Privacy Policy
This Privacy Policy explains how TheGridProtocol LLC ("The Grid Network," "we," "us," or "our") collects, uses, discloses, and safeguards personal information when you use the website located at the-grid-network.pages.dev and any related services (collectively, the "Services"). By using the Services, you acknowledge the practices described here. If you do not agree, please do not use the Services.
1. Who we are & scope
The Grid Network is a directory and commerce platform that helps people discover and support local businesses — with an initial focus on Black-owned businesses across the Atlanta, Georgia area — by browsing a map of business "blocks," viewing storefronts, and placing orders. This Policy applies to personal information we process through the Services. It does not apply to third-party services we do not control (see Third-party links).
2. Information we collect
a. Information you provide directly
- Account information. When you create a customer or business account, we collect your name, email address, and a password. Passwords are never stored in plain text — they are salted and hashed (PBKDF2) before storage.
- Business listing information. If you register a business, we collect your business name, category, physical address, phone number, contact email, website, a description of your services, and the map "block" (zone, ring, and plot) you select.
- Orders & transactions. When you place an order, we collect order details and limited transaction metadata (such as amount, order reference, and status).
- Communications. Information you provide when you contact support or correspond with us.
b. Information from sign-in providers
If you choose "Continue with Google," Google Sign-In shares a limited profile with us — typically your name, email address, and a Google account identifier — so we can create or access your account. We do not receive your Google password. Your use of Google Sign-In is also governed by Google's privacy policy.
c. Payment information
Payments are processed by our third-party payment processor, Stripe. Payment card details are submitted directly to Stripe and are handled under Stripe's PCI-DSS-compliant systems. We do not collect or store your full card number, CVC, or full financial-account credentials. We receive only limited confirmation and transaction metadata needed to fulfill and record your order.
d. Information collected automatically
- Technical & log data. Our hosting and network provider (Cloudflare) automatically processes data such as your IP address, browser and device type, referring pages, and request timestamps for security, delivery, and performance.
- Approximate location. We may infer a coarse, city-level location from your IP address. We do not collect precise GPS location.
- Local storage. We store a session token in your browser's local storage (key
grid_auth) to keep you signed in. See Cookies & local storage.
4. How we use information
We use personal information to:
- Provide, operate, and maintain the Services, including creating and authenticating your account;
- Display approved business listings on the map and in search;
- Review, approve, reject, or remove business listings (moderation), and communicate the outcome — including a rejection reason — to the listing owner;
- Process and record orders and payments through Stripe;
- Send transactional and service messages (e.g., account, order, or moderation notices);
- Maintain security, prevent fraud and abuse, and enforce our Terms;
- Comply with legal obligations and respond to lawful requests; and
- Analyze and improve the Services.
5. Legal bases (EEA/UK users)
Where the EU/UK GDPR applies, we rely on the following legal bases: performance of a contract (to provide the Services you request); legitimate interests (to secure, maintain, and improve the Services, and to prevent fraud); consent (where required, e.g., certain communications — which you may withdraw at any time); and legal obligation (to comply with applicable law).
7. We do not sell your data
We do not sell your personal information, and we do not "share" it for cross-context behavioral advertising, as those terms are defined under California law. We do not process sensitive personal information for the purpose of inferring characteristics about you.
8. Data retention
We retain personal information for as long as your account is active or as needed to provide the Services, and thereafter as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements. When information is no longer needed, we delete or de-identify it. Transaction records may be retained longer where required for tax, accounting, or legal purposes.
9. Security
We use technical and organizational measures designed to protect personal information, including encryption in transit (HTTPS/TLS), salted-and-hashed password storage (PBKDF2), scoped access controls, and reputable infrastructure providers. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your password confidential.
10. Your rights & choices
Subject to applicable law, you may have the right to access, correct, update, delete, or obtain a copy of your personal information, and to object to or restrict certain processing. You can:
- Update your business contact details directly on your "My Listing" screen when signed in;
- Update account details or request access, correction, or deletion by emailing Privacy@TheGridProtocol.com.
We will verify your request (typically by confirming control of the account email) before acting, and we will not discriminate against you for exercising your rights. You may also have the right to lodge a complaint with your local data protection authority.
11. California privacy rights (CCPA/CPRA)
If you are a California resident, you have the right to know, access, correct, and delete the personal information we hold about you, and to opt out of the "sale" or "sharing" of personal information (we do neither). In the preceding 12 months, we may have collected the following categories of personal information:
| Category | Examples | Collected |
|---|---|---|
| Identifiers | Name, email, account ID, IP address | Yes |
| Customer records | Phone, business/contact address | Yes |
| Commercial information | Orders, transaction metadata | Yes |
| Internet/network activity | Log and device data | Yes |
| Geolocation | Coarse, city-level (from IP) | Yes |
| Sensitive personal information | Government IDs, precise location, financial account credentials | No |
To exercise your rights, email Privacy@TheGridProtocol.com. You may use an authorized agent, subject to verification. We will not discriminate against you for exercising these rights.
12. Other U.S. state privacy rights
Residents of states with comprehensive privacy laws (such as Virginia, Colorado, Connecticut, Utah, Texas, and others) may have similar rights to access, correct, delete, and obtain a copy of their personal information, and to opt out of targeted advertising, sale, or certain profiling. We do not conduct targeted advertising or sell personal information. To exercise these rights, contact Privacy@TheGridProtocol.com.
13. International users
The Services are operated from the United States and intended primarily for U.S. users. If you access the Services from outside the United States, you understand that your information may be transferred to, stored, and processed in the United States and other countries where our providers operate, which may have different data protection laws than your jurisdiction.
14. Children's privacy
The Services are not directed to children under 13 (or the minimum age required in your jurisdiction), and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact Privacy@TheGridProtocol.com and we will take appropriate steps to delete it.
15. Third-party links & services
The Services may link to or integrate third-party websites and services (e.g., Google, Stripe, business websites). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies.
16. Changes to this policy
We may update this Policy from time to time. When we do, we will revise the "Last updated" date above and, for material changes, provide additional notice as required by law. Your continued use of the Services after an update constitutes acceptance of the revised Policy.
17. How to contact us
TheGridProtocol LLC
Privacy requests: Privacy@TheGridProtocol.com
Legal notices: Risk@TheGridProtocol.com
Support: Support@TheGridProtocol.com