Last Modified: October 1, 2024
This page explains how Gridlines engages with Sub-Processors.
Summary of Sub-Processors
Google and LLM-Specific Information
Updates to Sub-Processors
Below is a summary of the key data processing, security, and service terms for the third-party service providers used by the Gridlines application. These providers play a crucial role in hosting, managing, and securing customer data, as well as supporting customer interactions and application functionality. Please note that this document is intended as a summary for informational purposes only and should not be considered legal advice. For complete details, refer to the full agreements and terms provided by each service provider.
Summary of Sub-Processors
Google Cloud Platform - Cloud Provider
Data: Business User data and End Customer data
Purpose: Cloud service provider, file storage, and other infrastructure services.
Entity Country: United States
Documents: General Service Agreement | Security | Cloud Data Processing Addendum
Google Gemini - Large Language Model (LLM) Provider
Data: Google does not store or retain any prompts or responses for paid LLM API usage.
Purpose: Large Language Models (LLM) and other API services used by the Gridlines application.
Entity Country: United States
Documents: Google's Service Specific Terms | Google Gemini Terms
HubSpot – CRM Provider
Data: Data: Information provided by individuals contacting Gridlines, including name, email, phone number, and any additional details based on the communication.
Purpose: Used for client relationship management and email communications to customers.
Entity Country: United States
Documents: Terms of Service | Security | Data Processing Agreement
Posthog - User Analytics
Data: User interaction data, such as page views, clicks, and behavior within the application.
Purpose: Gathering user analytics to improve user experience and application functionality.
Entity Country: United States
Documents: Terms of Service | Security | Data Processing Agreement
Sentry - Error Handling
Data: Application error logs, debugging information, and system performance data.
Purpose: Used to collect error messages and exceptions from the application.
Entity Country: United States
Documents: Terms of Service | Security | Data Processing Agreement
Stripe - Billing
Data: Payment information, transaction details, and customer billing data.
Purpose: Managing payments, subscriptions, and financial transactions for Gridlines.
Entity Country: United States
Documents: Stripe Services Agreement | Stripe Privacy Center | Data Processing Agreement
Supabase - Database
Data: Application data, user information, and other database-stored records related to Gridlines.
Purpose: Data storage and management for the Gridlines application.
Entity Country: United States
Documents: Terms of Service | Security | Data Processing Agreement
Signed copies, where applicable, are available upon request. Direct inquiries to: legal@gridlinesapp.com
Google and LLM-Specific Information
Google Data Privacy in Cloud Data Processing Addendum: Google is committed to protecting customer data as outlined in the Cloud Data Processing Addendum. Specifically, it states:
5.2 Protection of Customer Data:
"Google will access, use, and process Customer Data solely in accordance with the Cloud Data Processing Addendum. Google will not access, use, or process Customer Data for any other purposes beyond what is outlined in the agreement. They have implemented and will maintain the necessary technical, organizational, and physical measures to protect Customer Data, ensuring its safety and confidentiality."
Google's Service-Specific Terms: In addition to the general protection of customer data, Google reinforces specific restrictions related to Large Language Models (LLMs) in their Service-Specific Terms:
AI / ML Services (Section 17: Training Restriction):
"Google will not use Customer Data to train or fine-tune any AI/ML models without the customer’s explicit permission or instruction."
Google Gemini Terms: These terms provide further clarity on data use in the context of LLMs and paid services:
"When using Paid Services, Google does not use customer prompts (including associated system instructions, cached content, and files such as images, videos, or documents) or responses to improve its products. Data will be processed according to the Data Processing Addendum for products where Google acts as a data processor. This data may be stored transiently or cached in any country where Google or its agents have facilities."
Sub-processors Information and Updates
As part of our commitment to transparency and data protection, Gridlines may engage third-party sub-processors to support the delivery of our services. Our sub-processors assist with infrastructure, payment processing, and other essential services to ensure the smooth operation of the Gridlines platform.
We periodically review and update our list of sub-processors as needed to enhance our services. Should we add or replace any sub-processors, materially change the services they provide, or change the country from which they operate, we will provide notice to our customers at least 30 days in advance.
If you would like to receive notifications by email about any updates to our sub-processors, please email legal@gridlinesapp.com to subscribe to these updates.