🎁 $200 GiveawayΒ·Tip anyone Mar 5–20 for a chance to winΒ·Join Now β†’

Privacy Policy

Grove Redefines Our Very Existence Inc.
Privacy Policy Last Modified: January 26, 2026

We, at Grove Redefines Our Very Existence Inc., a Delaware Corporation (Grove Redefines Our Very Existence Inc., "Grove", "we," "us," or "our"), recognize the importance of protecting the privacy of personally identifiable information ("Personal Information" or "PII") collected about you and other visitors (collectively, "Users"). This Policy applies to the PII collected through the Grove website, which includes www.grove.city, its subdomains (including app.grove.city and api.grove.city), the Grove browser extension, and all of the websites and internet properties owned or operated by us, regardless of the medium by which Grove's services are accessed by Users (e.g., via a web or mobile browser, or browser extension) (collectively, the "Service").

We are committed to ensuring that your privacy is protected. To that end, this Privacy Policy ("Policy") discloses our practices regarding the collection, use, and disclosure of the PII we receive through Users' use of the Service. Unless otherwise expressly agreed to in writing, your Personal Information will be processed according to the terms of this Policy. By using the Service, you accept the terms of this Policy.

This Policy is also drafted to comply with the California Consumer Privacy Act ("CCPA") (as amended by the California Privacy Rights Act ("CPRA")) and emerging United States ("US") privacy laws, including the Virginia Consumer Data Protection Act ("VCDPA"). In addition, this Policy is applicable to data subjects within jurisdictions outside of the U.S., including but not limited to, the European Economic Area and the United Kingdom (collectively, the "EEA"). Therefore, this Policy is drafted to comply with the E.U. General Data Protection Regulation (EU) 2016/679 and the U.K. GDPR (collectively, the "GDPR"). Users of the Service are under no statutory or contractual obligation, or other obligation to provide PII to us. For the purposes of compliance with the GDPR, we are the data controller of information we collect from data subjects through the Service. For the purposes of this Policy, "data subject" means an identified or identifiable natural person located in the EEA.

Information We Collect

We are the sole owner of information collected on the Service. We collect several types of information from and about Users of the Service, including:

Personal Information: We may collect PII (i.e., "personal data" under the GDPR) from you when you complete forms, navigate web pages, and in connection with other activities, services, features, or resources we make available on the Service. PII means any information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. PII does not include publicly available information from government records, deidentified or aggregate information, or information excluded from the scope of the CCPA. We may collect Sensitive PII about you.

The types of PII we have collected, used, stored, and disclosed in the last twelve (12) months include the following categories of information:

Types of Information β€” Used Where

  • Blockchain Wallet Address β€” App, Browser Extension, API (required to create a tipping account)
  • X (Twitter) Account Information β€” Browser Extension (optional, for auto-like and auto-reply features)
  • Email Address β€” App (authentication via OTP), Marketing Pages, Waitlist
  • Phone/SMS Number β€” App (authentication via OTP)
  • Account Handle/Username β€” App (user-chosen display name, 4–15 characters)
  • Linked Identity Records β€” App (associations between your email, phone number, wallet addresses, ENS/Base names, and account handle)
  • Referral Code and Referral Data β€” App (unique referral code, referral link, count of referred users)
  • Social Media Usernames and Profile URLs β€” App, Browser Extension (displayed in transaction history when tips are sent or received via supported platforms including X/Twitter, Substack, and SoundCloud)
  • Cryptographic Signatures β€” App (wallet linking verification signatures and signed messages stored for audit purposes)
  • IP Address β€” Collected during fiat onramp sessions and transmitted to Coinbase for payment processing

We do NOT collect browsing history. Transaction history (tips sent and received, deposits) is retrieved from public blockchain networks and is not stored on our servers beyond what is necessary for displaying your account activity.

