Last updated: 2026-05-22

PRIVACY POLICY

This Privacy Policy (the "Policy") sets out and explains how we process your personal data.

Your personal data controller is AI Innovations, legal entity code 306732572, which can be contacted by email at control@grei.ai, or by post at Dariaus ir Girėno g. 42A, Vilnius (hereinafter referred to as the "Data Controller", "we", "our", or "us").

The Data Controller operates the website www.grei.ai (the "Website").

I. General Provisions

  1. This Policy applies to all persons visiting the Website, and the terms set forth herein apply each time you use our services, regardless of the device used (computer, mobile phone, tablet, etc.).
  2. By using our services and continuing to browse the Website, you confirm that you have read this Policy and understand the purposes, methods, and procedures for the processing of your personal data described herein.
  3. When processing your personal data, we ensure compliance with the following key principles:
3.1 Lawfulness, fairness, and transparency

We process personal data lawfully, fairly, and transparently.

3.2 Purpose limitation

Personal data is collected for specified, explicit, and legitimate purposes and is not further processed in a manner incompatible with those purposes.

3.3 Further processing

Further processing for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes shall not be considered incompatible with the original purposes.

3.4 Data minimization

Personal data must be adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

3.5 Accuracy

We take reasonable steps to ensure personal data is accurate and updated where necessary within a reasonable time after any changes occur.

3.6 Rectification and erasure

We take all reasonable measures to ensure inaccurate personal data is erased or corrected without delay.

3.7 Storage limitation

Personal data is stored in a form permitting identification of data subjects for no longer than necessary for the purposes for which it is processed.

3.8 Extended retention

Personal data may be stored for longer periods where processed solely for archiving in the public interest, scientific or historical research, or statistical purposes, subject to appropriate technical and organizational safeguards.

3.9 Integrity and confidentiality

Personal data is processed in a manner ensuring appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

3.10 Accountability

We are responsible for compliance with the principles listed above and must be able to demonstrate such compliance.

  1. This Policy has been prepared in accordance with:
  • Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation – GDPR);
  • the Law on Legal Protection of Personal Data of the Republic of Lithuania; and
  • other applicable legal acts of the European Union and the Republic of Lithuania.

II. Definitions

  1. The following definitions are used in this Policy:
5.1 Personal Data

Any information relating to an identified or identifiable natural person.

5.2 Processing

Any operation or set of operations performed on personal data, whether by automated or non-automated means, including collection, recording, organization, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.

5.3 Cookie

A small text file stored by the Website www.grei.ai on your device.

5.4 Device

Any device capable of accessing the Website, including a computer, mobile phone, or tablet.

5.5 Other definitions

Other terms are understood as defined in the GDPR, the Law on Legal Protection of Personal Data of the Republic of Lithuania, and other applicable legal acts regulating personal data processing and protection.

III. Purposes and Legal Bases for Processing Personal Data

  1. We process your personal data for the following purposes:
    1. To create your account on the Website;
    2. To provide our services to you;
    3. To process your requests for an initial consultation;
    4. To perform internal data analytics, identify Website usage trends, and improve Website accessibility and usability.
  2. We process your personal data on the following legal bases:
    1. Your consent (Article 6(1)(a) GDPR);
    2. Our legitimate interests (Article 6(1)(f) GDPR).

IV. Methods of Processing Personal Data

  1. We process your personal data on the Website by:
    1. Creating your account on the Website;
    2. Providing our services when you use the Website;
    3. Processing your consultation requests submitted through the consultation booking page;
    4. Storing cookies on your device when you visit the Website.
  2. The Website contains links to external websites, including our:

We are not responsible for personal data processing practices on third-party websites. We recommend reviewing the privacy policy of each website you visit.

V. Website Registration and Service Provision

  1. To use our services, you must enter into a service agreement with us and create an account on the Website. To create an account, you must provide:
  • your first name;
  • surname; and
  • email address.

Based on this information, we create your account and provide login credentials.

  1. You may modify, supplement, or delete your account at any time. To delete your account, contact us in writing by email at control@grei.ai.
  2. Once logged into your account, you may access and use our services directly. To use our services, you must provide login credentials for your video surveillance cameras.

To properly provide services, we may access personal data captured by your surveillance cameras, including:

  • video footage within the monitored area;
  • facial images of individuals;
  • location and movement of individuals within monitored premises or territories;
  • information relating to individuals’ property and behavior; and
  • analytics generated by artificial intelligence agents.
  1. Video surveillance data will be analyzed and recorded using domain-specific artificial intelligence agents selected by you. Access to analytics data will be available through the dashboard on the Website.
  2. The Website uses the following technical infrastructure:
  • cloud-native infrastructure based on AWS and GCP cloud services;
  • TLS-encrypted communications;
  • AWS-managed storage services (S3, RDS);
  • encryption of data at rest;
  • segregated application networks;
  • authentication based on AWS Cognito and OAuth2.
  1. By using our services, you undertake to properly fulfill your legal obligation to inform data subjects and provide all information required under Article 13(1) and (2) GDPR regarding your video surveillance activities.

We are not responsible for your compliance with legal obligations related to informing individuals about video surveillance conducted on your premises or territory.

