1. Introduction

This Acceptable Use Policy ("Policy") sets out the rules and guidelines for using the Grove platform and services. It is designed to protect all users, maintain the integrity of our systems, and ensure that Grove remains a secure and reliable HR management solution.

By accessing or using Grove, you agree to comply with this Policy. Violation of this Policy may result in suspension or termination of your access to the Service.

This Policy should be read in conjunction with our Terms of Service and Privacy Policy.

2. Permitted Uses

Grove is designed to help organisations manage their HR operations efficiently and compliantly. You are permitted to use Grove for:

Managing Employee Records

Store, organise, and maintain accurate employee information including personal details, employment history, and documents.

Tracking Leave and Absence

Manage holiday requests, sick leave, parental leave, and other types of absence with full audit trails.

Processing HR Data

Handle onboarding, offboarding, performance reviews, and other HR processes within the platform.

Generating Reports

Create reports on workforce analytics, absence patterns, headcount, and other HR metrics for internal use.

3. Prohibited Uses

The following activities are strictly prohibited when using Grove. Any violation may result in immediate account suspension:

Illegal Activities

Using Grove for any purpose that violates applicable laws or regulations
Processing personal data in violation of GDPR, UK Data Protection Act, or other privacy laws
Engaging in employment discrimination or other unlawful HR practices
Facilitating fraud, money laundering, or other criminal activities

Unauthorized Data Collection

Collecting or storing personal data beyond what is necessary for legitimate HR purposes
Scraping, harvesting, or extracting data from Grove for external use
Accessing data of other organisations or users without authorisation
Using Grove to build competing products or services

Security Violations

Attempting to breach, test, or circumvent security measures
Sharing login credentials or access tokens with unauthorised parties
Introducing malware, viruses, or other harmful code
Attempting to gain unauthorised access to systems, networks, or data
Interfering with the proper functioning of the Service

Spam and Harassment

Sending unsolicited messages or communications through Grove
Using Grove to harass, bully, or intimidate employees or other users
Posting offensive, defamatory, or inappropriate content
Creating fake accounts or impersonating others

Prohibited Data Types

Storing payment card data (PCI-DSS regulated information) in employee records
Processing special category data without appropriate legal basis and safeguards
Uploading documents containing malicious code or scripts
Storing data unrelated to HR management purposes

4. User Responsibilities

Account Security

Maintain the confidentiality of your login credentials
Use strong, unique passwords and enable multi-factor authentication
Log out when finished, especially on shared devices
Report any suspected security breaches immediately
Review and manage user permissions regularly

Data Accuracy

Ensure all data entered into Grove is accurate and up-to-date
Respond to data subject access requests in a timely manner
Correct any inaccuracies promptly when identified
Maintain appropriate records of data processing activities

Compliance with Laws

Comply with all applicable employment and data protection laws
Obtain necessary consents for processing employee data
Maintain appropriate data retention and deletion practices
Ensure your use of Grove complies with your organisation's policies

Reporting Violations

Report any violations of this Policy that you become aware of
Cooperate with any investigations into potential violations
Do not retaliate against anyone who reports a violation in good faith

5. Enforcement

Grove takes violations of this Policy seriously. We reserve the right to investigate any suspected violations and take appropriate action.

Violation Investigation

When we become aware of a potential violation, we may investigate the matter, which may include reviewing logs, data, and other information. We may contact you for additional information during an investigation.

Account Suspension or Termination

Depending on the severity of the violation, we may take the following actions:

Issue a warning and request corrective action
Temporarily suspend access to specific features
Suspend the account pending investigation
Permanently terminate access to the Service
Remove any content that violates this Policy

Legal Action

In serious cases, we may be required to report violations to law enforcement or regulatory authorities. We may also pursue legal remedies for violations that cause harm to Grove, our users, or third parties.

6. Security Requirements

To protect sensitive HR data, all users must adhere to the following security requirements:

Password Requirements

Minimum 12 characters in length
Include a mix of uppercase, lowercase, numbers, and symbols
Do not reuse passwords from other services
Change passwords immediately if compromised
Enable multi-factor authentication (strongly recommended)

Access Controls

Apply the principle of least privilege when assigning permissions
Review user access regularly and revoke when no longer needed
Remove access immediately when an employee leaves the organisation
Use role-based access controls appropriately
Maintain audit logs of access and changes

Data Handling

Only access data you need for your role
Do not export or download data unnecessarily
Securely dispose of any printed or exported data
Use secure connections (HTTPS) when accessing Grove
Be cautious when accessing Grove on public or shared networks

Report a Violation

If you become aware of any violation of this Acceptable Use Policy, please report it immediately. You can remain anonymous if preferred.

Security Issues: security@grove.hr
Policy Violations: abuse@grove.hr
General Inquiries: legal@grove.hr

View all legal documents

Acceptable Use Policy