Grid Privacy Policy

1. SCOPE & WHO THIS COVERS

• This Policy applies to visitors, account holders, customers, and prospective partners who interact with the Services.
• This Policy does not cover third-party sites, services, or features we do not control. Their privacy practices are governed by their own policies.

2. WHAT WE COLLECT

We collect information in three ways: (A) you provide it, (B) it is collected automatically, and (C) we receive it from others.

A. Information You Provide

• Account & Identity: name, email, password, username/handle, phone (optional), company (if applicable).
• Order & Fulfillment: shipping address, billing address, contact details, order history.
• Payment: last four digits, card type, and tokenized identifiers from our payment processor; we do not store full card numbers.
• Prompts & Design Inputs (“Customer Content”): text prompts, references, specifications, measurements, approvals/“Approve” clicks, messages to support, and any files you upload or link.
• Communications: emails, messages, survey responses, support requests, and feedback.

B. Information Collected Automatically

• Device/Usage: IP address, device identifiers, browser type, operating system, language, time zone, referring/exit pages, clickstream, session activity, and error/crash data.
• Cookies & Similar Tech: first-party cookies (strictly necessary, functional, analytics) and, if enabled, third-party analytics cookies. See “Cookies & Tracking” below.

C. Information from Third Parties

• Payment processors (transaction status, fraud signals).
• Shipping/label providers (tracking, delivery confirmations).
• Customer support and CRM tools (ticket/activity context).
• AI preview/model providers (technical logs under our account).
• Fulfillment partners (production status, QC notes).
• Referral/affiliate platforms (click and conversion attribution).
• Social media or ad platforms (if you interact with our pages or ads).

3. HOW WE USE INFORMATION

We use information to:

• Provide and operate the Services (account setup, preview generation, production, packaging, and shipping).
• Process transactions and prevent fraud or misuse.
• Communicate with you about orders, support, product changes, and policy updates.
• Review designs for policy compliance, safety, and manufacturability; perform “Originalization” where necessary.
• Improve quality (QA, testing, analytics, debugging, auditing).
• Maintain records for chargebacks, disputes, legal compliance, and safety.
• Comply with law, enforce our Terms, and protect the rights, safety, and security of Grid, our users, and third parties.

Legal bases for processing under the GDPR (if applicable): performance of a contract; legitimate interests (e.g., security, fraud prevention, product improvement, records); consent (where required, e.g., certain cookies/marketing); and legal obligations.

4. AI PREVIEWS; MODEL PROVIDERS

• We use third-party AI model providers to generate Previews from your prompts and inputs. That processing occurs under Grid’s accounts and instructions.
• Where a business/API opt-out is available, we configure providers so your API data is not used to train their foundation models.
• We may further process Previews and your inputs for quality control (e.g., automated filters + human review) and to apply “Originalization.”
• We do not rely on automated decision-making that produces legal or similarly significant effects about you. Preview outputs are proposals that you approve or decline.

5. WHEN WE DISCLOSE INFORMATION

We disclose personal information to:

• Service Providers (processors): payment processing, hosting, cloud infrastructure, analytics, customer support, email/SMS, logging/monitoring, AI preview providers, and printing/fulfillment partners. They may access personal information only to provide services to us, under written contracts.
• Fulfillment Partners (sub-processors): to produce and ship your order; bound to confidentiality, quality, and non-reuse of designs.
• Carriers/Label Systems: to ship packages and provide tracking.
• Fraud & Safety Partners: to detect, prevent, or remediate fraud, security incidents, and abuse.
• Professional Advisors & Auditors: attorneys, accountants, insurers (as needed).
• Corporate Transactions: in connection with a merger, acquisition, financing, or sale of all or part of our business (subject to confidentiality and applicable law).
• Legal/Compliance: to comply with law, enforce our Terms, respond to lawful requests, or protect rights, property, and safety.

We do not sell personal information.

We do not “share” personal information for cross-context behavioral advertising as defined by certain U.S. state laws.

6. DATA RETENTION

We retain personal information for as long as needed to provide Services, comply with legal obligations, resolve disputes, and enforce agreements. Typical periods:

• Account & Order Records: [2 years] after your last activity or as required by tax and accounting laws.
• Prompts/Previews/Approvals and key correspondence: retained for a “commercially reasonable period” to address IP complaints, chargebacks, and safety ([e.g., 24 months] unless legal holds apply).
• Support Tickets: [12–24 months] from closure.
• Cookies: per their set lifetimes (see cookie banner/details).

