GridSite Logo

GridSite Privacy Policy

Effective Date: January 23, 2026

GridSite Privacy Policy

Effective Date: January 23, 2026

1. Introduction

GridSite Technology Inc. and its affiliated entities that provide the Services (collectively, "GridSite," "we," "our," or "us") are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, websites, applications, and services (collectively, the "Services").

By accessing or using the Services, you consent to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Services.

This Privacy Policy applies to information processed by us when you access or use the Services. Where we process personal data on behalf of a business customer as a service provider/processor, the applicable Data Processing Addendum ("DPA") governs that processing and may limit how we use that data. Different Services may be provided by different affiliates.

1.1 Definitions

"Personal Information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked (directly or indirectly) with a particular individual or household.

"Personal Data" has the meaning given under applicable data protection laws (including GDPR where applicable).

"Sensitive Personal Information" (or "Sensitive Data") includes categories treated as sensitive under applicable law, such as government-issued identification numbers, precise geolocation, account log-in credentials, biometric identifiers, financial account information, and information concerning a person's racial or ethnic origin, religious beliefs, health condition, or sex life/sexual orientation (as applicable).

"Operational Data" means telemetry and non-personal operational metrics generated by or collected from facilities, equipment, systems, and infrastructure connected to or monitored by the Services, and does not include Personal Information in identifiable form.

"Process" or "Processing" means any operation performed on information, such as collection, storage, use, disclosure, analysis, deletion, or transmission.

2. Information We Collect

2.0 Notice at Collection (Summary)

We collect the categories of information described in Sections 2.1–2.4 from (a) you, (b) your device and usage of the Services, (c) connected systems and integrations, and (d) third parties you enable. We use this information for the purposes described in Section 3, including providing and securing the Services, account administration, identity verification, safety and security, compliance, communications, analytics, and improving the Services. We disclose information to the categories of recipients described in Section 7. We retain information as described in Section 9 and delete or de-identify it when it is no longer needed, subject to legal holds and legally required retention.

2.1 Personal Information You Provide

We may collect personal information that you provide directly to us, including:

  • Contact Information: Name, email address, phone number, mailing address
  • Account Credentials: Username, password, security questions
  • Profile Information: Company information, professional background, job title, organization details
  • Verification Documents: Government-issued identification, proof of address, business licenses
  • Financial Information: Payment card information, billing address, tax identification numbers (processed securely through third-party payment processors)
  • Communication Preferences: Email notification settings, SMS preferences, marketing opt-in/opt-out choices
  • Biometric Data: Facial recognition templates, facial geometry, photographs used for facial recognition (see Section 6 for details)
  • Background Check Information: Criminal history data, employment verification, education verification, references (see Section 7 for details)

2.2 Automatically Collected Information

When you access our platform, we may automatically collect information about your device and usage, including:

  • Device Information: IP address, device identifiers, browser type and version, operating system, device type
  • Usage Data: Pages visited, features used, time and duration of visits, clickstream data, search queries
  • Location Data: General location information based on IP address (not precise GPS coordinates)
  • Cookies and Tracking Technologies: We use cookies, SDKs, pixels, tags, web beacons, and similar technologies to track usage and preferences, measure performance, detect fraud, and support analytics and monitoring tools

2.3 Operational and Telemetry Data

We collect operational data from facilities, equipment, and systems connected to our Services, including:

  • Equipment Telemetry: Sensor readings, performance metrics, environmental data (temperature, humidity, power consumption)
  • Network Data: Bandwidth utilization, connection status, network performance metrics
  • System Logs: Access logs, error logs, security event logs, audit trails
  • Infrastructure Metrics: Capacity utilization, resource allocation, system health indicators
  • Video/Audio Recordings: CCTV footage, access control recordings, security camera recordings (see Section 8 for details)

2.4 Information from Third-Party Services

We may receive information about you from third-party services integrated with our platform, including:

  • Identity Verification Services: SumSub (KYC/KYB data, ID verification results, face matching results)
  • Payment Processors: Stripe (payment transaction data, billing information)
  • Communication Services: SendGrid (email delivery status), Twilio (SMS delivery status)
  • Background Check Providers: Criminal history reports, employment verification results
  • MLS and Data Feeds: Property listing data, real estate information

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Provision

  • Provide, maintain, and improve our Services
  • Process transactions and manage your account
  • Enable access control and security features
  • Facilitate marketplace transactions and communications
  • Deliver professional services and support