Deidentified Information: We may collect deidentified information from you and aggregate information that may not by itself reasonably identify you as the source when you navigate the Service ("Deidentified Information"). Deidentified Information may include: (i) device type, (ii) device operating system, (iii) internet browser type, (iv) internet service provider, (v) referring/exit pages, (vi) date/time stamp, and (vii) clickstream information. We will take reasonable measures to ensure that Deidentified Information we collect is not personally identifiable and may not later be easily used to identify you as required by applicable law. We publicly commit to maintain and use the information in deidentified form and not to attempt to reidentify the information, except that we may attempt to reidentify the information solely for the purpose of determining whether its deidentification processes satisfy the requirements of this subdivision.

Children's Information: We do not offer our services or promote the Service to, nor do we intentionally collect or retain PII from, children who are younger than 18 years of age. If we discover that we have inadvertently collected information from a child under 18 years of age, we will promptly take all reasonable measures to delete such information from our systems.

How We Collect Information

The information we collect depends on what Users do when they visit or utilize the Service. We collect PII and Deidentified Information in various ways, including:

Directly from You: We collect PII when you voluntarily submit PII to us while completing forms on the Service and in connection with other activities, services, features, or resources we make available on the Service. The PII we collect depends on what you do when you visit or utilize the Service or how you choose to communicate with us.

Through Your Use of the Service: We may collect PII and Deidentified Information that your browser transmits when you visit the Service. We may also collect Deidentified Information about how you access and interact with the Service through the use of automated tracking technologies, such as session cookies, persistent cookies, and web beacons.

A cookie is a small data file that is transferred to an internet browser, which enables the Service to remember and customize your subsequent visits. We may use session cookies to make it easier for you to navigate the Service. In particular, we may use session cookies to record session information, such as which web pages you visited and to track your activity on the Service. Session cookies expire when you close your browser. We may also use persistent cookies to track and target your interests to enhance your experience on the Service. Persistent cookies remain on your device for an extended period of time. Additionally, we may use web beacons, which are single-pixel, electronic images embedded in the Service that allow us to gather information about your browsing activities on the Service.

Most internet browsers automatically accept cookies. However, you can instruct your internet browser to block cookies or to provide you with a warning prompt before you accept cookies from the Service. Please refer to your internet browser's instructions to learn more about these functions. If you reject cookies, the functionality of the Service may be limited and you may not be able to participate in several of the Service's features.

From Third Party Services

We may collect PII about you from third parties whose privacy practices may differ from the practices described in this Policy. The third-party services we integrate with include:

  • Coinbase Developer Platform (CDP) β€” We use Coinbase's Server Wallet infrastructure to create and manage tipping wallets. Coinbase holds the private keys to these wallets; Grove never sees or stores private keys. Grove has API access to request transfers on your behalf. We also use CDP for email and SMS OTP-based authentication. CDP analytics are explicitly disabled in our integration.
  • x402 Payment Protocol (Coinbase) β€” We use the x402 payment authorization protocol to facilitate USDC deposits into your tipping wallet. This involves EIP-712 typed data signatures for payment authorization. Transaction data (chain, wallet address, amount) is transmitted during this process.
  • Coinbase Onramp β€” We use Coinbase's fiat onramp service to allow users to purchase cryptocurrency using credit/debit cards or ACH bank transfers. Your IP address is collected and transmitted to Coinbase during the onramp session. Coinbase handles all identity verification (KYC/AML) and payment processing; Grove does not see or store your payment card details or KYC documents.
  • X (Twitter) Developer Platform β€” If you connect your X account, we use X's official API for OAuth authentication and optional features like auto-liking and auto-replying to tipped posts.
  • Alchemy and Pocket Network β€” We use RPC endpoints from these providers to interact with blockchain networks.
  • TwitterAPI.io β€” We may use this service to fetch public profile information for address resolution.
  • Substack API β€” We may use the Substack API to fetch public author profile information, including display names and bios, for the purpose of resolving tipping addresses.
  • ENS and Web3 Name Services β€” We use services like web3.bio and ENS resolution services to resolve blockchain names (e.g., .eth, .base.eth) to wallet addresses.
  • Public Blockchain Networks β€” We interact with public blockchain networks (such as Base and Solana) to execute transactions and retrieve transaction history.

