This Privacy Policy describes how Gridlines collects, uses, and shares your personal information, as well as your choices and rights with respect to your personal information.

Scope of this Privacy Policy

This Privacy Policy applies to information that relates to you as an identifiable individual (often referred to as “personal information” or “personal data”) that Gridlines receives or collects when you interact with us or our services, website, and software (the “Services”).

Information We Collect

We collect and receive the following types of information:

Information You Provide to Us:

• Account Information: To create an account for the Services or to enable certain features, we require that you provide us with information for your account such as name, email, password, and authentication credentials. If you sign up for a paid subscription, we (or our payment processors) may need your billing details such as credit card information, banking information, and billing address.

• Documents and Other Customer Data: In using our Services, our customers submit or upload documents, seek user support, or provide other Customer Data (defined in our Terms of Service) to us. Our use of and processing of Customer Data is governed by our Terms of Service.

• Other Information You Provide: We receive other information from you when you choose to interact with us in other ways, such as if you sign up for one of our webinars or e-books, participate in a research study, contest, sweepstake, or event, apply for a job, or otherwise communicate with us.

  
  

Information We Collect Automatically:

• Usage Data: We automatically collect usage data about how you interact with our Services when you use them. For example, this could be actions you take on our platform, such as number of documents you’ve uploaded or your sharing activity.

• Log Data: Our servers automatically log certain types of data when you visit or use our Services, for example, when you navigate through our website. This data is stored in our log files and includes, Internet Protocol (IP) address, type of device, operating system or browser, unique device identifiers, browser settings, date and time you visited or used our Services, the referring website, URL parameters, and error and crash reporting data.

• Information from Cookies and Similar Technologies: A cookie is a small piece of information that is downloaded to your device by your browser when you visit a website. We use cookies or similar technologies (including third-party cookies) to remember your preferences, understand how you interact with our Services or emails that we send you, maintain the security of our Services, and administer, improve and promote our Services. You can configure your browser to prevent cookies, but please note that disabling cookies may make some features or functionality unavailable to you.

  
  

How We Use Your Information

We use your information in the following ways:

• To provide and maintain our Services.

• To analyze and improve our Services.

• To keep our Services secure and protect against fraud, abuse, and intrusion.

• To provide user support, information, and services requested by you.

• To send important account or security notifications.

• To promote our Services in accordance with applicable laws and regulations. If you’d like to unsubscribe from our marketing emails, click the “unsubscribe” link at the bottom of the email. You can also update your notification preferences in your account settings.

• To comply with our legal obligations, including responding to a court order or other valid legal process.

• For other purposes with your consent.

  
  

Please keep in mind that customers control their accounts and associated Customer Data. We use Customer Data according to our customers’ instructions and our Terms of Service. Customers are able to: (1) restrict, remove, disclose, and access content and information associated with the accounts in their Workspaces; (2) grant, deny, or limit access to those accounts and Workspaces; and (3) configure the privacy settings for those accounts and Workspaces. If you create a Gridlines account with your work email and you aren’t already part of your company’s Workspace, your company may have the ability to add your account (including the content in it) to its Workspace. We’ll give you notice before that happens.

If information is aggregated or de-identified so that it can no longer be reasonably associated with an identifiable person, we may use it for any lawful purpose.

How We Share Your Information

We share information outside of Gridlines only as described below:

• Trusted Third Parties: We disclose information to our service providers or other third-parties so they can help us provide our Services and run our business. Examples include for storing Customer Data, payment processing, providing customer service, and helping us with our marketing activities. We’ll only disclose the information necessary for these parties to perform their services for us, and they’ll be bound by contractual obligations to protect your personal information.

• Third-party networks and websites: With third-party social media networks, advertising networks and websites, so that Gridlines can market and advertise on third-party platforms and websites.

• Other Users: When you collaborate with others, we display your basic account or profile information for context.

• Administrators: If you join a Workspace owned by another person or entity, the administrator of that Workspace has the right to access the content in it. Customers and their authorized users may choose to share and disclose information according to their own policies. Also, if you sign up for Gridlines with an email domain that is owned or managed by your employer or organization, we may share the fact that you have an account with us and some basic account information with your employer or organization.

