This Privacy Policy explains how Gridded processes personal data in connection with the website, application, account creation, project storage, analytics, and customer support.

1. Data Controller

Controller: Michał Dyra, Szyszkowa 32, Opypy, 05-825, Poland. Contact email: support@gridded.pro. Contact phone: 503 925 360.

2. Categories of Data

account data, including email address and authentication identifiers
project data saved by users inside the application
billing and transaction data processed through payment flows
technical and usage data, including IP-related request data, logs, analytics, and device/browser information
support and complaint correspondence
newsletter data, if newsletter subscriptions are introduced

3. Purposes and Legal Bases

to provide the application and user account functionality
to save and restore user projects
to process orders, subscriptions, and payments
to handle support, complaints, and legal obligations
to measure product usage and improve the service, where analytics consent is given
to send newsletter communications, if and when a newsletter tool is launched and the user opts in

4. Recipients and Processors

Gridded currently uses or plans to use tools such as:

Supabase for authentication and application data
Vercel for the web frontend
Render for backend and worker infrastructure
Stripe for payment processing
Google Analytics 4, subject to consent
PostHog, subject to consent
a newsletter provider to be selected later

The exact newsletter provider and any future additional processors will be updated in this policy before launch or before the relevant tool is enabled.

5. Cookies and Analytics

Necessary cookies are used for authentication, security, and core application functionality. Optional analytics technologies used by GA4 and PostHog are only intended to run after user consent through the cookie banner.

6. Data Retention

Personal data is kept for as long as needed to provide the service, comply with legal obligations, defend claims, and maintain account history. Specific retention periods for analytics, billing, and newsletter data may be adjusted once the final operational setup is fixed.

7. User Rights

Users may have rights to access, rectify, erase, restrict processing, object, and request portability where applicable under GDPR. Users may also withdraw consent for analytics or newsletter communications at any time where consent is the legal basis.

8. Complaints to a Supervisory Authority

Users may lodge a complaint with the competent supervisory authority, including the President of the Personal Data Protection Office in Poland, if they believe data processing violates applicable law.

9. International Transfers

Some service providers may process data outside Poland or the European Economic Area. If so, appropriate safeguards should be implemented under applicable data-protection rules.

10. Draft Fields To Finalize Before Launch

final newsletter provider
detailed retention schedule
full processor list and links to their privacy terms
exact support-channel setup