We do not make any representations or warranties concerning, and will not in any way be liable for, any informational content, products, services, software, or other materials available through third parties. Your use of third parties' services and/or third party websites is governed by and subject to the terms and conditions of those third parties and/or third party websites. We encourage you to carefully review the privacy policies and statements of such third parties and/or third party websites.

Grove Services

Grove operates multiple services, each with different data collection practices:

Grove Tipping Service (grove.city, app.grove.city)

The Grove tipping service enables users to send cryptocurrency tips to content creators on social platforms (currently X/Twitter, Substack, and SoundCloud, with additional platforms to be added over time). When you use this service:

  • We collect your blockchain wallet address to create a tipping account.
  • We use Coinbase's Server Wallet infrastructure to create a custodial tipping wallet on your behalf. Coinbase holds the private keys; Grove never has access to private keys.
  • We may collect your email address and/or phone number for authentication via one-time password (OTP) verification through the Coinbase Developer Platform.
  • You may link multiple identities to your account, including email addresses, phone numbers, external wallet addresses, ENS/Base names, and a user-chosen account handle. Some identities may be marked as "protected" and cannot be removed while your account is active. Your account requires at least one linked identity at all times for security and account integrity purposes.
  • Transaction history (deposits and tips) is retrieved from public blockchain networks and displayed with contextual information including sender and recipient usernames, social media profile URLs, and the source platform (X/Twitter, Substack, SoundCloud, or other supported platforms).
  • If you connect your X (Twitter) account, we store OAuth tokens to enable auto-like and auto-reply features.
  • We generate a unique referral code for your account and track the number of users who join via your referral link. Referral data is stored on our servers and displayed in your account profile.
  • We may collect publicly available profile information (display names, bios) from supported social platforms (X/Twitter, Substack, SoundCloud) to extract cryptocurrency wallet addresses for tipping recipient resolution. This data may be cached temporarily.
  • We store cryptographic signatures and signed messages generated during wallet linking for audit and verification purposes.
  • If you use the fiat onramp to purchase cryptocurrency, your IP address is collected and transmitted to Coinbase for session binding and fraud prevention. Coinbase handles all KYC/AML verification and payment processing; Grove does not store your payment card details or identity documents.

Grove Browser Extension

The Grove browser extension enables tipping directly on supported social platforms (currently X/Twitter, Substack, and SoundCloud) and on any website that publishes tipping metadata. The extension:

  • Stores your authentication token, email or phone number (if using CDP authentication), wallet addresses, and tipping preferences locally in browser extension storage.
  • Runs content scripts on supported platforms (X/Twitter, Substack, SoundCloud) to display tip buttons and resolve recipient addresses by reading page content, bios, and profile metadata.
  • Runs content scripts on all other websites to detect and read public metadata files (llms.txt, ai.txt, JSON-LD) for generic tipping address resolution.
  • Fetches publicly available profile information (such as bios and display names) from supported platforms to extract cryptocurrency addresses for tipping recipient resolution. This data may be cached locally for a short period to improve performance.
  • If you connect your X (Twitter) account via OAuth, the extension may automatically like and/or reply to posts you tip, using customizable reply templates. OAuth tokens are stored in browser extension storage.
  • Supports email and SMS authentication via the Coinbase Developer Platform (CDP). Your email or phone number is transmitted to CDP for OTP verification and stored locally in extension storage.
  • Does NOT collect or transmit browsing history.

How We Use Information

We may use Users' PII for lawful business purposes: (i) as necessary for the performance of our contract with Users, (ii) for our legitimate interests, so long as they are not overridden by Users' own rights and interests, or (iii) as required by law. These purposes include:

  • Delivery of the Services
  • We may use your PII to deliver our services to you through the Service.

Monitoring Sales and Marketing

We may use your PII to send marketing and promotional materials related to the Service that may interest you. You have the right to opt-out of receiving direct marketing.

Customer Service and User Communications

We may use your PII to help us respond to your inquiries, questions, requests, and support needs more efficiently.

