Privacy Policy

At Greytip Software Pvt. Ltd., our subsidiaries and affiliated companies (‘we’ or ‘us’ or ‘our’, "The Company", "Greytip", "greytHR", "Service", “Site”, “Product”), we collect and process personal information ("Personal Data", “Information”). We are committed to protecting your privacy. This Privacy Policy sets forth Greytip's policy concerning the Personal Data and other information that is collected from visitors ("you", "your", “visitor”) to the Site.

Please note that your use of the Site and any of our Services is subject to our Terms of Service which you may access at the homepage. Our Privacy Policy and Terms of Use are integral to your use of our Site. Your continued use of the Site will constitute your acceptance of the Terms of Service and this Privacy Policy.

Scope of the Privacy Policy

The Privacy Policy applies to individuals or entities, who are not “Customers” of Greytip (via subscribing to our services and have agreed to those applicable Terms of our Service for the subscription) and from whom Greytip has collected information. This applies to all information you provide to Us through the Site. From a GDPR (General Data Protection Regulation) perspective, we are the Controller of this data. That means, we collect the data and decide on how and why it is processed.

If you are a Customer of Greytip or an employee of a Customer of Greytip, then this Privacy Policy does not apply to you. Please review the Privacy Policy which is available on the application/site that you use.

If you have submitted information to any third parties through our Site and Service, the privacy policies of those third parties will govern how your data will be used.

Information that we Collect for our Purposes

When you interact with us through the Services, we may collect Personal Data and other information from you, as further described below:

Information you provide to us

When you interact with us through the Site or in any Greytip Events. We may collect Personal Data and other information from you. We generally collect two types of information—personally identifiable information (“PII”) and non-personally identifiable information (“Non-PII”).

Personal Data That You Provide: We collect personal data from you when you contact us with inquiries, respond to one of our surveys, register for access to the Site, Register for a Webinar, Refer your Contacts to us, Comment on our blogs or use certain Greytip Services.

Personal data that we collect may include: first and last name, company name, job title, work email address, phone number, physical address, username and password, unique identifiers account number or password and any other type of content which may be relevant to the specific context in which the information is collected.

You can choose at any time to not provide us this information, However, doing so may result in the subsequent hampering of all or a part of the Services.

When you apply for a position by uploading your Resume or filling up an application form, we may collect your contact information, such as name, email address, mailing address, phone number, links to your social profiles and any other information contained in the Resume that you submit to us.

We may provide you with an option to use our referral service to tell a friend about our Service. In such case, we will ask you for your colleagues’/friend’s name, organization, email address and telephone number.

Information we collect automatically

Cookies - When you visit Greytip, we send one or more cookies - a small file containing a string of characters - to your computer / mobile device that uniquely identifies your browser. We use cookies primarily for user authentication but may also use them to improve the quality of our service by storing user preferences and tracking user trends.

The data automatically collected from cookies and web beacons may include information from your Web browser (such as browser type and browser language) and details of your visits to our Website, including traffic data, location data and logs, page views, length of visit and website navigation paths as well as information about your computer and internet connection, including your IP address and how you interact with our Product. We use IP location services powered by ipinfo.io to help route your request to the right regional team. We collect and store this data to help us improve our Website, the Product and the user experience with our Website and Product.

On most web browsers, you will find a "help" section on the toolbar. Please refer to this section for information on how to receive notification when you are receiving a new cookie and how to turn cookies off. However, if you disable cookies, you may find this affects your ability to use certain parts of our Services. .

Log information - In addition to the above, when you access Greytip services, our servers automatically record and store information that a browser typically sends whenever you visit a website. These server logs may include information such as your web request, Internet Protocol address, browser type, browser language, browser settings, the date and time of your request, device model, the device identifier (or “UDID”), query logs, product usage logs, usage pattern through cookies and one or more cookies that may uniquely identify your browser. We also collect clicks, scrolls, conversion and drop-off on our Websites and Service.

Analytics Information - We and our third party partners use technologies such as web beacons / clear-gifs in administering the website, tracking users’ movements around the site, analyzing trends and gathering demographic information about our visitors. We may receive reports from these Partners on an individual and aggregated basis. For this purpose, we may also share anonymous data about your actions on our Websites with these third-party partners.

