Legal

Privacy Policy

Effective date: July 1, 2026  ·  Last updated: July 1, 2026

This Privacy Policy explains how TheGridProtocol LLC ("The Grid Network," "we," "us," or "our") collects, uses, discloses, and safeguards personal information when you use the website located at the-grid-network.pages.dev and any related services (collectively, the "Services"). By using the Services, you acknowledge the practices described here. If you do not agree, please do not use the Services.

1. Who we are & scope

The Grid Network is a directory and commerce platform that helps people discover and support local businesses — with an initial focus on Black-owned businesses across the Atlanta, Georgia area — by browsing a map of business "blocks," viewing storefronts, and placing orders. This Policy applies to personal information we process through the Services. It does not apply to third-party services we do not control (see Third-party links).

2. Information we collect

a. Information you provide directly

b. Information from sign-in providers

If you choose "Continue with Google," Google Sign-In shares a limited profile with us — typically your name, email address, and a Google account identifier — so we can create or access your account. We do not receive your Google password. Your use of Google Sign-In is also governed by Google's privacy policy.

c. Payment information

Payments are processed by our third-party payment processor, Stripe. Payment card details are submitted directly to Stripe and are handled under Stripe's PCI-DSS-compliant systems. We do not collect or store your full card number, CVC, or full financial-account credentials. We receive only limited confirmation and transaction metadata needed to fulfill and record your order.

d. Information collected automatically

3. Cookies & local storage

We use browser local storage to maintain your signed-in session. We do not use third-party advertising or cross-site tracking cookies. Third-party services that you interact with on our pages — such as Google Sign-In and Stripe — may set their own cookies or storage subject to their respective privacy policies. You can clear local storage and cookies at any time through your browser settings; doing so will sign you out.

4. How we use information

We use personal information to:

5. Legal bases (EEA/UK users)

Where the EU/UK GDPR applies, we rely on the following legal bases: performance of a contract (to provide the Services you request); legitimate interests (to secure, maintain, and improve the Services, and to prevent fraud); consent (where required, e.g., certain communications — which you may withdraw at any time); and legal obligation (to comply with applicable law).

6. How we share information

We share personal information only as described below:

7. We do not sell your data

We do not sell your personal information, and we do not "share" it for cross-context behavioral advertising, as those terms are defined under California law. We do not process sensitive personal information for the purpose of inferring characteristics about you.

8. Data retention

We retain personal information for as long as your account is active or as needed to provide the Services, and thereafter as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements. When information is no longer needed, we delete or de-identify it. Transaction records may be retained longer where required for tax, accounting, or legal purposes.

9. Security

We use technical and organizational measures designed to protect personal information, including encryption in transit (HTTPS/TLS), salted-and-hashed password storage (PBKDF2), scoped access controls, and reputable infrastructure providers. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your password confidential.

10. Your rights & choices

Subject to applicable law, you may have the right to access, correct, update, delete, or obtain a copy of your personal information, and to object to or restrict certain processing. You can:

We will verify your request (typically by confirming control of the account email) before acting, and we will not discriminate against you for exercising your rights. You may also have the right to lodge a complaint with your local data protection authority.

11. California privacy rights (CCPA/CPRA)

If you are a California resident, you have the right to know, access, correct, and delete the personal information we hold about you, and to opt out of the "sale" or "sharing" of personal information (we do neither). In the preceding 12 months, we may have collected the following categories of personal information:

CategoryExamplesCollected
IdentifiersName, email, account ID, IP addressYes
Customer recordsPhone, business/contact addressYes
Commercial informationOrders, transaction metadataYes
Internet/network activityLog and device dataYes
GeolocationCoarse, city-level (from IP)Yes
Sensitive personal informationGovernment IDs, precise location, financial account credentialsNo

To exercise your rights, email Privacy@TheGridProtocol.com. You may use an authorized agent, subject to verification. We will not discriminate against you for exercising these rights.

12. Other U.S. state privacy rights

Residents of states with comprehensive privacy laws (such as Virginia, Colorado, Connecticut, Utah, Texas, and others) may have similar rights to access, correct, delete, and obtain a copy of their personal information, and to opt out of targeted advertising, sale, or certain profiling. We do not conduct targeted advertising or sell personal information. To exercise these rights, contact Privacy@TheGridProtocol.com.

13. International users

The Services are operated from the United States and intended primarily for U.S. users. If you access the Services from outside the United States, you understand that your information may be transferred to, stored, and processed in the United States and other countries where our providers operate, which may have different data protection laws than your jurisdiction.

14. Children's privacy

The Services are not directed to children under 13 (or the minimum age required in your jurisdiction), and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact Privacy@TheGridProtocol.com and we will take appropriate steps to delete it.

16. Changes to this policy

We may update this Policy from time to time. When we do, we will revise the "Last updated" date above and, for material changes, provide additional notice as required by law. Your continued use of the Services after an update constitutes acceptance of the revised Policy.

17. How to contact us

TheGridProtocol LLC
Privacy requests: Privacy@TheGridProtocol.com
Legal notices: Risk@TheGridProtocol.com
Support: Support@TheGridProtocol.com

↑ Back to top