• Change in Business Structure: If Gridlines is involved in a merger, acquisition, public offering, asset sale, insolvency, bankruptcy, or similar change in our business structure, we may need to disclose your information to those involved in the transaction, subject to confidentiality requirements.

• For Legal Reasons: We may release your information if we believe it is necessary to comply with the law, regulation, valid legal process, an enforceable government request, to prevent fraud or a security breach, enforce our policies or agreements, or protect our or others’ rights, property, or safety.

• With Your Consent: We’ll otherwise share your information only with your consent. For example, if you choose to enable a third-party integration, we may share account information and/or content from your account, but only as authorized by you when you enable or use the integration.

  
  

How We Protect Your Information

We are committed to protecting your information from unauthorized access, use, disclosure, and loss. We use industry-standard security practices to keep your information secure, such as encryption, access controls, physical security measures, and internal reviews of data collection, use, and storage. We’ve also obtained various compliance certifications and undergo ongoing audits to ensure continued security and compliance best practices.

However, data transmissions over the internet cannot be guaranteed to be 100% secure or safe from intrusion by others. Be sure to use secure internet connections, protect your login credentials, and create strong passwords for your account.

Data Retention

We’ll retain information you store on our Services for as long as your account exists or as long as we need it to provide you Services. If you delete your account or your content from Gridlines, we’ll permanently delete your account or content within 30 days, unless we need to retain any information to comply with our legal obligations, resolve disputes, or enforce our agreements. For any other information we may receive or collect from you, we’ll retain that information for only as long as is necessary for the purposes described in this Privacy Policy.

Your Rights

Individuals in the European Economic Area, the United Kingdom, and across the globe have certain statutory rights in relation to their personal data. Subject to any exemptions provided by law, you may have the right to request access to your personal information, as well as to seek to update, delete, or correct this information. You can exercise most of these rights through your Gridlines account. For example, if you wish to delete your personal information from Gridlines, you may permanently delete your account. You can also access and update your account information via your account settings page. If you are unable to exercise your rights through your Gridlines account, please contact the administrator of your Workspace, or otherwise you can send us your request.

Age Requirement

If you are under 13 years old (or the age of digital consent in your country), you may not sign up for Gridlines, and please do not send any personal information about yourself to Gridlines. If you believe that someone under 13 or the applicable age of digital consent has provided us with personal information in violation of this Privacy Policy, please contact us, and we will take steps to delete the information.

For California Residents

This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under California law.

Categories of Personal Information We Collect

The California Consumer Privacy Act (CCPA) grants additional privacy rights to California consumers, such as the right to:

In addition to the information provided above in the “Information We Collect” section, we collect the following categories of personal information from you, your employer, data analytics providers, data brokers, and third-party services:

• Identifiers (such as name, email address, and profile data);

• Commercial information (such as transaction data for a paid account);

• Financial data (such as payment method or financial account information);

• Internet or other network or device activity (such as IP address and usage information);

• Location information (e.g., the general location where you use your device when interacting with the Site, Software, and/or Services);

• Sensory information (such as documents if you upload a document with our service);

• Inferences drawn from any of the above information categories; and

• Other information that identifies or can be reasonably associated with you.

We and our service providers may use the categories of personal information we collect from and about you consistent with the various business and commercial purposes we discuss throughout this Privacy Policy. We explain the business or commercial purposes for collecting personal information above under “How We Use Your Information.”

We may also use the categories of personal information for compliance with applicable laws and regulations, and we may aggregate the information we collect or de-identify the information to limit or prevent identification of any particular user or device.

Categories of Personal Information Disclosed

In the last 12 months, we have disclosed the following categories of personal information for the purposes described in “How We Use Your Information” to our service providers that support our services: Identifiers/contact information (such as name, email address, and profile data), financial data (such as payment information for a paid account), internet or other network or device activity (such as IP address and usage information), and inferences based on these categories.

Use and Disclosure of Sensitive Personal Information:
To the extent that we collect, use, or share “sensitive personal information” as that term is defined under California law, we limit our use or disclosure of the sensitive personal information to permitted business purposes.