Single Sign-on service - You may have an option to access/register for our Services using sign-in services such as Google, LinkedIn, and Facebook Connect. These services will authenticate you and provide you the option to share certain Personal Data with us such as your name and email address. By authorizing us to connect with these sign-in services, you authorize us to access, and we may store your name, email address(es) and other information that they make available to us,

Information from third-party sources

Greytip may obtain personal information about you from third parties, including, but not limited to, marketing event organizers, partners, and resellers. This information, among other things, may include your first and last name, company name, job title, work email address, phone number and address. Greytip requires that any third party providing it with information has obtained the information lawfully and the third party has obtained the appropriate consent to share the information with Greytip. If we combine or associate information from other sources with Personal Data that we collect through the Service, we will treat the combined information as Personal Data in accordance with this Policy.

How we use your Information

Greytip takes your privacy very seriously. We will never sell, share or transfer your information to third parties without your permission. We will use the Personal Data in a manner that is consistent with this Policy.

If you provide Personal Data to obtain access to our Services, we will use your Personal Data to provide you with access to such services, process transactions, to answer your question or resolve your problem and to monitor your use of such services.

We may also use your Personal Data and other personally non-identifiable information collected through the Services to help us improve the content and functionality of the Services, to better understand our users, to improve our Services and develop new products, services, features, and functionality.

We may use your email address or other information to contact you for administrative purposes such as customer service, to address intellectual property infringement, privacy violations or defamation issues related to personal data posted on the Service.

If you have applied for a job and shared your information on the Application Form or through a Resume, we will use the Personal Data to evaluate your candidature for positions in Greytip now or at a later time. Unless we state otherwise, this Information may be kept in our database for a period of five years.

We may occasionally use this information to contact you and to tell you about services, updates, promotions, and events which we believe will be of interest to you.

If you have been referred by our Customer through our Referral service, then, subject to this Privacy Policy, we will use this Information, including without limitation, to (i) assess needs of your business to determine or suggest suitable Service (ii) send you promotional, and marketing communications and (iii) respond to your questions and concerns.

In all the cases when we send you a communication, we send you instructions enabling you to "opt-out" of receiving future communications. Also, if at any time you wish not to receive any calls, future communications or you wish to have your name deleted from our mailing lists, please contact us as indicated below and indicate to us to stop the communication. We will stop communicating with you.

Aggregated Personal Data: In an ongoing effort to better understand and serve our users, We may conduct research on our visitor demographics, interests and behaviour based on the Personal Data and other information provided to us. This research may be compiled and analyzed on an aggregate basis, and We may share this aggregate data with our affiliates, agents and business partners. This aggregate information does not identify you personally. We may also disclose aggregated user statistics to describe our services to current and prospective business partners, and to other third parties for other lawful purposes.

Legal Basis for Processing Personal Information

If you are a visitor from the European Economic Area (EEA), our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.

However, we will normally collect Personal Data from you only where we need the Personal Data to perform a contract with you, or where the processing is in our legitimate interests or rely upon your consent where we are legally required to do so and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person.

We use the legitimate interests’ legal basis for processing direct marketing mailers/phone calls and have identified that our interests are to provide you with high quality, best in industry, HR & Payroll automation systems to help you efficiently and effectively manage your HR & Payroll operations.

Data Security

We take privacy seriously and take robust and reasonable security assures to protect Personal data from unauthorized access, maintains data accuracy, prevent alteration, disclosure and help ensure the appropriate use of the data. The measures we take include:

• When the service is accessed using modern web browsers, Transport Layer Security ("TLS") technology protects customer data using both server authentication and data encryption. These technologies help ensure that the data is safe, secure and only available to the Users to whom the information belongs and those to whom the User has granted access.
• We implement an advanced security method based on dynamic data and encoded session identifications
• We host our websites in a secure server environment that use firewalls and other advanced technology to prevent interference or access from intruders.
• We encrypt the data at rest
• We restrict access to only authorized personnel through password and authentication processes.
• We offer enhanced security features within the service that permits customers to configure security settings to the level they deem necessary.

If we learn of a security systems breach, then we may attempt to notify you electronically through our Site or by email so that you can take appropriate protective steps.

Information Sharing

Greytip only shares personal information with other companies or individuals outside of Greytip in the following limited circumstances:

Related Entities: We may provide such information to our subsidiaries, affiliated companies for purposes consistent with this Privacy Policy. Third Parties (Sub-Processors): We may provide this information to other trusted businesses for the purpose of processing personal information on our behalf. Examples of these are functions including mailing information, maintaining databases, processing payments, hosting, analyzing data, maintenance and other services for us. When we employ such companies, we only provide them information that they need for their specific function and we require that these parties agree to process such information based on our instructions and in compliance with this Privacy Policy.

