Privacy Policy

1. What Information We Collect

We collect information you provide directly to us, as well as information collected automatically when you use our platform:

Information You Provide

Account Information: When you create an account or sign up, we collect your email address, name, and account preferences.
Usage Data: Information about how you interact with our platform, including searches, filters applied, and queries executed.
Session Data: Session tokens and identifiers used to maintain your authenticated session.
Communication: Any messages you send us through support channels or feedback forms.

Information Collected Automatically

Log Data: IP address, browser type, operating system, pages visited, and the time and date of your activities.
Device Information: Device type, unique device identifiers, and hardware model.
Analytics: Interactions with our platform including features used, pricing queries, and search patterns.
Cookies and Similar Technologies: See the Cookies section for details.

2. How We Use Your Information

We use the information we collect for the following purposes:

Service Delivery: To provide, maintain, and improve our GPU pricing comparison service.
Authentication: To authenticate your identity and manage your account securely.
Personalization: To customize your experience and remember your preferences.
Analytics: To understand how users interact with our platform and identify usage patterns.
Performance: To monitor and analyze the technical performance and usage of our service.
Communications: To send you service-related notices, updates, and support responses.
Research: To conduct anonymized research on GPU pricing trends and market analysis (shared publicly).
Compliance: To comply with legal obligations and enforce our terms of service.

Important: We do NOT use conversations or queries to train AI models about you or your organization. Your pricing queries remain private and are only used for your own service delivery and anonymized market analysis.

3. Specific Data Categories

Email Addresses

We collect email addresses for account creation, authentication, and service notifications. Email addresses are not shared with third parties except where necessary for service delivery. We never sell email data.

Session Tokens and Authentication

Session tokens are encrypted identifiers used to maintain your authenticated session. They are NOT personally identifiable information and are automatically invalidated when you log out or after a period of inactivity. Session tokens are never shared with third parties.

Pricing Queries and Search Data

Logs of your GPU pricing queries, filters, and searches are stored to improve your experience and our service. This data is associated with your account but is treated as confidential. Anonymized aggregations of this data may be used for market research and published as part of our pricing reports.

Conversation and AI Interactions

If you interact with our AI features, we do NOT store personally identifiable information (names, email, organization names, or other PII) in conversation logs. Conversations are stored only to provide the service and may be reviewed to improve AI accuracy and safety. Conversations are NOT shared with third parties and are NOT used to train models about your identity.

Usage Analytics

We collect anonymized analytics about feature usage, page interactions, and performance metrics. This data cannot be traced back to you personally and is used to improve our platform.

Log and Device Data

We collect IP addresses, browser information, and device identifiers for security, fraud prevention, and service optimization. This data is retained in standard access logs and is subject to our data retention policy.

4. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience on our platform.

Types of Cookies We Use

Essential Cookies: Required for authentication, session management, and security. These cannot be disabled.
Preference Cookies: Remember your settings, language preferences, and UI customizations.
Analytics Cookies: Track how you use our platform to improve performance and user experience.
Marketing Cookies: Used to measure the effectiveness of marketing campaigns (optional, consent-based).

Your Cookie Choices

You can control cookies through your browser settings. Essential cookies are required to use our service; disabling them may limit functionality. You can opt out of analytics and marketing cookies without affecting core service features.

Cookie Duration: Session cookies expire when you close your browser. Persistent cookies may remain for up to 12 months unless you clear them.

5. Third-Party Services and Integrations

We use third-party services to deliver and improve our platform:

Analytics Providers

We use analytics services to understand how users interact with our platform. These services may collect anonymized data about your usage. Your personal information is not shared with analytics providers unless you have consented to marketing cookies.

AI and LLM Providers

To power certain AI features, we may use third-party AI providers. When you use AI features:

We do NOT send personally identifiable information (names, email, organization details) to AI providers.
We send only the query or context necessary to generate a response.
Third-party AI providers are contractually obligated not to use your data for training.

Infrastructure and Hosting

Our platform is hosted on secure cloud infrastructure. Hosting providers have access to infrastructure logs but cannot access user data without authorization.

Email and Communication Services

We may use third-party email services to send service notifications and account confirmations. These services process your email address but do not use it for marketing purposes without your consent.

Third-Party Privacy Policies: This policy covers only GridStackHub's practices. When you visit third-party services, their privacy policies apply. We are not responsible for their privacy practices.

6. GDPR and Your Rights

If you are located in the European Union, European Economic Area, or other jurisdictions with similar data protection laws, you have additional rights:

Your Data Rights

Right to Access: You can request a copy of the personal data we hold about you.
Right to Rectification: You can request correction of inaccurate or incomplete data.
Right to Erasure: You can request deletion of your data (the "right to be forgotten") subject to legal retention requirements.
Right to Data Portability: You can request your data in a structured, machine-readable format.
Right to Restrict Processing: You can request that we limit how we process your data.
Right to Object: You can object to certain types of processing, particularly for marketing.
Right to Withdraw Consent: If processing is based on your consent, you can withdraw it at any time.

How to Exercise Your Rights

To exercise any of these rights, contact us using the information in the Contact section below. We will respond to your request within 30 days (or as required by applicable law).

Legal Basis for Processing

We process your information based on:

Contractual Necessity: Processing required to provide our services under the terms of service.
Legal Obligation: Processing required to comply with laws and regulations.
Legitimate Interest: Processing necessary for legitimate business purposes (service improvement, fraud prevention).
Consent: Where you have explicitly consented to specific processing (e.g., marketing communications).

7. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

Account Data: Retained while your account is active. Upon account deletion, personal data is retained for 30 days in backup systems before permanent deletion, unless longer retention is required by law.
Session Data: Session tokens expire within 24 hours of creation or logout. Inactive sessions are automatically terminated.
Pricing Queries: Query logs are retained for 12 months for analytics and fraud prevention. Older logs are aggregated and anonymized.
Access Logs: IP address and access logs are retained for 90 days for security and performance monitoring.
Cookies: Session cookies are deleted when you log out. Persistent cookies expire within 12 months.
Legal Requirements: Data may be retained longer if required by law or if there is an active legal claim.

Backup Systems: Data in active backup systems is subject to the retention periods above. Archived backups used for disaster recovery are retained for up to 1 year.

8. Security

We implement industry-standard security measures to protect your information:

Encryption: Data in transit is encrypted using TLS/SSL. Sensitive data at rest is encrypted using AES-256 encryption.
Authentication: Account access requires secure authentication. We support strong password policies and encourage two-factor authentication.
Access Controls: Employee access to personal data is restricted to individuals who need it for their role, with audit logging of all access.
Security Audits: We regularly audit and test our security systems for vulnerabilities.
Incident Response: In the event of a data breach, we will notify affected users without undue delay as required by law.

No Method is Completely Secure: While we implement strong security measures, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

9. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have privacy concerns, please contact us:

Privacy Inquiries

Email: privacy@gridstackhub.ai

Website: gridstackhub.ai

We aim to respond to all privacy inquiries within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

10. Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this policy and, if the changes are significant, we will provide notice through our platform or by email.

Your continued use of GridStackHub after changes become effective constitutes your acceptance of the updated Privacy Policy.

Quick Navigation