3.2 Identity Verification and Security

  • Verify your identity and prevent fraud
  • Conduct background checks and credentialing (where applicable)
  • Monitor for security threats and unauthorized access
  • Investigate security incidents
  • Enforce our Terms of Service

3.3 Communication

  • Send transactional emails (account notifications, service updates, security alerts)
  • Send marketing and promotional communications (where you have opted in)
  • Respond to your inquiries and support requests
  • Send SMS/text messages for two-factor authentication and notifications (where you have consented)

3.4 Analytics and Improvement

  • Analyze usage patterns to improve our platform
  • Personalize your experience
  • Develop new features and services
  • Conduct research and analytics
  • Train and improve machine learning models using operational and telemetry data (see Section 3.5)

3.5 Operational Data and Machine Learning

We use Operational Data (telemetry, measurements, sensor readings, system logs, and other non-personal operational metrics) to operate, maintain, secure, and improve the Services; develop new features; conduct analytics and benchmarking; and develop and improve predictive analytics, machine learning, and artificial intelligence systems. To the extent Operational Data is used for model training or benchmarking, it is used in de-identified and/or aggregated form and is not intended to identify you, your facilities, or any individual.

We do not attempt to re-identify de-identified data except where necessary to provide the Services, investigate security incidents, or comply with law. We may commercialize aggregated or de-identified insights and benchmarks derived from Operational Data that do not identify you or any individual.

3.6 Legal Compliance

  • Comply with legal obligations and regulatory requirements
  • Respond to legal process, court orders, and government requests
  • Protect our rights, property, and safety, and that of our users and others
  • Enforce our agreements and policies

3.7 Business Operations

  • Manage our business operations and internal administration
  • Conduct audits and compliance reviews
  • Prevent fraud and abuse
  • In connection with mergers, acquisitions, or sale of assets (with notice to affected users)

3.8 Legal Bases for Processing (Where Applicable)

Where GDPR or similar laws apply, we process Personal Data under one or more legal bases, including: (a) performance of a contract (to provide the Services and support), (b) legitimate interests (such as securing the Services, preventing fraud, improving and developing the Services, and maintaining business operations), (c) compliance with legal obligations, and (d) consent (for example, where required for certain marketing communications, biometric collection where applicable, or non-essential cookies). You may withdraw consent where processing is based on consent, subject to legal and contractual restrictions.

4. Biometric Data Collection and Use

4.1 Collection of Biometric Data

Certain Services may collect biometric identifiers, including:

  • Facial recognition templates and facial geometry
  • Photographs used for facial recognition
  • Fingerprints (where applicable)
  • Voiceprints (where applicable)
  • Other unique biological characteristics used for identification

Biometric data may be collected either by us or by facility operators/customers using the Services; in those cases, the facility operator/customer is responsible for providing notices and obtaining consents, and we process such data as a service provider/processor where applicable.

4.2 Purpose of Biometric Data Collection

Biometric data is collected for:

  • Access control and security verification at facilities
  • Identity verification and authentication
  • Background check and credentialing processes
  • Security incident investigation
  • Prevention of fraud and unauthorized access

4.3 Consent and Disclosure

Before collecting biometric data, we will:

  • Inform you in writing of the specific purpose and length of term for which biometric data is being collected, stored, and used
  • Obtain your written release/consent (which may be electronic) where required by law
  • Inform you of your rights regarding biometric data

4.4 Retention Schedule and Guidelines

We maintain a written retention schedule and guidelines for biometric data as described in this Privacy Policy and will make it available upon request. We retain and destroy biometric data in accordance with Section 4.5 and applicable law.

4.5 Retention and Deletion

Biometric data will be retained only for the period necessary to fulfill the purposes for which it was collected, or as required by law, whichever is shorter. Unless otherwise required by law, biometric data will be destroyed within three (3) years of your last interaction with the Services, or upon your written request, whichever is earlier.

