Trust · Privacy
Privacy Policy
Last updated: November 5, 2025
Controller: Gridline Operations LLC · Contact: gridlineoperations@outlook.com
This Privacy Policy explains what information Gridline Operations LLC (“GridLine,” “we,” “us”) collects when you use gridlineoperations.com and the GridLine Operations platform (the “Service”), how we use and protect that information, and the choices you have. By using the Service you agree to this Policy and to our Terms of Service.
1. Information we collect
- Account & company info — name, email, phone, company name, role, and admin/employee assignments.
- Project content you upload — jobsite photos and drone imagery, drawings and revisions, RFIs, submittals, daily reports, punch items, safety observations, deliveries, meeting minutes, and comments.
- Financial project data — budgets, change orders, commitments, pay applications, lien waivers, and cost transactions you or your team enter.
- Location & device data — GPS captured on daily reports and photo uploads (when enabled), device type, browser, and IP address for security logs.
- Billing info — collected and processed by Stripe. We store subscription status, plan, and last-4 card metadata; we do not store full card numbers.
- Support content — messages you send us or through the in-app chat.
2. How we use information
- Operate, secure, and provide the Service and its features.
- Authenticate users, enforce role-based access, and prevent abuse.
- Process subscription payments and the 30-Day GridLine Pilot conversion.
- Send transactional email (receipts, invitations, security alerts, product updates you have opted into).
- Improve reliability using aggregated, de-identified telemetry.
We do not sell personal information and we do not share personal information for cross-context behavioral advertising.
3. AI features & training
GridLine uses AI models to power features such as the AI Copilot, photo intelligence, drawing analysis, and calendar suggestions. When you use these features, the specific content required for the request is sent to our AI providers strictly to generate a response for you.
Your project data (photos, drawings, RFIs, financials, reports) is never used to train foundation AI models. Our AI providers process requests under zero-retention or short-retention contractual terms and are prohibited from using submitted content for model training.
4. Subprocessors
We share the minimum data necessary with vetted subprocessors that power hosting, storage, authentication, payments, email, and AI:
| Subprocessor | Purpose | Region |
|---|---|---|
| Cloudflare, Inc. | Application hosting, edge compute, CDN, DDoS protection | Global |
| Supabase (Lovable Cloud) | Managed Postgres, authentication, object storage | US |
| Stripe, Inc. | Payment processing, subscription billing, tax | US / Global |
| Resend | Transactional email delivery | US |
| Tawk.to | Optional live chat on marketing pages | US / EU |
| OpenAI, Anthropic, Google (via Lovable AI Gateway) | AI model inference for Copilot, photo & drawing intelligence | US |
Current list; we will update this table when we add or remove subprocessors.
5. Data ownership
You own the content you upload. GridLine holds the limited license needed to store, back up, transmit, and display your content solely to operate the Service for you and your company. Company admins can manage, export, or delete their company’s data at any time.
6. Data retention & deletion
- Active accounts: project data is retained for the life of your subscription.
- After cancellation: we retain your company’s data for 90 days so you can export or reactivate, then permanently delete it from production systems.
- Backups: encrypted backups are rotated on a rolling 30-day window and then overwritten.
- Financial & billing records: we retain invoice metadata for up to 7 years to meet US tax and accounting requirements.
- On-demand deletion: email gridlineoperations@outlook.com and we will delete personal data within 30 days, unless a legal hold applies.
7. Security
- TLS 1.2+ in transit and AES-256 encryption at rest.
- Row-Level Security enforced at the database on all customer tables.
- Least-privilege access controls; production access limited to authorized personnel.
- Continuous vulnerability scanning and dependency monitoring.
- Private storage buckets for photos, drawings, documents, and compliance files.
Full details on the Security page.
8. Data breach notification
If we confirm a breach that compromises your personal information, we will notify affected account admins by email without undue delay and within 72 hours of confirmation, along with the categories of data involved, the steps we are taking, and recommended actions. Where required by state law (including California, Colorado, Virginia, Connecticut, Utah, Texas, Oregon, and Delaware), we will also notify the applicable regulator.
9. Your rights (CCPA / CPRA, and other US state privacy laws)
If you are a California resident (or a resident of a US state with a comparable privacy law), you have the right to:
- Know what personal information we have collected about you.
- Access and receive a portable copy of that information.
- Correct inaccurate personal information.
- Delete your personal information, subject to legal and contractual retention.
- Opt out of the “sale” or “sharing” of personal information — GridLine does not sell or share your personal information for advertising, so nothing is required from you.
- Non-discrimination when you exercise these rights.
- Appeal a denial of a rights request — reply to our response email.
To exercise any right, email gridlineoperations@outlook.com. We will verify your identity via the email address associated with your account and respond within 45 days.
10. Children
The Service is intended for business use and is not directed to individuals under 16. We do not knowingly collect information from children.
11. International users
The Service is operated from the United States. If you access it from outside the US, you consent to the transfer and processing of your information in the US.
12. Changes to this Policy
We may update this Policy from time to time. Material changes will be posted here with a new “Last updated” date and, where required, notified to account admins by email.
13. Contact
Gridline Operations LLC
Privacy requests: gridlineoperations@outlook.com
Mailing address available on written request.