Legal Requirements: We may provide this information when we have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against imminent harm to the rights, property or safety of Greytip, its users or the public as required or permitted by law. Business Transfers: If Greytip becomes involved in a merger, acquisition, or any form of sale of some or all of its assets, then the Personal Data may become part of that transferred asset.

Unrestricted information: Any information that you voluntarily choose to include in a Public Area of the Service or share with us through any other means, will be considered as “Unsolicited Information." This information will be available to any User or Visitor who has access to that content and shall be deemed to be non-confidential and we shall be free to reproduce, use, disclose, and distribute such Unsolicited Information to others without limitation or attribution.

Links to Third Party site

Greytip’s websites contain hyperlinks to websites owned and operated by third parties. These third-party websites have their own privacy policies and we encourage you to review them. We do not accept any responsibility or liability for the privacy practices of such third-party websites and your use of such websites is at your own risk.

Age Restriction and Children’s Privacy Protection

Any visitor who provides information through the Site represents that they are 18 years of age or older. We do not knowingly collect information from anyone under the age of 18. Our Site and Service are not designed for users under 18. If you are under 18 years, please do not access or use this Site.

If you have reason to believe that a child under the age of 18 has provided Personal Data to Greytip through the Service, please contact us, and we will take appropriate steps to delete that information from our Service.

Accessing & Updating your Information- Rights Available to you

If you are an EEA resident, you have the right to know any personal information that we process about you and to request information on:

What personal data we hold about you The purposes of the processing How long we intend to store your personal data for The recipients to whom the personal data has/will be disclosed You can also request us to erase your personal data or to restrict processing in accordance with the applicable laws. You can object to any direct communication from us. Where applicable, can ask for data portability of your information and the right to be informed about any automated decision-making we may use.

If you believe that we hold any inaccurate or incomplete data about you, you can ask us to correct and/or complete the information and we will work to do so as quickly as feasible, If there is a valid reason for not doing this, we will notify you.

If you seek access to, or wish to correct, update, modify or delete Personal Data or want us to stop contacting you, please contact us at privacy@greytip.com. We may ask you to verify your identity before acting on the request. We respond to all requests we receive from individuals wishing to exercise their rights in accordance with applicable data protection laws.

Retention of Data

We will retain Customer Data as necessary to comply with our legal obligations, for litigation/defense purposes, maintain accurate financial and other records, resolve disputes and enforce our agreements.

Your Personal Data that we use for marketing purposes will be kept with us until you notify us that you no longer wish to receive any communication from us or you want us to remove your data from our records.

Changes to this Policy

Greytip regularly reviews its compliance with this Privacy Policy. We reserve the right to change or update the Privacy Policy at any time and will notify users of the Site by posting such changed or updated Privacy Policy on this page. Under certain circumstances, we may also elect to notify you of changes or updates to the Privacy Policy by additional means, such as by posting a notice on the homepage of the Site or by sending you an email.

Any changes or updates will be effective immediately upon posting to the Site and will be reflected by the Effective Date. Continued use of the Site following any changes shall indicate your acknowledgment of such changes and agreement to the Privacy Policy and any future revisions.

Ensuring data privacy and security with greytAI Co-pilot

When you hear about AI being integrated into greytHR, you may naturally wonder: "Is my company’s sensitive data secure?" With the launch of greytAI Co-pilot, we are introducing an intelligent, intuitive HR platform designed to help you work smarter. However, we understand that this innovation raises important questions about data privacy, especially around Personally Identifiable Information (PII).

We want to reassure you from the start: greytAI Co-pilot is built with privacy and security at its core. Our guiding principle is simple: Your data is yours. The greytAI Co-pilot operates exclusively within your greytHR environment, upholding your role-based permissions, and never uses your company’s or employees' data to train AI models for anyone else.

Key principles of data privacy in the greytAI Co-pilot

• Your data is never shared for training AI models outside your account.
• AI responses are grounded in your company’s greytHR data and user permissions.
• No public model dependency – your data is never processed on public platforms like OpenAI or Google.
• Access control is preserved – greytAI Co-pilot sees only what you're allowed to see.

Data usage by the greytAI Co-pilot

Your data is not used to train other models

The greytAI Co-pilot does not use your company data, employee records, or any PII to train AI models for other users. Your data stays private and securely stored within greytHR.

Grounded AI: Personalized to your greytHR account

The greytAI Co-pilot is built on a “grounded” AI framework. This means that when you ask a query (for example, “What is John Doe’s leave balance?”), the AI securely retrieves the relevant information from your own greytHR account, based on your access permissions. It then uses its language model to present the answer in a clear, conversational way.

