TL;DR (Plain English)
• We collect as little information as we can to run the website, respond to you, and keep things secure.
• We do not sell, lease, trade, give away, auction off, or broker your personal information.
• We do not run ad trackers, social-media pixels, cross-site tracking scripts, or fingerprinting on our website.
• If you contact us, we keep that message for a limited time so we can respond and maintain basic records.
• If you sign up for project updates, we use your email to send the updates you asked for, and you can unsubscribe.
• We apply GDPR-style privacy protections where feasible, even when U.S. law does not require it.
• If you ask us to delete your information, we will do so unless we need to keep something for legal, security, fraud-prevention, or backup reasons.
⸻
This Privacy Sheet applies to the public GridMind Studio website and communications with us through the website, email links, contact forms, and project-update signups.
This Privacy Sheet does not automatically govern separate product or service experiences that may have their own privacy notices, terms, or data practices. If we launch a product or service with different data handling, we may provide a separate or supplemental privacy notice for that product or service.
⸻
• Data minimization: We collect the minimum data needed to operate the site, respond to messages, send requested updates, and keep things secure.
• No selling—ever: We do not sell, lease, trade, give away, auction off, or broker personal information.
• No creepy tracking: We do not run ad trackers, social-media pixels, cross-site tracking scripts, or fingerprinting on our website. We do not use third-party advertising cookies.
• Analytics: We do not use behavioral advertising analytics. If we later add privacy-preserving analytics, they will be configured to avoid personal profiling and cross-site tracking, and we will update this Privacy Sheet before any material change goes live.
• No training on your content by default: We do not use your content to train AI models unless you explicitly opt in. Most of our products and ideas rely on existing AI models rather than training new ones.
⸻
A. Information you provide
We may collect information you choose to provide to us, including:
• Contact messages: name, email address, and message content when you contact us through a form or email link.
• Project update signups: email address and any optional information you provide when signing up for updates about a specific project, product, or launch.
B. Information collected automatically (security + operations)
Like most websites, we may process limited technical information needed for operations and security, including:
• IP address
• timestamps
• pages requested
• browser/device type
• error logs
• security events
• request metadata reasonably necessary to operate, secure, and troubleshoot the site
We process this information for site availability, abuse prevention, debugging, security monitoring, rate limiting, fraud prevention, and traffic filtering.
C. Cookies / analytics
• No ad cookies. No tracking pixels.
• We do not use third-party advertising trackers.
• If we use analytics at all, they will be privacy-friendly and non-identifying, aimed at understanding basic site performance without tracking individuals across sites.
D. Embedded media and video previews
We avoid third-party embeds that can track visitors, including social widgets and ad-tech scripts.
If we display video previews on our site:
• Preferred: we use a custom, first-party video player and serve media from infrastructure we control or manage, so viewing a preview does not add third-party tracking.
• If we ever use third-party video links or embeds: we prefer links over embeds. If an embed is used, that third party may receive technical information such as IP address and browser details when the embed loads.
⸻
We use the information described above only for legitimate website and communication purposes, including:
• providing the website and requested services
• responding to contact requests and support questions
• sending project updates you asked to receive
• maintaining website reliability and security
• preventing abuse, spam, fraud, and unauthorized access
• debugging and improving site performance using aggregated or operational information, not personal profiling
We do not use your information for cross-site ad targeting.
⸻
We may offer project-specific update signups for launches, product updates, or related announcements.
If you sign up:
• we will use your email address to send the updates you requested for that project or signup category
• you may unsubscribe at any time using the unsubscribe method in the email or by contacting us
• we will not automatically roll a project-specific signup list into unrelated future project marketing without a separate opt-in or other lawful basis
• after you unsubscribe, we may keep a minimal suppression record so we do not accidentally email you again
⸻
We share limited data only with service providers that help us operate and secure our website and communications:
• Cloudflare (hosting/CDN/security): Cloudflare may process technical data such as IP address, request metadata, and security events to deliver content, protect against abuse, and maintain site availability.
• Google Workspace (email): If you contact us or if we send project updates, our email provider processes email content and related metadata so we can send and receive communications.
