Privacy Policy

Last Updated: January 13, 2025

Introduction

GridFlo ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application.

Information We Collect

Personal Information

  • Account Information: Name, email address, and profile information when you create an account
  • Authentication Data: Login credentials and authentication tokens from Google OAuth or email/password authentication
  • Contact Information: People and contact details you add to your blocks

Usage Data

  • Activity Data: Tasks, notes, habits, schedules, and other blocks you create
  • Interaction Data: How you interact with features, including clicks, views, and feature usage
  • Calendar Data: Events and scheduling information if you connect your Google Calendar

Technical Information

  • Device Information: Browser type, operating system, device type
  • Log Data: IP address, access times, pages viewed, and referring URLs
  • Cookies: Session cookies and authentication tokens

How We Use Your Information

We use your information to:

  • Provide Services: Enable core functionality including task management, note-taking, and habit tracking
  • Authentication: Verify your identity and maintain secure sessions
  • Calendar Integration: Sync with Google Calendar if you choose to connect
  • AI Features: Process your requests through AI assistants (OpenAI, Anthropic, Google Gemini)
  • Communication: Send password reset emails and important service updates
  • Improvement: Analyze usage patterns to improve our services
  • Security: Detect and prevent fraud, abuse, and security incidents

Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption: SSL/TLS encryption for data in transit
  • Authentication: Secure password requirements and JWT tokens
  • Access Controls: Role-based access and authentication checks
  • Rate Limiting: Protection against abuse via Upstash Redis
  • Content Security Policy: CSP headers to prevent XSS attacks

Your Rights and Choices

Access and Control

  • Access: Request a copy of your personal information
  • Update: Modify your account information and preferences
  • Delete: Request deletion of your account and associated data
  • Export: Export your data in standard formats

Opt-Out Options

  • Calendar Sync: Disconnect Google Calendar integration at any time
  • AI Features: Choose not to use AI-powered features
  • Account Linking: Control how multiple authentication methods are linked

Data Retention

We retain your information for as long as your account is active or as needed to provide services. You can request deletion of your account at any time, and we will delete your personal information within 30 days, except where retention is required by law.

Children's Privacy

Our service is not directed to individuals under 13 years of age. We do not knowingly collect personal information from children under 13.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers in compliance with applicable laws.

Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at:

  • Email: support@gridflo.app
← Back to Home