User Experience Personalization

We may use Users' PII and/or Deidentified Information in the aggregate to analyze Users' browsing and usage activities and patterns in order to understand Users' interests and preferences with respect to the Service and our services. This will help us optimize your experience on the Service.

Business Optimization

We may use your PII and/or Deidentified Information to improve the content on our web pages, to customize the content and layout of our web pages, and in managing our everyday business needs. We may also use your feedback to improve the Service and develop new services. All of this is done with the intention of making the Service more useful for you.

Safety and Security

We may use your PII and/or Deidentified Information to promote the safety and security of the Service, our users, and other parties. For example, we may use the information to authenticate users, facilitate secure payments, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies.

We will not collect additional categories of PII or use PII we collected for materially different, unrelated, or incompatible purposes without providing you notice.

How We Disclose Information

We may disclose Users' PII to third parties for a business purpose as described below. Otherwise, we do not sell, rent, lease, or "share" PII, and will not disclose Users' PII to third parties without your permission. The CCPA defines "sharing" as the disclosure of PII for cross-context behavioral advertising.

To Our Affiliates

We may disclose your PII to affiliates, including companies within Grove.

To Service Providers

We may disclose your PII to third party service providers that assist us in providing user support, communicating with Users, and promoting our services, as well as third party service providers that provide other services to us relating to our services and/or the Service.

Law Enforcement, Safety, and Legal Processes: We may disclose your PII to law enforcement or other government officials if it relates to a criminal investigation or alleged criminal activity. We may also disclose your PII: (i) if required or permitted to do so by law; (ii) for fraud protection and credit risk reduction purposes; (iii) in the good-faith belief that such action is necessary to protect our rights, interests, or property; (iv) in the good-faith belief that such action is necessary to protect your safety or the safety of others; or (v) to comply with a judicial proceeding, court order, subpoena, or other similar legal or administrative process.

Sale or Acquisition of Assets: If we become involved in a transaction involving the sale of our assets, such as a merger or acquisition, or if we are transferred to another company, we may disclose and/or transfer your PII as part of the transaction. If the surviving entity in that transaction is not us, the surviving company may use your PII pursuant to its own privacy policies, and those policies may be different from this Policy.

Type of Information Disclosed

In the last twelve (12) months, we have disclosed the following categories of PII to third parties for a lawful business purpose:

Identifiers (including email addresses, phone numbers, and wallet addresses β€” disclosed to Coinbase Developer Platform for authentication and wallet management); Internet or Other Similar Network Activities (including IP addresses β€” disclosed to Coinbase Onramp for fraud prevention and session binding); Financial Information (including transaction amounts and wallet addresses β€” disclosed to blockchain networks and RPC providers for transaction execution); and Geolocation Data.

Security

The security and confidentiality of your PII is very important to us. We use commercially reasonable security measures to protect your PII on the Service. However, no data transmitted over or accessible through the internet can be guaranteed to be 100% secure. As a result, while we attempt to protect your PII, we cannot guarantee or warrant that your PII will be completely secure (i) from misappropriation by hackers or from other nefarious or criminal activities, or (ii) in the event of a failure of computer hardware, software, or a telecommunications networks.

Application Logging: Our servers maintain application logs for debugging, security monitoring, and fraud prevention purposes. These logs may contain account identifiers, transaction metadata, and error diagnostics. PII in logs is masked or truncated where technically feasible. Log data is access-restricted to authorized personnel only and is retained for a reasonable period necessary for the purposes described above.

Data Retention

We will retain Users' PII (including Sensitive PII, where applicable) to the extent necessary to provide the services through the Service. Thereafter, we will keep PII for as long as reasonably necessary: (i) to respond to any queries from Users; (ii) to demonstrate we treated Users fairly; (iii) for ordinary business continuity procedures; or (iv) to comply with any applicable laws. We delete PII within a reasonable period after we no longer need the information for the purposes set out in this Policy.