Unlike generic AI tools, the greytAI Co-pilot doesn’t pull data from a shared or global training model. Think of it as a smart librarian—it doesn’t rewrite books from everyone’s collection; it simply finds the right book from your library and explains what’s inside.

Examples of what and how the Co-pilot accesses

greytAI Co-pilot processes only the data required to respond to your specific request—nothing more. Here’s how it works across different use cases:

• For AI Search: It uses your query (e.g., “add LOP days for [employee name] on [date]”) along with greytHR metadata to locate the correct report.

• For Co-pilot Actions: It processes your instruction (e.g., “approve all pending leaves for [date/month]”) and accesses only the necessary employee data to complete the task.

• For the AI Chatbot: It reads your question (e.g., “how to configure ESI settings”) and fetches the answer from our secure knowledge base and internal documentation.

In every case, they greytAI Co-pilot accesses only what’s needed to fulfill your request—within the boundaries of your greytHR permissions.

Security, Storage & Access

Fully Processed Within greytHR

All AI-related processing happens inside greytHR’s secure, encrypted systems. We do not send your data to third-party AI services or public cloud models. The entire AI stack is an in-house solution integrated directly with your greytHR platform.

Strict Role-Based Permissions

The greytAI Co-pilot adheres to your existing greytHR permissions model. This is a fundamental security feature.

• Permissions-Based Access: The AI will only provide information or execute actions that the specific user has been granted permission to. For example, a manager can only view and approve leave for their direct reports, and the Co-pilot will respect that same access boundary.
• No Unauthorized Access: greytHR employees and the AI model itself do not have unauthorized access to your PII. Our team follows strict security protocols, and access is granted only on a need-to-know basis and always with explicit permission.

Secure Storage of Chat History

greytAI Co-pilot stores your search and command history securely within your account. This is done to improve your experience over time. This history is not shared, and you can access or review it anytime.

Safeguards built into the greytAI Co-pilot

While the AI is highly accurate, it is not infallible. We have implemented several safeguards to prevent errors:

• Confirmation for Complex Actions: For any complex or critical action (e.g., "generate payslips for all new hires"), the Co-pilot will always ask for your confirmation before execution.
• Feedback Loop: You can provide feedback on any incorrect or unhelpful answer, which helps the system learn and improve.

Compliance and legal standards

greytAI Co-pilot adheres to the same high standards of compliance as the rest of greytHR. It aligns with major data privacy laws and frameworks, including:

• GDPR (General Data Protection Regulation)
• CCPA (California Consumer Privacy Act)
• DPDPA (India’s Digital Personal Data Protection Act)

Because all AI processing happens within your greytHR account and under your permissions, compliance is built-in by design.

Fairness and Non-Discrimination

greytAI Co-pilot is designed and operated to ensure fair, unbiased, and non-discriminatory behavior. The AI does not make autonomous decisions about employees, payroll, attendance, performance, or any sensitive HR data. All outputs are generated strictly based on user queries and existing system data, and the AI does not modify or infer information beyond what is already present in greytHR.

greytHR continuously monitors and improves AI behavior to avoid any form of discrimination based on gender, religion, caste, ethnicity, age, disability, or any protected attributes. Any action performed by the AI remains subject to user validation and follows the permissions configured by the customer.

AI Risk Classification Statement

The greytAI Co-pilot is classified as a Low-Risk AI System under widely accepted AI governance frameworks (including India’s Draft AI Guidelines, Singapore’s Model AI Governance Framework, and GCC AI Ethics principles). This classification is based on the following factors:

• No autonomous decision-making
• No predictions that affect employee rights or outcomes
• No biometric or sensitive attribute processing
• AI operates strictly within customer-authorized permissions
• All processing occurs within the greytHR environment
• Human-in-control and human-in-the-loop safeguards are implemented
• No cross-tenant or external model training occurs

As a low-risk system, greytAI Co-pilot is designed to augment user experience, not replace human judgment or create legal or financial impacts.

AI Incident Management and Reporting

greytHR maintains an internal mechanism to detect, log, and investigate AI-related incidents, including:

• Incorrect AI-generated responses
• Unintended access to data
• Execution of unintended actions
• System misuse or abuse
• Repeated user-reported inaccuracies

In the event of a reportable AI incident, greytHR will:

1. Immediately disable or restrict the affected AI feature (if required)
2. Investigate the root cause and implement corrective actions
3. Notify customers where required by applicable law
4. Document the incident and preventive actions in the internal compliance log
5. Incorporate feedback into continuous model improvement

Complex or high-impact actions performed by users always require manual confirmation to prevent accidental execution.

