Privacy Policy

Last updated: March 7, 2026

1. Introduction & Scope

Grid Theory (“we,” “us,” or “our”) is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you:

  • Visit our website at gridtheory.com (the “Website”)
  • Use our software development, AI integration, consulting, and related services (the “Services”)
  • Interact with our AI-powered chatbot or automated tools
  • Communicate with us via email, phone, SMS/text messaging, or online forms
  • Access our client portal or project management systems

By accessing or using our Website or Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with our practices, please discontinue use of our Website and Services.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide to us, including:

  • Contact information: Name, email address, phone number, company name, job title
  • Form submissions: Information submitted through contact forms, booking forms, and project inquiry forms
  • Account data: Login credentials, profile information, and preferences for our client portal
  • Communications: Content of emails, chat messages, and other communications with us
  • Payment information: Billing details processed through our secure payment providers (we do not store full credit card numbers)
  • Project data: Business information, technical requirements, and materials you provide in connection with our Services

2.2 Information Collected Automatically

When you visit our Website, we automatically collect certain information, including:

  • Device information: Browser type and version, operating system, device type, screen resolution
  • Usage data: Pages visited, time spent on pages, click patterns, scroll depth, navigation paths
  • Network information: IP address (anonymized where possible), approximate geographic location, internet service provider
  • Session data: Session identifiers, referring/exit pages, date/time stamps of visits
  • Browser fingerprint data: A combination of device and browser attributes used for analytics and fraud prevention (not used for cross-site tracking)

2.3 Information from Third-Party Services

We may receive information about you from third-party platforms and services we use, including:

  • Google Analytics 4 (GA4): Website usage analytics and demographic insights
  • Google Tag Manager (GTM): Tag management for analytics and marketing pixels
  • Meta (Facebook) Pixel: Conversion tracking and advertising optimization data
  • TikTok Pixel: Advertising performance and audience data
  • LinkedIn Insight Tag: Professional demographic and conversion data
  • Calendly / scheduling platforms: Booking and scheduling information

2.4 AI Chatbot & Automated Tool Data

When you interact with our AI-powered chatbot or automated tools on the Website:

  • We collect the content of your conversations and queries
  • Conversation data may be used to improve the chatbot's responses and our services
  • AI-generated responses are not a substitute for professional advice
  • Chat data is stored on secure servers and subject to the same protections as other personal data
  • We do not use chatbot conversation data to train third-party AI models without your explicit consent

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service delivery: To provide, maintain, and improve our software development, AI integration, and consulting services
  • Communication: To respond to inquiries, send project updates, and provide customer support
  • Marketing: To send promotional communications (with your consent), including email newsletters and SMS/text messages
  • Analytics: To analyze website traffic, user behavior, and conversion metrics to improve our Website and Services
  • A/B testing: To test variations of website content, layouts, and features to optimize user experience
  • AI improvement: To improve the accuracy and helpfulness of our AI-powered tools and chatbot
  • Personalization: To customize your experience on our Website based on your preferences and interactions
  • Security: To detect, prevent, and address technical issues, fraud, and unauthorized access
  • Legal compliance: To comply with applicable laws, regulations, and legal processes

4. Text/SMS Marketing (TCPA Compliance)

Grid Theory may offer SMS/text message marketing communications. By opting in to receive text messages from Grid Theory, you expressly consent to receive recurring automated marketing and informational text messages to the mobile phone number you provide. This section is governed by the Telephone Consumer Protection Act (TCPA) and related regulations.