Identity Management and Account Deletion: Your Grove account may have multiple linked identities (email, phone number, wallet addresses, ENS names). Certain identities used for primary authentication may be designated as "protected" and cannot be individually removed while your account remains active. Your account requires at least one linked identity at all times for security and account integrity purposes. To exercise your right to erasure and have all PII deleted, you may request full account deletion by contacting us at legal@grove.city. Please note that blockchain transaction records are immutable and cannot be deleted from public blockchains, though we will remove any associated PII from our own systems upon request.

GDPR Data Subject Rights

If you are a data subject located in the EEA, the GDPR grants you certain data privacy rights. Your rights include the:

  • Right to Access: You have the right to request a copy of your PII.
  • Right to Rectification: You have the right to request that we correct any mistakes in your PII.
  • Right to Erasure: You have the right to request that we delete your PII.
  • Right to Restrict Processing: You have the right to restrict processing of your PII.
  • Right to Object to Processing: You have the right to object to our processing of your PII.
  • Right to Data Portability: You have the right to receive your PII in a structured, commonly used and machine-readable format.
  • Right to Not be Subject to Automated Individual Decision Making: You have the right not to be subject to a decision based solely on automated processing.

To exercise your rights, please use the Verifiable Consumer Request method described below. Please be aware that your rights are limited to the extent permitted by applicable law.

CCPA, VCDPA, and US State-based Resident Rights

Many US jurisdictions have enacted their own comprehensive data privacy laws that include detailed consumer rights. If you are a California or Virginia resident, the CCPA and VCDPA grant you certain data privacy rights. Your rights include the:

Right to Access: You have the right to request a copy of the specific pieces of PII that we have collected about you in the previous twelve (12) months. The information will be delivered by mail or electronically. Upon receipt of a Verifiable Consumer Request, we will disclose: The categories of PII we have collected about you;The categories of sources from which PII is collected;Our business purpose for collecting PII;The categories of third parties with whom we share PII, if any; andThe specific pieces of PII we have collected about you.Right to Data Portability: You have the right to receive your PII in a portable, readily usable format that allows you to transmit your information to another entity without hindrance. Right to Correct Inaccurate Information: You have the right to request that we correct inaccurate information about you that we maintain.Right to Deletion: You have the right request that we delete your PII. Right to Be Free from Discrimination: You have the right to not be discriminated against by us for exercising any of your rights under the CCPA and VCDPA. Unless permitted by the CCPA and VCDPA, we will not: Deny goods or services to you;Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;Provide a different level or quality of goods or services to you; orSuggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.To exercise your rights, please use the Verifiable Consumer Request method described below. Please be aware that your rights (including those enumerated elsewhere in this Policy) are limited to the extent permitted by applicable law.

Additional California Privacy Rights

California's "Shine the Light" law permits Users of the Service that are California residents to request certain information regarding our disclosure of PII to third parties for their direct marketing purposes. To make such a request, please contact us at the Contact Information provided below.

Verifiable Consumer Requests

You can exercise your legal rights by submitting a Verifiable Consumer Request to us by emailing us at legal@grove.city.

Only you, or someone legally authorized to act on your behalf, may make a Verifiable Consumer Request related to your PII. Making a Verifiable Consumer Request does not require you to create an account with us. You may only make a Verifiable Consumer Request for access to PII twice in a 12-month period.

The Verifiable Consumer Request must:

Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; andDescribe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.We cannot respond to your request or provide you with PII if we cannot verify your identity or authority to make the request and confirm the PII relates to you. We will only use PII provided in a Verifiable Consumer Request to verify the requestor's identity or authority to make the request.

Response Timing and Format

We will acknowledge receipt of a Verifiable Consumer Request within ten (10) days. We endeavor to respond to Verifiable Consumer Requests within thirty (30) days (for data subjects located in the EEA) or forty-five (45) days (for California residents) of its receipt. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding the Verifiable Consumer Request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

We do not charge a fee to process or respond to Verifiable Consumer Requests, unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Withdraw Consent

Generally, we do not process PII based on consent. However, in the event we do, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on said consent before its withdrawal. If you would like to withdraw your consent, please contact us at the Contact Information provided below.

