1. Introduction.
Gridprise LLC (“Gridprise,” “we,” “us,” or “our”) provides infrastructure consulting, engineering, and managed services to businesses. This Privacy Policy explains what personal information we collect, why we collect it, how we use, share, and protect it, how long we keep it, and the rights and choices you have with respect to it.
This policy applies to:
- Our website at gridprise.com and any subdomains that link to this policy (the “Site”).
- Inquiries, communications, and correspondence you send us by any channel (email, phone, chat, video call, or in person).
- Our marketing, sales, and business-development activities.
- Personal information we process in the course of providing services to clients, except where a separate written agreement (such as a data processing agreement) governs that processing.
By using the Site, contacting us, or engaging our services, you acknowledge the practices described in this policy. If you do not agree with this policy, please do not use the Site or provide us with your information.
2. Definitions.
For the purposes of this policy:
- “Personal information” (or “personal data”) means any information that identifies, relates to, describes, or could reasonably be linked, directly or indirectly, to an identified or identifiable individual.
- “Client” means an organization or individual that has engaged Gridprise for services under an agreement, statement of work, proposal, or similar arrangement.
- “Client Systems” means the servers, networks, storage, applications, and related infrastructure that we design, build, provision, manage, monitor, or support on a Client’s behalf.
- “Processing” means any operation performed on personal information, whether or not by automated means, including collection, recording, organization, storage, adaptation, retrieval, use, disclosure, restriction, erasure, or destruction.
- “Controller” means the entity that determines the purposes and means of processing personal information; “processor” means an entity that processes personal information on a controller’s behalf.
3. Information You Provide Directly.
We collect information you choose to give us, including:
Contact and inquiry information. When you email us, call us, submit a form, or otherwise reach out, we collect your name, email address, phone number (if provided), company name and role, and the contents of your message, along with any attachments or materials you send.
Engagement and account information. If you or your organization becomes a Client, we collect the information necessary to establish, perform, and administer the engagement: the names, titles, and business contact details of your personnel; billing and postal addresses; purchase order references; tax identifiers where required; bank or payment details needed to process payments; and executed contracts, statements of work, and related records.
Credentials and access information. Where an engagement requires it and you choose to provide it, we may receive credentials, API keys, certificates, or access grants for Client Systems. We treat these as confidential, store them in dedicated secrets-management tooling, restrict access on a need-to-know basis, and rotate or destroy them per the engagement’s terms.
Communications and meeting records. We retain records of our communications with you — email threads, tickets, shared-channel chat messages (for example, Slack or Microsoft Teams channels), meeting notes, and, where all participants are notified, call or meeting recordings — to provide continuity of service and maintain an accurate history of the engagement.
Recruitment information. If you apply to work with us, we collect the information you include in your application, résumé, and correspondence, and information from interviews and references you authorize us to contact.
4. Information Collected Automatically.
When you visit the Site, our servers and infrastructure automatically record limited technical information, including:
- Your IP address and approximate region derived from it.
- Browser type and version, operating system, and device type.
- Referring URL, pages viewed, links clicked, and timestamps.
- Diagnostic data such as response codes and page-load errors.
We use this information for security (including abuse and bot detection), capacity planning, and diagnosing technical problems.
Cookies and tracking. The Site does not use advertising cookies, cross-site tracking pixels, social media trackers, or third-party analytics services that build profiles of visitors. Any cookies used are strictly necessary for the Site to function (for example, load-balancing or security cookies) and do not track you across other websites.
5. Information We Receive from Other Sources.
We may receive limited information about you from other sources, including: publicly available professional information (such as your company website or LinkedIn profile) used to prepare for or follow up on business conversations; referrals from mutual contacts, where the referrer provides your details; and payment confirmation data from payment processors. We do not purchase marketing lists or enrich profiles through data brokers.
6. Information Processed on Behalf of Clients.
In the course of managing Client Systems, we may have access to data stored on or transiting those systems. That data can include personal information belonging to a Client’s own employees, users, or customers. In these situations:
- We act as a processor (or “service provider” under the CCPA/CPRA) on the Client’s behalf.
- We access such data only to the extent necessary to perform the contracted services — for example, when debugging an application issue, restoring from backup, or investigating a security incident.
- We do not use such data for our own purposes, do not sell it, and do not disclose it except as directed by the Client or required by law.
- Our handling of it is governed by our agreement with the Client, including any data processing agreement.
- The Client remains the controller of that data. Individuals whose data resides on Client Systems should direct requests about that data to the relevant Client. We will assist Clients in responding to such requests as our agreements require.