4.1 Consent

  • Consent to receive text messages is not a condition of purchasing any goods or services
  • You may opt in to text messages through our website forms, by texting a keyword, or during the booking/inquiry process
  • By providing your phone number and opting in, you expressly authorize Grid Theory to send automated text messages to that number

4.2 Message Frequency & Content

  • Message frequency varies. You may receive up to 4 messages per month
  • Messages may include: project updates, promotional offers, service announcements, appointment reminders, and follow-up communications

4.3 Opt-Out

  • You may opt out of text messages at any time by replying STOP to any message
  • Upon opting out, you will receive a single confirmation message and no further texts will be sent
  • You may also opt out by contacting us at privacy@gridtheory.com or by calling our business phone number

4.4 Help & Support

  • For help with text messaging, reply HELP to any message or contact privacy@gridtheory.com

4.5 Carrier & Cost Disclosures

  • Message and data rates may apply depending on your mobile carrier and plan
  • Grid Theory is not responsible for any charges your carrier may impose
  • Not all mobile carriers may be supported. Service may not be available in all areas

4.6 Data Use

  • Phone numbers collected for SMS marketing are used solely for the purposes described in this policy
  • We do not sell, rent, or share phone numbers with third parties for their marketing purposes
  • Phone numbers may be shared with our SMS service provider solely for message delivery purposes

5. Email Marketing (CAN-SPAM Compliance)

Grid Theory complies with the CAN-SPAM Act of 2003 for all commercial email communications.

  • We will not use false or misleading header information or deceptive subject lines
  • All marketing emails will be clearly identified as advertisements or promotional content
  • Every marketing email will include our physical mailing address
  • Every marketing email will include a clear and conspicuous unsubscribe mechanism
  • Opt-out requests will be honored within 10 business days
  • We will not sell, trade, or transfer your email address to third parties for their marketing purposes
  • You may opt out of marketing emails at any time by clicking the “unsubscribe” link in any email or by contacting privacy@gridtheory.com

6. Cookie Policy

Our Website uses cookies and similar tracking technologies to enhance your experience, analyze usage, and assist in our marketing efforts.

6.1 Essential Cookies

These cookies are necessary for the Website to function properly. They enable core features such as security, session management, and accessibility. You cannot opt out of essential cookies as they are required for the Website to operate.

6.2 Analytics Cookies

Analytics cookies help us understand how visitors interact with our Website by collecting information about pages visited, time spent, navigation patterns, and error encounters. We use Google Analytics 4 for this purpose. Data is anonymized where technically feasible.

6.3 Marketing & Advertising Cookies

Marketing cookies are used to track visitors across websites and display relevant advertisements. These cookies may be set by third-party advertising platforms including Meta (Facebook), TikTok, LinkedIn, and Google Ads. These cookies collect data about your browsing habits and are used to make advertising more relevant to you.

6.4 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to block or delete cookies. However, blocking certain cookies may affect the functionality of our Website. You can also manage advertising preferences through industry opt-out tools such as the Digital Advertising Alliance (DAA) at optout.aboutads.info or the Network Advertising Initiative (NAI) at optout.networkadvertising.org.

7. AI Data Processing & Automated Systems

Grid Theory uses artificial intelligence and machine learning technologies in both our Website features and our client Services. This section describes how we handle data in connection with AI systems.

7.1 AI-Generated Content

  • Content generated by AI systems on our Website (including chatbot responses) may not always be accurate or complete
  • AI-generated content does not constitute professional, legal, financial, or medical advice
  • We recommend human review and verification of any AI-generated output before relying on it for business decisions

7.2 Chatbot Data Handling

  • Conversations with our AI chatbot are logged for quality improvement and training purposes
  • Personal information shared in chat conversations is treated as personal data under this policy
  • We do not use personally identifiable chatbot data to train external or third-party AI models
  • Chatbot conversations may be reviewed by our team for quality assurance purposes

7.3 Automated Decision-Making

  • We may use automated systems for lead scoring, content personalization, and user segmentation
  • No fully automated decisions with significant legal or similarly significant effects are made without human oversight
  • You have the right to request human review of any automated decision that affects you

7.4 Data Anonymization & Aggregation

  • Where possible, data used for AI training and analytics is anonymized and aggregated
  • Anonymized and aggregated data may be used for research, benchmarking, and service improvement
  • Once data is truly anonymized, it is no longer considered personal data under this policy

8. Third-Party Services

We use the following categories of third-party services that may collect or process your data:

  • Hosting & Infrastructure: Vercel (hosting), Supabase (database and authentication), Cloudflare (CDN and security)
  • Analytics: Google Analytics 4, Google Tag Manager
  • Advertising: Meta (Facebook) Pixel, TikTok Pixel, LinkedIn Insight Tag, Google Ads
  • Communication: Email service providers, SMS service providers
  • Scheduling: Calendly or similar booking platforms
  • Payment Processing: Stripe or similar payment processors (PCI-compliant)
  • AI Providers: OpenAI, Anthropic, or other AI service providers for chatbot and AI features

Each third-party service has its own privacy policy governing data use. We encourage you to review the privacy policies of any third-party services that interact with your data. We are not responsible for the privacy practices of third-party services.

