Green Llama GLerp
Privacy Policy

Effective Date: January 1, 2026

1. INTRODUCTION

Green Llama ("we," "us," or "our") provides a B2B Enterprise Resource Planning (ERP) platform. This policy governs data collected directly by Green Llama from our business subscribers. This policy does not apply to data our clients collect from their own end-customers using the GLerp platform; in those instances, GLerp acts as a Data Processor, and our client's privacy policy governs.

2. DATA COLLECTION & ROLES

2.1. Green Llama as Data Controller

We collect and process the following information necessary to provide, support, and bill for our SaaS services, as well as to maintain our business relationship with you:

  • Account & Billing Data: Business names, contact persons, physical addresses, tax IDs, and billing details.
  • Relationship & CRM Data: Information about your business practices, processes, and collaboration needs that you share with us so we can better tailor the GLerp environment to your workflow.
  • Technical Usage Data: We automatically collect IP addresses, browser types, and platform performance metrics (via tools like Google Analytics) to ensure system stability, security, and a professional user experience.

2.2. Green Llama as Data Processor (The "No Liability" Clause)

Our Clients use the GLerp platform to store and manage their own business data ("Client Content"), which may include information about their own end-customers, employees, or vendors.

  • Ownership & Responsibility: All Client Content is owned and controlled exclusively by the Client. Green Llama does not monitor, review, or use this data for any purpose other than to provide the hosted service.
  • Limitation of Liability: The Client is solely responsible for the accuracy, legality, and privacy compliance of all Client Content. Green Llama assumes no liability for the content, use, or potential misuse of any data entered into the platform by the Client or its authorized users.

3. DATA RESIDENCY & SECURITY

3.1 Residency

All data is stored on secure servers located within the United States.

3.2 Encryption

Green Llama protects information through a multi-layered encryption strategy:

  • Data at Rest: We enforce industry-standard AES-256 encryption for all primary storage (via Longhorn/LUKS) and backup volumes. This ensures that even in the event of physical theft or unauthorized disk access, data remains unreadable without the corresponding cryptographic keys.
  • Data in Transit: All communications between your systems and the GLerp platform are encrypted using TLS 1.2 or higher protocols. We employ strong cipher suites and Perfect Forward Secrecy (PFS) to prevent interception or tampering during transmission over the internet.

3.3 Continuous Security

We implement role-based access controls (RBAC), multi-factor authentication (MFA) for administrative accounts, and regular system patching to maintain a hardened infrastructure.

4. THIRD-PARTY INTEGRATIONS

The GLerp platform allows for third-party integrations (e.g., Stripe, Plaid, DocuSign, Google Workspace).

  • 4.1. Green Llama Managed Infrastructure: Certain core modules and backup services (e.g., Documenso, MinIO storage) operate within infrastructure exclusively managed by Green Llama. Whether hosted on our private hardware or within dedicated, Green Llama-managed virtual private clouds (such as AWS or Digital Ocean), data remains within our administrative control and is subject to our internal security protocols and encryption standards.
  • 4.2. Client Responsibility & Data Stewardship: The Client is the "Data Controller" and is solely responsible for the legal relationship, data stewardship, and contracts with any third-party providers they choose to integrate. Green Llama is not responsible for the security, storage, or transmission practices of third parties contracted directly by the Client.
  • 4.3. No Green Llama Liability: Green Llama does not review, endorse, or assume liability for the privacy practices, technical reliability, or contractual obligations between a Client and their chosen third-party providers or end-customers.
  • 4.4. SMS Gateway Compliance: If a Client integrates their own SMS gateway (e.g., Twilio), the Client is solely responsible for obtaining proper legal consent from their end-customers and complying with all regional SMS laws (such as TCPA/CTIA). GLerp acts only as a technical conduit; we do not own, control, or monitor the messaging content or recipient lists managed by the Client.

5. DATA RETENTION

5.1. Standard Retention Policy

Upon the termination or expiration of a Client's subscription, GLerp retains Client-managed data (e.g., ledger entries, employee lists, and SMS logs) for a period of ninety (90) days.

  • Purpose: This "grace period" allows for account reinstatement or final data export by the Client.
  • Purge Process: After 90 days, all such data is permanently purged from our active databases and primary storage (MinIO). Encrypted backups are also set to rotate and purge at the 90-day mark, unless a separate written agreement or Service Level Agreement (SLA) specifies a different duration.

5.2. Account Records Retention

Green Llama may retain certain "Account Information" (such as invoices, tax records, and contact details) for a longer period as required by law, for audit purposes, or to exercise or defend legal claims.

5.3. Administrative & Support Access

To provide effective technical support and maintain platform performance, authorized Green Llama employees may occasionally require access to Client systems or data.

  • Purpose of Access: Access is strictly limited to troubleshooting technical issues, resolving support requests, or monitoring system performance metrics.
  • Confidentiality: All personnel with such access are bound by strict confidentiality and non-disclosure agreements (NDAs) and are trained in secure data handling practices.
  • Audit Trails: Green Llama maintains internal logs of administrative access to ensure accountability. Clients may request a summary of support-related access logs for their specific environment.

5.4. Disclosure for Legal or Business Reasons

  • Legal Compulsion: We may disclose personal information if required to do so by law or in the good-faith belief that such action is necessary to comply with a legal obligation, such as a valid court order or subpoena.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as a business asset. We will notify you via email of any such change in ownership.

6. NO SALE OR SHARING OF DATA

Green Llama maintains a strict "No Sale" policy across all platform services. We do not sell, rent, lease, or trade your Personal Information, or the data of your end-customers, to any third party for monetary or other valuable consideration.

6.1. Cross-Platform Scope

This prohibition on the sale and sharing of data applies to all sensitive information processed by GLerp, including but not limited to:

  • Financial & Banking Data: Information retrieved via integrations such as Plaid or Stripe.
  • Identity & Authentication Data: Information retrieved via Google Workspace or other SSO providers.
  • Mobile & Communication Data: Specifically, mobile phone numbers and SMS opt-in consent data will not be shared with third parties or affiliates for marketing or promotional purposes.

6.2. Green Llama's Service Providers

We share data with our own direct third-party service providers (such as Twilio for SMS delivery or Google for hosting) only as necessary to provide the GLerp services. Green Llama maintains written agreements with these providers that restrict their use of your data to the specific business purposes for which it was shared.

7. REGIONAL COMPLIANCE (California/Canada)

While GLerp is intended for U.S.-based businesses, we provide the following rights to all users:

  • The right to request a copy of the data we hold.
  • The right to request the deletion of account-level personal data.
  • To exercise these rights, contact: support@greenllama.tech

7.1 Global Privacy Control (GPC)

Green Llama recognizes Global Privacy Control (GPC) signals where required by applicable law. Users may enable these signals in their browser settings to automatically opt-out of non-essential tracking.

7.2 Personal Data Access

When exercising your Right to Access, we will provide all responsive personal data maintained in our records. Please note that while platform data is purged 90 days after account termination, certain business correspondence may be retained longer for legal and audit purposes.

8. MINORS

Our services are strictly intended for business use by individuals aged 18 and older. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have inadvertently collected data from a minor, we will take immediate steps to purge that information from our active systems and backups.