to opt out of the sale or sharing of your personal information (note: Groundrise does not sell or share personal information)
  • The right to non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us at privacy@groundrise.io. We will respond to verified requests within 45 days.

8.3 Staff Users

Staff users may request access to or correction of their account information by contacting privacy@groundrise.io or through their organization's Groundrise administrator.

Section 9

Children's Privacy

Groundrise products are not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child's information has been entered into the platform without appropriate authorization, please contact us at privacy@groundrise.io.

Section 10

Changes to This Policy

Groundrise may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. We will post the updated policy at groundrise.io/privacy and update the “Last Updated” date. For material changes, we will notify client organizations via email at least 30 days before the change takes effect.

Section 11

Contact

Privacy inquiries, data requests, and opt-out requests:

privacy@groundrise.io