We may also use additional providers in the future for specific features such as payments, transactional email, or product delivery. If we add new provider categories that materially change how personal data is handled, we will update this Privacy Sheet.
We may also disclose information:
• to comply with lawful, valid, and properly served legal process
• to protect the rights, safety, security, or operations of GridMind Studio, our users, or others
• in connection with fraud prevention, abuse prevention, or emergency disclosures permitted by law
We do not sell personal data.
We do not share personal data with data brokers.
We do not share personal data for cross-site ad targeting.
⸻
Regardless of where you live, we aim to honor the following requests where feasible and legally appropriate:
• Access — request what information we have about you
• Correction — correct inaccurate information
• Deletion — request deletion of your information
• Restriction — ask us to limit certain processing
• Portability — request a copy of your information in a usable format where applicable
• Objection — object to certain processing where applicable
• Withdraw consent — withdraw consent where processing was based on consent
Deletion note
We honor deletion requests unless we need to retain specific information for:
• legal obligations
• lawful preservation requests or legal holds
• fraud or abuse prevention
• security investigations
• backup restoration cycles
• limited suppression records needed to honor opt-outs
⸻
We retain information only as long as reasonably necessary for the purposes described in this Privacy Sheet.
• Contact support messages: up to 6 months, unless we need to keep them longer for an ongoing matter, legal obligation, or security reason
• Security/server logs: up to 30 days, unless we need to preserve them longer for a specific security incident, fraud investigation, abuse issue, or legal obligation
• Project update signup information: until you unsubscribe, ask for deletion, or the project/list is retired, subject to limited suppression records needed to honor opt-outs
• Temporary processing outputs: if a service or workflow temporarily processes user-provided files or content to generate an output, temporary outputs may be deleted after a short retention window, such as approximately 72 hours, unless we are required to preserve them for legal or security reasons
• Backups: deleted data may remain in backups until the relevant backup cycle expires
⸻
We use reasonable administrative, technical, and organizational safeguards designed to protect information from unauthorized access, alteration, disclosure, or destruction. No method of transmission or storage is perfectly secure, but we apply safeguards appropriate to the type and sensitivity of the data involved.
Safeguards may include, where applicable:
• HTTPS/TLS encryption in transit
• salted, one-way password hashing where passwords exist
• rate limiting and anti-abuse protections
• secure session handling practices where applicable
• least-privilege access controls
• restricted administrative access
• monitoring and logging for abuse and unauthorized access attempts
• data minimization and retention controls
Website note
The public GridMind Studio website does not require visitors to create accounts or log in. Any authentication used for the website is limited to internal administrative access.
Reporting security concerns
If you believe you found a security issue involving our website, contact: hello@gridmind.studio with “Security” in the subject line.
⸻
Our website and services are not directed to children under 13, and we do not knowingly collect personal information from children under 13.
⸻
We may disclose information if required by a lawful, valid, and properly served legal request, such as a court order, subpoena, or warrant, or as otherwise required by applicable law.
When permitted by law, we aim to:
• verify the request
• interpret the request narrowly
• disclose only what is legally required
• challenge or seek to narrow improper or overbroad requests
• notify affected users unless legally prohibited
We do not provide user data in response to informal requests that are not supported by valid legal process.
In limited circumstances, we may disclose information if we believe in good faith that doing so is necessary to prevent imminent death or serious physical harm, as permitted by law. We aim to limit any such disclosure to what is reasonably necessary.
⸻
Some GridMind Studio products may be used for journalism, research, civic analysis, or other sensitive work. That does not automatically block lawful access requests, so our main protections are practical:
• collecting less data
• keeping data for shorter periods where feasible
• using stronger access controls
• offering privacy-conscious product design where possible
⸻
The public website may link to or describe paid products or services. If we offer paid services, payments may be handled by third-party processors such as Stripe. We do not store full payment card numbers on our own servers. Product-specific billing, subscription, cancellation, and refund terms may apply to those services.
⸻
We may update this Privacy Sheet from time to time. If we make a material change, we will update the effective date and post the revised version on the website. Continued use of the website after the updated version is posted means you accept the revised Privacy Sheet to the extent permitted by law.
⸻