AI Model Lifecycle, Updates, and Version Control

greytAI Co-pilot follows a structured AI lifecycle management process, including:

• Version-controlled model releases
• Internal testing and quality assurance before deployment
• Evaluation for accuracy, safety, and permission alignment
• Regression testing of all AI actions
• No modification of customer data during testing
• Clear communication of significant feature changes through release notes

greytHR does not deploy AI updates that impact customer workflows without appropriate validation. All updates are aimed at improving reliability, accuracy, and user experience while maintaining robust privacy and security safeguards.

Cross-Border Data Processing and Storage

All AI-related processing, including query interpretation, context retrieval, and action execution, takes place exclusively within the greytHR cloud infrastructure located in the customer’s applicable region.

No AI-related data, prompts, employee information, or PII is transferred to third-party AI platforms, public LLMs, or external systems for processing or model training.

Customer data always remains within the greytHR security and compliance boundaries.

Auditability and System Logging

All AI actions such as searches, navigation triggers, and data retrievals are logged securely within the greytHR application.

These logs may include:

• Timestamp of the request
• User ID and permissions at the time of the request
• Action performed or content retrieved
• Whether user confirmation was required
• Outcome of the request

These logs help ensure transparency, traceability, and accountability, and can be used by customers during internal audits, compliance reviews, or incident analysis.

Human Oversight & Control

greytAI Co-pilot does not perform any irreversible or sensitive actions without explicit human confirmation. Users retain full control over:

• Execution or cancellation of suggested actions
• Editing or overriding AI-generated steps
• Reviewing AI-generated information before acting

This ensures compliance with global requirements for human oversight, controllability, and safe deployment of AI systems.

Responsible and Authorized Use

Users must ensure that greytAI features are used solely for legitimate HR, payroll, and compliance purposes. Users are responsible for ensuring:

• Queries do not request information beyond their authorized permissions
• AI suggestions are reviewed before execution
• Misuse is reported promptly through the support channel

greytHR reserves the right to temporarily disable AI features if misuse, security concerns, or policy violations are detected.

Frequently Asked Questions

How does greytAI Co-pilot ensure my company’s data is secure?

greytAI Co-pilot operates entirely within your greytHR environment, upholding your existing role-based permissions and never using your company’s or employees' data to train AI models for anyone else. All data is securely stored and processed within the greytHR platform, ensuring your data is kept private and safe.

Does the greytAI Co-pilot use our company’s data to train AI models for other users?

No. The greytAI Co-pilot does not use your company data, employee records, or any Personally Identifiable Information (PII) to train AI models for other users. Your data stays within your account and remains confidential.

If my data isn't used to train the model, how does the AI provide personalized answers?

The greytAI Co-pilot is built on a "grounded" AI framework. This means that when you ask a query (e.g., "What is John Doe’s leave balance?"), the AI securely retrieves the relevant, real-time information from your own greytHR account, based on your access permissions. It then uses its language model to clearly and conversationally present the answer.

How does greytAI Co-pilot access my company’s data?

Co-pilot accesses your data only when necessary to respond to a specific request. For example:

• AI Search: It retrieves relevant information (e.g., reports or records) based on your query.
• Co-pilot Actions: It processes your command (e.g., “approve all pending leaves”) and uses only the necessary employee data to complete the task.
• AI Chatbot: It accesses the secure knowledge base to provide accurate responses to your questions.

Is greytAI Co-pilot's data processing done outside of greytHR?

No. All AI-related processing happens within greytHR’s secure, encrypted systems. Your data is never sent to third-party AI services or public cloud platforms.

How does greytAI Co-pilot ensure that users only see data they are authorized to view?

The greytAI Co-pilot strictly adheres to your existing greytHR role-based permissions. This is a fundamental security feature. The AI will only provide information or execute actions that the specific user has been granted permission to. For instance, if a manager can only view leave for their direct reports, the Co-pilot will respect that same access boundary.

Can greytHR employees or the AI model access my PII without authorization?

No. greytHR’s employees and the AI model itself do not have unauthorized access to your PII. Our team follows strict security protocols, and access is granted only on a need-to-know basis, and always with explicit permission.

Is my chat and command history stored? If so, is it secure?

Yes, the greytAI Co-pilot stores your search and command history securely within your account to improve your experience over time. This history is not shared outside your account, and you can review it anytime.