Operational telemetry. We also collect operational telemetry from Client Systems we manage — system and application logs, performance metrics, alerts, configuration state, and inventory data. This telemetry is used solely for monitoring, incident response, security, capacity planning, and service improvement for that Client, and is retained per the engagement’s terms or our standard retention schedule in Section 10.
7. How We Use Information.
We use the information described above to:
- Respond to inquiries and communicate with you, including scheduling and conducting meetings.
- Evaluate prospective engagements, prepare proposals, and negotiate agreements.
- Provide, operate, maintain, secure, and improve our services and Client Systems.
- Administer engagements, including project management, invoicing, payment processing, and collections.
- Monitor for, detect, investigate, and respond to security incidents, fraud, and abuse affecting the Site, our systems, or Client Systems.
- Maintain business records and comply with legal obligations, including tax, accounting, and audit requirements.
- Establish, exercise, or defend legal claims.
- Evaluate job applications and manage recruitment.
- With your consent, for any other purpose described to you at the time of collection.
What we do not do. We do not sell personal information. We do not share personal information with third parties for their own advertising or marketing purposes. We do not make decisions producing legal or similarly significant effects about individuals by solely automated means. We do not send marketing communications beyond direct, relevant communication about our services; you can opt out of non-essential communications at any time by replying or emailing us.
8. Legal Bases for Processing.
Where the EU or UK General Data Protection Regulation (“GDPR”) applies, we rely on the following legal bases:
- Performance of a contract — processing needed to take steps at your request before entering an engagement and to perform the engagement itself.
- Legitimate interests — operating and securing the Site and our business; communicating with prospective and existing clients; maintaining business records; preventing fraud and abuse; and establishing or defending legal claims. Where we rely on legitimate interests, we balance them against your rights and expectations.
- Legal obligation — retaining records and making disclosures required by applicable law.
- Consent — where we ask for it (for example, optional communications or call recording). You may withdraw consent at any time without affecting processing that occurred before withdrawal.
9. How We Share Information.
We do not sell or rent personal information. We share it only in the following limited circumstances:
Service providers (subprocessors). We use a small number of vendors to operate our business — for example, infrastructure and hosting providers, email and productivity suites, scheduling and video-conferencing tools, accounting and invoicing software, and payment processors. These providers process information on our behalf, under contractual confidentiality and data-protection obligations, only as necessary to provide their services to us. A current list of the categories of subprocessors relevant to a Client engagement is available on request.
Professional advisers. We may disclose information to lawyers, accountants, insurers, bankers, and auditors where reasonably necessary in the course of our business.
Legal requirements and protection. We may disclose information if we believe in good faith that disclosure is required by law, regulation, legal process, or enforceable governmental request, or is necessary to investigate or protect against harm to the rights, safety, or property of Gridprise, our Clients, or others, or to enforce our agreements. Where legally permitted, we will notify affected Clients before disclosing information relating to their engagement.
Business transfers. If Gridprise is involved in a merger, acquisition, financing, reorganization, or sale of some or all of its assets, information may be transferred as part of that transaction, subject to the protections of this policy and applicable law. We will notify you of any transaction that results in a materially different privacy policy applying to your information.
With your direction or consent. We share information with third parties when you direct us to (for example, coordinating with your other vendors) or otherwise consent.
10. Data Retention.
We keep personal information only as long as needed for the purposes described in this policy, then delete it or render it irreversibly anonymous. As a general guide:
- Contact inquiries that do not lead to an engagement are retained for up to twenty-four (24) months from last contact, then purged.
- Engagement records — contracts, statements of work, correspondence material to the engagement, and deliverable documentation — are retained for the duration of the engagement and for seven (7) years thereafter, consistent with contract, tax, and accounting requirements.
- Invoices and financial records are retained for seven (7) years as required by tax and accounting law.
- Credentials and secrets provided for an engagement are destroyed or returned promptly upon termination of the engagement or earlier upon request, except where retention is required to complete agreed wind-down work.
- Operational logs and telemetry from Client Systems are retained on rolling windows appropriate to their purpose (commonly 30–400 days depending on the data and the engagement’s requirements) and then deleted, unless a Client’s compliance obligations require otherwise.
- Site server logs are retained for up to twelve (12) months for security purposes.
- Recruitment records for unsuccessful applications are retained for up to twelve (12) months unless you ask us to keep them longer or delete them sooner.
