Gridwork

This is a starting summary of how Gridwork handles your data. It needs legal review before it stands as your binding privacy policy.

What we collect

We process account data (your email, name, and login activity), the business data you enter (companies, locations, employees, services, posts), and billing data tied to your subscription.

We do not use tracking cookies or third-party analytics. Session cookies are strictly necessary for signing in.

Payment data and Stripe

Payments run through Stripe Payments Europe, Ltd., our payment sub-processor. When you subscribe, Stripe processes your billing email, billing address, tax ID, and payment method. You enter your billing email, billing address, and tax ID in Gridwork when you subscribe; we transmit them to Stripe and do not store them on our own servers. Gridwork never sees or stores your card details. We keep only your Stripe customer reference and subscription status.

Stripe acts under a data processing agreement (Art. 28 GDPR). See Stripe's privacy policy at https://stripe.com/privacy.

Sub-processors

Stripe — payment processing and invoicing.
Vercel — application hosting and logs.
Neon — database hosting (EU region).

Retention

We keep your account and business data until you delete the account. Billing and invoice records are retained by Stripe for the statutory period (10 years under § 147 AO). Operational logs are kept for 30 days.

Your rights

You can access, correct, or delete your data. Deleting your account removes your data from Gridwork and cancels your subscription. For other requests (restriction, portability, objection), contact support.