Welcome to Gridito (“Gridito,” “we,” “us,” or “our”). We respect your privacy and are committed to protecting it through our compliance with this Policy. This Privacy Policy (“Policy”) explains how we collect, use, disclose, store, and protect your personal information when you use our services (collectively, the “Service”), including our websites, software, and any related applications.

By accessing or using the Service, you agree to the terms of this Privacy Policy. If you do not agree, you must not use the Service.

1. Information We Collect

1. Google Login Information

  • When you create an account via Google Login, we collect your email address and possibly other details that Google may provide (e.g., name or nickname). Currently, the only essential data we store is your email address.

2. Automatically Collected Information

  • Log Data: When you use the Service, we may automatically record certain information, such as your IP address, browser type, operating system, access times, and pages viewed.

  • Cookies and Similar Technologies: We use cookies (and similar technologies like local storage or pixels) to remember your preferences, maintain login sessions, and analyze usage.

  • Analytics Data: We use a third-party analytics tool (PostHog) to collect technical and usage data (e.g., how you interact with the Service). This may include IP address, device information, and behavioral data.

2. How We Use Your Information

We use your personal information for the following purposes:

1. Account Management

  • To provide account authentication, manage user profiles, and facilitate secure access to the Service.

2. Service Improvement and Marketing

  • To analyze and improve our Service’s functionality, user experience, and performance (using tools like PostHog).

  • To send you newsletters, updates, or promotional content (subject to obtaining any required consent).

3. Security and Fraud Prevention

  • To detect, investigate, and prevent malicious or illegal activity, and maintain a safe online environment.

3. Retention of Personal Information

1. General Retention Policy

  • We will retain your personal information only as long as necessary to fulfill the purposes outlined in this Policy or to comply with applicable laws.

2. Deletion Upon Request

  • If you request account deletion, we will either delete or anonymize your personal information within a reasonable timeframe, unless we are required by law or legitimate business needs to retain it.

3. Compliance With Legal Obligations

  • Certain data (e.g., transaction records, if applicable in the future) may be retained in accordance with Korean law (e.g., commercial or tax laws) for a legally mandated period. After that period, the data will be securely deleted or anonymized.

4. Third-Party Services and Data Transfers

We rely on third parties to operate and improve the Service. In doing so, we may share or store personal data with the following services:

1. Hosting and Content Delivery (Cloudflare)

  • We use Cloudflare to host our Service, provide DNS management, and deliver content via their Content Delivery Network (CDN). As a result, your data (including IP addresses and certain log data) may be processed and transferred through Cloudflare’s global network of servers. For more information on Cloudflare’s data handling and security practices, please refer to Cloudflare’s Privacy Policy.

2. Authentication and Database (Supabase)

  • We use Supabase for user authentication, database management, and related back-end services. Your account details (such as your email address) and other data you provide or create within the Service may be stored on Supabase’s servers, which may be located outside of your country of residence. For more information, please refer to Supabase’s Privacy Policy.

3. Analytics (PostHog)

  • We use PostHog to analyze user behavior on our Service. Technical and usage data (such as IP address, device info, and interactions) may be sent to PostHog. We strive to minimize or anonymize personal data wherever possible.

4. International Data Transfers

  • By using our Service, you understand and acknowledge that your personal data may be transferred to, stored in, or processed in countries other than your own, including the United States or other jurisdictions where Cloudflare, Supabase, or PostHog operate. We take steps to ensure that any such transfer is performed in accordance with applicable data protection laws, which may include contractual safeguards or other mechanisms.

5. Other Third Parties

  • We do not share personally identifiable information (PII) with other third parties unless required by law or with your prior consent.

6. Outsourcing

  • If we outsource additional operations (e.g., hosting, email services, payment processing), we will ensure our processors adhere to appropriate data protection standards. We will inform users if we add or change major outsourcing relationships.

5. Your Rights

1. Access, Correction, Deletion

  • You have the right to request access to, correction of, or deletion of your personal information. You may do so by contacting us via email at contact@gridito.com.

2. Withdrawal of Consent and Account Deletion

  • You can withdraw your consent to our processing of your personal information at any time by deleting your account.

3. How to Exercise Your Rights

  • To exercise any of these rights, please get in touch with us via email. We will verify your identity and promptly address your request in accordance with applicable laws.

6. Data Security Measures

1. Technical and Organizational Measures

  • We take reasonable steps to protect your personal information, including encryption (where applicable), secure servers, firewalls, and access controls.

2. Third-Party Security

  • Cloudflare, Supabase, and PostHog employ their own security measures to safeguard your data. However, no system can be 100% secure. We encourage you to use a strong password, protect your login credentials, and contact us if you suspect any unauthorized activity on your account.

3. No Specialized Authentication (Currently)

  • We do not yet offer two-factor authentication (2FA), but we may consider adding additional security features as the Service evolves.

7. Cookies and Similar Technologies

1. Use of Cookies

  • We use cookies to store session data, remember preferences, and collect usage statistics.

2. Analytics Tools

  • We use PostHog (or similar platforms) that rely on cookies or tracking scripts to gather usage data.

3. Your Choices

  • You can disable cookies through your browser settings, but some features of the Service may not function properly if cookies are disabled.

8. Children’s Privacy (Under 14)

1. No Intentional Collection

  • We do not knowingly collect or solicit personal information from children under 14.

2. Parental/Guardian Notice

  • If you believe a child under 14 has provided us with personal information without proper consent, please contact us. We will take prompt steps to remove the data and delete the account if necessary.

Privacy Policy