  1. We do not process your financial data for payment processing purposes.
  2. Payment terms are specified in the service agreement.
  3. Personal data required for account creation and data contained in the service agreement is stored until the termination of the agreement and fulfillment of all mutual obligations.

Thereafter, such data is retained for the period established by applicable Lithuanian archival regulations and stored on AWS / Google Cloud infrastructure located within the European Union (EU) / European Economic Area (EEA). After the retention period expires, the data is manually deleted.

  1. Retention periods for video recordings and analytics generated from such recordings depend on the individually agreed data retention plan specified in the service agreement or its appendices.

Such data is processed only for as long as necessary to achieve the purposes for which it is processed. We engage only those data processors (sub-processors) that guarantee appropriate technical and organizational safeguards.

These data are stored on cloud platforms located within the EU/EEA. Upon termination or expiration of the agreement, the data is destroyed within 10 business days using deletion algorithms ensuring irrecoverability.

  1. We process this personal data to ensure proper and effective performance of contractual obligations.

VI. Initial Consultation Requests

  1. To register for a short initial consultation, you may submit a request through the dedicated section of the Website:
    Consultation booking page.
  1. To register for a consultation, you must provide:
  • your first name;
  • surname; and
  • email address.
  1. We process this personal data based on our legitimate interests in responding efficiently to inquiries and providing consultations regarding our services.
  2. Personal data submitted through inquiry forms is retained for 2 years from the submission date and then manually deleted.
  3. Such personal data is stored on cloud computing platforms located within the EU/EEA.

VII. Cookies Used on the Website

  1. Through cookies, we process the following personal data:
  • IP address assigned to your device;
  • device identifier;
  • browser information (type, version, language);
  • device type;
  • operating system type;
  • number of visits;
  • browsing history;
  • viewed sections of the Website;
  • specific clicks;
  • browsing duration;
  • actions performed on the Website;
  • identifiers linked to Meta accounts (Facebook/Instagram);
  • identifiers linked to LinkedIn accounts;
  • other information regarding your activity on the Website.
  1. We use cookies to:
  • analyze user behavior;
  • analyze Website traffic;
  • compile Website usage statistics;
  • improve Website functionality and accessibility;
  • provide services and advertising tailored to your interests and browsing behavior.
  1. The Website uses the following categories of cookies:
  • Marketing cookies;
  • Marketing / Analytics cookies.
  1. Cookie retention periods:
Cookie Category Retention Period Purpose
CookieScript (_cs_c) Necessary 2 years Stores cookie consent preferences
CookieScript (_cs_id) Necessary 2 years Stores unique user identifier
CookieScript (_cs_s) Necessary Session Stores active session state
Google Analytics (_ga) Statistics 2 years Identifies unique visitors
Google Analytics (_ga_FQC0MFYQC4G) Statistics 2 years Tracks GA4 session data
Meta Pixel (_fbp) Marketing 3 months Personalized advertising and campaign analytics

30. Cookies are used based on your consent. Upon visiting the Website, you may consent to all cookies or configure preferences through cookie settings.

31. Data collected through Google Analytics cookies may be transferred to and stored on servers operated by Google LLC in the United States. More information: Google data transfer information.

32. Data collected through Meta Pixel cookies may be transferred to and stored on servers operated by Meta Platforms, Inc. in the United States. More information: Meta data privacy framework information.

33. Data collected through LinkedIn cookies may be transferred to and stored on servers operated by LinkedIn Ireland Unlimited Company. More information: LinkedIn privacy information.

34. You may delete cookies from your browser at any time. Instructions are available here:

35. More information about cookies is available at: All About Cookies.

36. You may also install the Google Analytics Opt-out Add-on.

VIII. Transfer of Personal Data

37. We do not disclose your personal data to third parties unless required by law or necessary for the performance of contractual obligations.

38. Categories of data recipients include:

  • our data processors (IT providers, marketing specialists, etc.);
  • courts, law enforcement authorities, and public institutions;
  • Google LLC;
  • Meta Platforms, Inc.;
  • LinkedIn Ireland Unlimited Company.

39. Data processors may process personal data only in accordance with our instructions and only to the extent necessary. We ensure that processors implement appropriate organizational and technical safeguards.

IX. Your Rights

40. By providing your personal data, you obtain the following rights:

  • the right to access your personal data;
  • the right to request correction, supplementation, or deletion;
  • the right to restrict processing;
  • the right to data portability;
  • the right to withdraw consent at any time;
  • the right to object to processing;
  • the right to lodge a complaint with the State Data Protection Inspectorate of Lithuania.

41. To exercise your rights or submit requests, complaints, or claims, contact us in writing at control@grei.ai.

42. If you believe our processing does not comply with GDPR or other applicable laws, you may contact us first. If unresolved, you may contact the Lithuanian State Data Protection Inspectorate in accordance with applicable legal procedures.

X. Final Provisions

43. We may update or amend this Policy at any time.

44. Updated versions become effective from the date of publication on the Website.

45. You should periodically review the Policy to ensure you are satisfied with the current version.

46. Questions regarding this Policy or data protection matters may be directed to control@grei.ai.