What safeguards are in place to prevent the AI from making errors or executing a complex action incorrectly?

The greytAI Co-pilot includes several safeguards to ensure accuracy:

1. Confirmation for Complex Actions: For any complex or critical action (e.g., "generate payslips for all new hires"), the Co-pilot will always ask for your confirmation before execution.
2. Feedback Loop: You can provide feedback on any incorrect or unhelpful answer, which helps the system learn and improve within your secure environment.

Are there any hidden costs for using the greytAI Co-pilot?

No. greytAI Co-pilot is included as part of your greytHR platform. There are no additional charges for using it.

Is the greytAI Co-pilot compliant with data privacy laws?

Yes, greytAI Co-pilot adheres to the same high standards of compliance as the rest of greytHR. It aligns with major data privacy laws and frameworks, including:

• GDPR (General Data Protection Regulation)
• CCPA (California Consumer Privacy Act)
• DPDPA (India’s Digital Personal Data Protection Act)

Does greytAI Co-pilot make decisions about employees or HR data?

No. The Co-pilot does not make autonomous decisions about employees, payroll, attendance, performance, or other sensitive HR inputs. It only provides outputs based on your query and the data already available in your greytHR account.

Can the AI infer or guess information that is not in greytHR?

No. The Co-pilot does not modify, infer, or generate information beyond what exists in your greytHR data. It only retrieves and presents information you are authorized to access.

How does greytHR ensure the AI does not discriminate?

greytHR continuously monitors AI behaviour to prevent bias or discriminatory patterns related to gender, caste, religion, ethnicity, age, disability, or other protected attributes.

Are AI-assisted actions verified?

Yes. All actions remain subject to user validation and follow your configured permissions.

What is the risk category of greytAI Co-pilot?

greytAI Co-pilot is classified as a Low-Risk AI System under widely accepted AI governance frameworks. This classification is based on the following factors:

• No autonomous decision-making
• No predictions that affect employee rights or outcomes
• No biometric or sensitive attribute processing
• AI operates strictly within customer-authorized permissions
• All processing occurs within the greytHR environment
• Human-in-control and human-in-the-loop safeguards are implemented
• No cross-tenant or external model training occurs

Does greytAI replace HR judgment?

No. It is designed to assist users, not make legal, financial, or employment-related decisions.

How does greytHR detect AI-related issues?

greytHR has an internal mechanism that logs and investigates incidents such as incorrect responses, unintended data access, accidental actions, misuse, or repeated inaccuracies.

What happens if an AI incident occurs?

greytHR may:

• Temporarily disable or restrict affected features
• Investigate and fix the root cause
• Notify customers if required by law
• Log actions for compliance
• Apply improvements to prevent recurrence

Are high-impact actions protected?

Yes. Any complex action requires explicit user confirmation.

How are AI models tested before release?

Every model version undergoes internal testing, quality checks, regression testing, permission validation, and safety reviews.

Are customer workflows affected during updates?

No. Updates are released only after ensuring that customer workflows remain unaffected.

Are changes communicated?

Yes. Significant AI-related changes are shared through release notes.

Does greytAI send my data to external AI providers?

No. All AI processing happens inside the greytHR cloud infrastructure within your applicable region.

Is any employee or HR data transferred outside my region?

No. No prompts, PII, or HR data leaves the greytHR environment or goes to third-party AI platforms.

Are AI actions logged?

Yes. greytAI securely logs:

• Request timestamps
• User permissions
• Action details
• Whether confirmation was required
• Final outcomes

Can these logs help with audits?

Yes. They support compliance reviews, internal audits, and incident analysis.

Does greytAI perform actions automatically?

No. Irreversible or sensitive actions always require manual confirmation.

Can users override or edit what the AI suggests?

Yes. Users maintain complete control to review, edit, or cancel any AI-generated step.

What are users responsible for?

Users must ensure:

• Queries stay within their authorized permissions
• AI suggestions are reviewed before execution
• Misuse is reported promptly

Can greytHR disable AI features if needed?

Yes. greytHR may temporarily restrict features in case of misuse, security risks, or policy violations.

How to Contact Us

If you have any questions or complaints about this Privacy Policy or how we collect or process your personal information or would like us to modify, correct or erase any Personal Data or would like us to stop communicating with you, please contact us at privacy@greytip.com. You may also contact us by mail at

Privacy Matters c/o Greytip Software Pvt. Ltd. Grape Garden, #29 & 30, 17th Main, 6th Block Koramangala, Bangalore-560095. India