Cross Border Data Transfer

To deliver the services through the Service, it may be necessary for us to share data subjects' PII outside the EAA or your country of residence. We may share data subject PII with our affiliates and services providers located in the United States. In the event we transfer PII outside the EEA or your country of residence, we will take commercially reasonable measures to ensure the transfer complies with applicable data protection laws and PII is securely transferred. Our standard practice is to use standard contractual clauses approved by the European Commission, the UK Information Commissioner's Office, and other relevant data protection authorities to facilitate such data transfers. If you have any questions about our data transfer practices, please contact us at the Contact Information provided below.

Do Not Track Disclosure

Some internet browsers may transmit "do-not-track" signals to websites with which the browser communicates. The Service does not currently respond to these "do-not-track" signals.

SPAM

We do not participate in bulk email solicitations that you have not consented to receiving (i.e., "Spam"). We do not sell or disclose customer lists or email address lists to unrelated third parties. Except as otherwise provided herein, we do not share PII with any third party advertisers.

Third Party Links

The Service may contain links to other websites or applications ("Linked Sites") that are not owned by us. We do not control the collection or use of any information, including PII, which occurs while you visit Linked Sites. Therefore, we make no representations or warranties for β€”and will not in any way be liable forβ€”any content, products, services, software, or other materials available on Linked Sites, even if one or more pages of the Linked Service are framed within a page of the Service.

Furthermore, we make no representations or warranties about the privacy policies or practices of the Linked Sites, and we are not responsible for the privacy practices of those Linked Sites. We encourage you to be aware of when you leave the Service and read the privacy policies of Linked Sites.

Modifications

We reserve the right to update this Policy from time-to-time in our sole discretion. If our privacy practices change materially in the future, we will post an updated version of the privacy policy to the Service. It is your responsibility to review this Policy for any changes each time you use the Service. We will not lessen your rights under this Policy without your explicit consent. If you do not agree with the changes made, we will honor any opt-out requests made after the Effective Date of a new privacy policy.

Accessing, Updating, and Controlling Information

For those users who are not an EEA data subject or California resident, if you ever wish to access, update, change, delete, opt-out of us sharing, or otherwise control your PII, you may do so by contacting us at the Contact Information provided below. To help us process your request, please provide sufficient information to allow us to identify you in our records. We reserve the right to ask for additional information verifying your identity prior to disclosing any PII to you. Should we ask for verification, the information you provide will be used only for verification purposes, and all copies of the information will be destroyed when the process is complete.

If you wish to opt-out of receiving update messages and/or direct marketing communications from us, you may opt-out by (i) following any instructions included in the communication; or (ii) contacting us at the Contact Information provided below. Please be aware that although you may opt-out of update messages and/or direct marketing communications, we reserve the right to email you administrative notices regarding the Service, as permitted under the CAN-SPAM Act.

We will make commercially reasonable efforts to respond to opt-out requests and handle requests to access, update, change, or delete PII without unreasonable delay and in any event within thirty (30) days of receipt of a Users' request. Where circumstances require, we may extend the reply period to forty-five (45) days. Please be aware that requests may be limited to the extent permitted by applicable law, including the GDPR.

File a Complaint

If you would like to file a complaint with us about our privacy practices, please contact us at the Contact Information provided below. If you are a data subject located in the EEA, the GDPR grants you the right to lodge a complaint with a competent supervisory authority as well. To find a competent supervisory authority, please use the following resource: https://edpb.europa.eu/about-edpb/board/members_en. UK data subjects can utilize the following resource: https://ico.org.uk/global/contact-us/.

If you have questions about this Policy or wish to contact us with questions or comments, please contact us at:

Attn Grove Redefines Our Very Existence Inc.
802 E. Whiting St.
Tampa, FL 33602

legal@grove.city

This Policy was last modified as of the effective date printed above. This version of the privacy policy replaces and supersedes any prior privacy policies applicable to the Service.