We may retain information longer where required by law, to resolve disputes, or to enforce agreements; in such cases, we restrict processing to those purposes.
11. Security.
Security is our profession, and we apply the same discipline to our own systems that we apply to our Clients’. Our measures include:
- Encryption of data in transit (TLS) and encryption at rest for stored data and backups.
- Access controls based on least privilege, with role-based access and periodic access reviews.
- Multi-factor authentication on administrative and remote access.
- Dedicated secrets management for credentials and keys, with rotation policies.
- Hardened, patched, and monitored systems, with centralized logging and alerting.
- Endpoint protection and full-disk encryption on company devices.
- Documented incident-response and breach-notification procedures.
- Confidentiality obligations for all personnel with access to client information.
No method of transmission or storage is completely secure, and we cannot guarantee absolute security. If we become aware of a breach of security affecting your personal information, we will notify you and any relevant authorities without undue delay and in accordance with applicable law, and will provide information about the nature of the breach and the measures taken.
12. International Transfers.
We are based in the United States, and information we collect is processed in the United States and in other jurisdictions where our service providers operate. These jurisdictions may have data-protection laws different from those of your jurisdiction.
Where we transfer personal information originating from the European Economic Area, the United Kingdom, or Switzerland to a country not deemed to provide adequate protection, we rely on appropriate safeguards, such as the European Commission’s Standard Contractual Clauses (and the UK Addendum or International Data Transfer Agreement, as applicable), together with supplementary measures where appropriate. You may request more information about these safeguards using the contact details below.
13. Your Rights.
Depending on where you live, you may have some or all of the following rights regarding your personal information:
- Access — to confirm whether we process your personal information and receive a copy of it.
- Rectification — to correct inaccurate or incomplete information.
- Erasure — to request deletion of your information in certain circumstances.
- Restriction — to request that we limit processing in certain circumstances.
- Objection — to object to processing based on legitimate interests, and to any direct marketing.
- Portability — to receive information you provided to us in a structured, commonly used, machine-readable format.
- Withdrawal of consent — where processing is based on consent, to withdraw it at any time.
- Complaint — to lodge a complaint with your local supervisory authority or data protection regulator.
California residents. Under the CCPA/CPRA, you have the right to know the categories and specific pieces of personal information we collect, use, and disclose; the right to request deletion and correction; the right to opt out of “sales” and “sharing” of personal information; the right to limit use of sensitive personal information; and the right not to be discriminated against for exercising these rights. We do not sell or “share” personal information as those terms are defined in the CCPA/CPRA, and we do not use or disclose sensitive personal information for purposes other than those permitted by the statute. You may designate an authorized agent to make requests on your behalf; we will verify the agent’s authority before acting.
Exercising your rights. To exercise any of these rights, email hello@gridprise.com with enough information for us to verify your identity and locate your information. We will respond within the timeframe required by applicable law (generally 30 days under the GDPR and 45 days under the CCPA/CPRA, extendable where permitted). We will not charge a fee unless a request is manifestly unfounded or excessive. If your data resides on Client Systems for which we act as a processor, we will refer your request to the relevant Client and assist them as our agreement requires.
14. Children’s Privacy.
The Site and our services are directed at businesses and are not intended for children under 16 (or the higher age of consent applicable in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will promptly delete it.
15. Do Not Track and Opt-Out Signals.
Because the Site does not track visitors across third-party websites or sell personal information, there is no cross-site tracking to disable, and we do not respond differently to browser “Do Not Track” or Global Privacy Control signals. Should our practices change, we will update this policy and honor applicable opt-out preference signals as required by law.
16. Third-Party Links.
The Site may contain links to third-party websites or resources. This policy does not apply to those third parties, and we are not responsible for their content or privacy practices. Review the privacy policies of any third-party sites you visit.
17. Changes to This Policy.
We may update this policy from time to time to reflect changes in our practices, technologies, or applicable law. When we do, we will revise the “Last updated” date at the top of this page. If changes are material, we will provide more prominent notice, and active Clients will be notified directly. Your continued use of the Site or our services after changes take effect constitutes acceptance of the revised policy. Prior versions are available on request.
18. Contact.
Questions, concerns, or requests regarding this policy or your personal information should be directed to:
Gridprise LLC — Privacy
Email: hello@gridprise.com
5900 Balcones Drive
STE 100
Austin, TX 78731
United States
If you are in the EEA or UK and believe we have not adequately addressed your concern, you may contact your local data protection authority.
See also our Terms of Service and Acceptable Use Policy.