We may retain aggregated/de-identified data that does not identify you, for analytics and service improvement.

7. SECURITY

We employ administrative, technical, and physical safeguards designed to protect personal information (e.g., encryption in transit, access controls, secret management, audit logging). No security is perfect; please use strong, unique passwords and promptly notify us of any suspected account compromise.

8. INTERNATIONAL DATA TRANSFERS

We are based in the United States and process data there. If you are outside the U.S., your information may be transferred to and processed in the U.S. and other countries that may not provide the same level of data protection as your home jurisdiction. Where required, we use appropriate safeguards (e.g., EU Standard Contractual Clauses and UK IDTA) for cross-border transfers.

9. COOKIES & TRACKING

• Types: (a) Strictly necessary (site/core functions, checkout), (b) Functional (preferences), and (c) Analytics (usage, performance).
• Controls: Use your browser settings to block/delete cookies. If we run a consent banner, you can set preferences there. Blocking some cookies may affect functionality.

“Do Not Track”: We do not respond to DNT signals due to industry inconsistency. Use our cookie controls and your browser settings.

10. CHILDREN’S PRIVACY

Our Services are not directed to children under 13 (or under 16 where applicable). We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will take appropriate steps to delete it.

11. YOUR RIGHTS & CHOICES

Your rights depend on your location and applicable law. Where available, you may:

• Access, correct, or delete your personal information.
• Obtain a portable copy of certain information.
• Object to or restrict certain processing (including processing based on legitimate interests).
• Withdraw consent, where consent is the legal basis.
• Opt out of marketing emails (via unsubscribe links) and control cookies via our banner or your browser.

How to exercise: email [email protected] with “Privacy Request” in the subject. We will verify your identity and respond within the timeframe required by law. You may use an authorized agent where permitted, subject to verification.

Appeals: If we deny your request, you may appeal by replying to our decision email with “Appeal” in the subject. If you remain unsatisfied, you may contact your regulator.

12. U.S. STATE NOTICES (CALIFORNIA/CO/CT/UT/VA, ETC.)

• We provide this summary to residents of states with comprehensive privacy laws. It describes our categories of personal information collected (identifiers; customer records; commercial information; internet/electronic activity; geolocation (coarse IP); inferences (limited, e.g., preferences); and user-generated content), the purposes listed in Section 3, and the disclosures in Section 5.
• We do not sell personal information.
• Sensitive personal information: we do not seek to collect sensitive personal information; please do not submit it.
• Non-discrimination: We will not discriminate against you for exercising your privacy rights.

Notice at Collection (California): The categories collected, purposes, and disclosures are described in Sections 2–5. We retain information as described in Section 6. You may submit requests as described in Section 11.

13. GDPR/UK ADDENDUM (IF YOU ARE IN THE EEA/UK)

• Controller: Grid AI, LLC.
• Data Protection Contact: [email protected] [OPTIONAL: add DPO contact if you appoint one].
• Legal bases: contract, legitimate interests, consent, legal obligation (see Section 3).
• EU/UK transfers: safeguarded via SCCs/IDTA (Section 8).
• Complaints: You may lodge a complaint with your local supervisory authority; we encourage you to contact us first.

14. AFFILIATES, PARTNERS, AND SOCIAL FEATURES

• Affiliates/Influencers: If you join our affiliate program, we process contact, payment, and attribution data to administer commissions.
• Social Media: If you engage with us on social platforms, the platform’s privacy policy governs that interaction.
• Referrals: If you share referral links, we track attribution to administer the program.

15. PAYMENT INFORMATION

Payments are processed by our third-party processor. We receive a transaction confirmation and tokenized details but do not store full card numbers. Your card data is subject to the processor’s privacy policy and PCI-DSS controls.

16. CHANGES TO THIS POLICY

We may update this Policy to reflect changes in our practices or law. When we do, we will revise the “Last Updated” date and, when required, provide additional notice. Your continued use of the Services after an update means you accept the changes.

17. CONTACT US

Grid AI, LLC
Attn: Privacy
110 S Main Street, Apt i12, North Salt Lake, UT 84054
Email: [email protected]