9. Data Retention & Deletion

  • Account data: Retained for as long as your account is active, plus 2 years after account closure for record-keeping
  • Project data: Retained for the duration of the engagement, plus 3 years after project completion for warranty and legal purposes
  • Analytics data: Retained for up to 26 months (Google Analytics default retention period)
  • Marketing data: Retained until you opt out or request deletion
  • Chatbot conversations: Retained for up to 12 months for quality improvement, then deleted or anonymized
  • Legal hold: Data may be retained longer if required by law or in connection with legal proceedings

You may request deletion of your personal data at any time by contacting privacy@gridtheory.com. We will comply with verified deletion requests within 30 days, subject to legal retention requirements.

10. Data Security

We implement industry-standard technical and organizational security measures to protect your personal information, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Row-level security (RLS) on database tables
  • Secure authentication with hashed passwords and session management
  • Regular security audits and vulnerability assessments
  • Access controls limiting employee access to personal data on a need-to-know basis
  • Secure backup and disaster recovery procedures
  • Incident response procedures for data breaches

While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data but will notify you of any breach affecting your personal information as required by applicable law.

11. Your Privacy Rights (CCPA & GDPR)

11.1 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: You may request information about the categories and specific pieces of personal information we have collected about you
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions
  • Right to Opt-Out: You may opt out of the sale or sharing of your personal information. Note: Grid Theory does not sell personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
  • Right to Correct: You may request correction of inaccurate personal information
  • Right to Limit Use of Sensitive Data: You may limit the use and disclosure of sensitive personal information

11.2 European Economic Area Residents (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of Access: You may request a copy of the personal data we hold about you
  • Right to Rectification: You may request correction of inaccurate or incomplete personal data
  • Right to Erasure: You may request deletion of your personal data (“right to be forgotten”)
  • Right to Restrict Processing: You may request that we limit how we use your personal data
  • Right to Data Portability: You may request a copy of your data in a structured, machine-readable format
  • Right to Object: You may object to the processing of your personal data for direct marketing or legitimate interest purposes
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time

11.3 Exercising Your Rights

To exercise any of the above rights, please contact us at privacy@gridtheory.com. We will respond to verifiable requests within 30 days (or 45 days if an extension is necessary). We may need to verify your identity before processing your request. You may also designate an authorized agent to make requests on your behalf.

12. Children's Privacy (COPPA)

Our Website and Services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information as soon as possible. If you believe we have collected information from a child under 13, please contact us at privacy@gridtheory.com.

13. International Data Transfers

Grid Theory is based in the United States. If you access our Website or Services from outside the United States, your data may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have different data protection laws than your country of residence.

For transfers of personal data from the EEA, UK, or Switzerland to the United States, we rely on appropriate transfer mechanisms such as Standard Contractual Clauses (SCCs) or other legally recognized frameworks. By using our Website and Services, you consent to the transfer of your data to the United States and other jurisdictions as described in this policy.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the “Last updated” date at the top of this policy
  • Post the updated policy on our Website
  • Notify you via email (if we have your email address) for material changes that affect how your personal data is processed
  • Where required by law, obtain your consent before implementing changes that materially affect your rights

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

15. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Email: privacy@gridtheory.com
  • Website: gridtheory.com/contact
  • Mailing Address: Grid Theory, Attn: Privacy, [Business Address]

For privacy-related complaints, you may also contact your local data protection authority if you are located in the EEA, UK, or Switzerland.

← Back to Home