Your California Privacy Rights

• Right to Access. You have the right to request, up to two times each year, access to categories and specific pieces of personal information about you that we collect, use, disclose, sell, and share, such information to be provided to you in a readily useable format.

• Right to Delete. You have the right to request that we delete personal information that we collect from you, subject to applicable legal exceptions.

• Right to Correct. You have the right to request that we correct inaccurate person

• Data Transfers: To provide our Services, we transmit, process, and store data in the United States. We perform data transfers in accordance with applicable data protection law, using the following safeguards:

• Standard Contractual Clauses: Where required, we use standard contractual clauses to meet the data transfer requirements for processing personal data that is subject to the data protection laws of the European Economic Area (EEA), Switzerland, and UK and for other international transfers of Customer Data to the extent required by applicable law.

• Other Valid Transfers: We will otherwise only transfer personal data pursuant to a legally valid personal data transfer mechanism, including to a country that the European Commission or UK authorities have determined provides an adequate level of protection for personal data.

• Data Privacy Framework: Gridlines has certified to the EU-U.S., UK Extension to the EU-U.S. and Swiss-U.S. Data Privacy Frameworks (collectively, “DPF”). We will rely on the DPF to transfer personal data to the United States as permitted by applicable law.

  
  

Exercising your California Privacy Rights

To take advantage of your right to access, delete, or correct under California law please contact us by email at privacy@gridlines.com. We may request certain information to verify your identity before we can respond to your access and deletion requests. We will confirm receipt of your request within 10 business days and will respond to your request within 45 calendar days, after proper verification, unless we need additional time, in which case we will let you know.

Agent Requests

You may authorize someone to make a privacy rights request on your behalf (an authorized agent). Authorized agents will need to demonstrate that you’ve authorized them to act on your behalf or must demonstrate they have power of attorney pursuant to applicable probate law. Gridlines retains the right to request confirmation directly from you confirming that the agent is authorized to make such a request, or to request additional information to confirm the agent’s identity. An authorized agent is prohibited from using a consumer’s personal information, or any information collected from or about the consumer, for any purpose other than to fulfill the consumer’s requests, for verification, or for fraud prevention.

Please see the Privacy Notice for a description of the personal data we collect, the purposes for which we use it, and how and with whom we share it.

For Virginia Residents

This section provides supplemental information to residents of the State of Virginia, whose personal data we process in connection with the Services.

For information on the categories of personal data we process, please see “Information We Collect” above. The purposes for which we process personal data are described in “How We Use Your Information.” For information on how we share the categories of personal data we collect, please see “How We Share Your Information.”

Your Virginia Privacy Rights

• Right to Access. You have the right to confirm whether we are processing your personal data and to access such personal data.

• Right to Delete. You have the right to delete personal data provided by or obtained by you.

• Right to Opt-Out. You have the right to opt-out of “targeted advertising” as defined under Virginia law. We do not sell personal data as “sale” is defined under Virginia law.

• Right to Correct. You have the right to correct inaccuracies in the personal data, taking into account the nature of the personal data and the purposes of the processing.

• Right to Portability. You have the right to obtain a portable copy of the personal data that you provided to us.

Exercising your Virginia Privacy Rights

Making Access, Deletion, and Correction Requests

To make an access, deletion, or correction request, please email privacy@gridlines.com. Before completing your request, we may need to verify your identity. We may request additional documentation or information solely for the purpose of verifying your identity.

Making Requests to Opt-Out of “Targeted Advertising”
To submit a request to opt out of targeted advertising, you may click on the link “Do Not Sell or Share My Personal Information” on the footer of our websites.

To appeal our decision regarding a request related to these rights, you may email us at privacy@gridlines.com.

Updates to this Privacy Policy

We may update this Privacy Policy by posting the updates to our website. If an update materially impacts your rights or how we use your personal information, we will notify you either by email or other direct communication before the updates take effect. Any other revisions will become effective on the date the updates are posted by Gridlines.

Questions?

Email us questions at privacy@gridlines.com.