4.6 Prohibited Uses

We will not:

  • Sell, lease, trade, or otherwise profit from biometric data
  • Disclose biometric data except as necessary to provide the Services or as required by law
  • Use biometric data for any purpose other than those disclosed at the time of collection

4.7 Your Rights Regarding Biometric Data

You have the right to:

  • Access your biometric data
  • Request correction of inaccurate biometric data
  • Request deletion of your biometric data (subject to legal retention requirements)
  • Withdraw consent for future collection (which may limit your ability to use certain Services)

5. Background Checks and Screening

5.1 Background Check Information

We may collect and process background check information, including:

  • Criminal history records
  • Employment verification
  • Education verification
  • Reference checks
  • Credit reports (where applicable and authorized)

5.2 Purpose of Background Checks

Background checks are conducted for:

  • Employment and contracting decisions
  • Access control and credentialing
  • Security and safety purposes
  • Compliance with regulatory requirements

5.3 FCRA Compliance

Where background checks are conducted in connection with the Services, responsibilities may vary depending on whether we act as the service provider facilitating a check at a customer's direction or whether we are the entity making the determination. Where we facilitate checks at a customer's direction, the customer is responsible for providing required notices, obtaining authorizations, and following adverse action procedures as required by applicable law; the third-party screening provider may be a consumer reporting agency (CRA) subject to its own legal obligations.

Where we conduct background checks for employment, contracting, or access control purposes, we comply with the Fair Credit Reporting Act (FCRA) and applicable state laws, as applicable. This includes, where required by law:

  • Obtaining proper authorization before conducting background checks
  • Providing required disclosures
  • Following adverse action procedures where applicable
  • Providing dispute procedures

5.4 Your Rights Regarding Background Checks

You have the right to:

  • Receive a copy of your background check report
  • Dispute inaccurate information
  • Receive pre-adverse and adverse action notices (where applicable)
  • Request correction of errors

6. Video and Audio Recording

6.1 Recording Practices

Certain Services involve video and/or audio recording at facilities, including:

  • CCTV systems and security cameras
  • Access control systems
  • Video management systems (VMS)
  • Audio recording systems (where applicable)

6.2 Purpose of Recordings

Recordings are made for:

  • Security and safety monitoring
  • Access control and verification
  • Incident investigation
  • Compliance with security standards
  • Prevention of fraud, theft, or other unlawful activities

6.3 Notice and Consent

Where video or audio recording is conducted, we provide clear and conspicuous notice through signage or other means indicating that recording is in progress. By accessing facilities or using Services where recording occurs, you acknowledge and consent to such recording.

6.4 Retention of Recordings

Video and audio recordings are retained in accordance with applicable laws and security requirements. Unless otherwise required by law, recordings are typically retained for a period not exceeding ninety (90) days, after which they may be automatically deleted or archived. Recordings related to security incidents or legal proceedings may be retained longer as necessary.

6.5 Access to Recordings

Access to recordings is restricted to authorized personnel and may be provided:

  • To law enforcement or regulatory authorities as required by law or court order
  • To parties involved in security incidents or investigations
  • To facility operators and authorized security personnel
  • As otherwise permitted by law

You may request access to recordings containing your image or voice by contacting us in writing, subject to applicable privacy laws and security requirements.

7. Information Sharing and Disclosure

7.1 Service Providers

We disclose information to service providers acting as processors/service providers under contract. We may share your information with third-party service providers who perform services on our behalf, including:

  • Payment Processing: Stripe (payment processing, subscriptions, invoicing)
  • Email Services: SendGrid (transactional and marketing emails)
  • SMS/Text Messaging: Twilio (SMS notifications, two-factor authentication)
  • Identity Verification: SumSub (KYC/KYB compliance, ID verification, face matching, background checks)
  • E-Signature Services: SignNow (electronic document signing)
  • Cloud Storage: S3-compatible storage providers (file and document storage)
  • Database Services: PostgreSQL, MySQL, InfluxDB, Redis (data storage and caching)
  • Analytics Services: Usage analytics and performance monitoring
  • Infrastructure Providers: Hosting, CDN, and infrastructure services

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

7.2 Business Partners

We may share information with business partners at your direction or when necessary to provide you with services you've requested, such as:

  • Marketplace participants (buyers, sellers, lessors, lessees)
  • Vendor network participants
  • Licensed facility operators
  • Integration partners

7.3 Legal Requirements

We may disclose your information when required by:

  • Law, regulation, or legal process
  • Court orders or subpoenas
  • Government requests
  • Regulatory investigations
  • To protect our rights, property, or safety, or that of our users

7.4 Business Transfers

We may share your information in connection with:

  • Mergers, acquisitions, or consolidations
  • Sale of company assets or business units
  • Bankruptcy or reorganization proceedings

In such cases, we will provide notice to affected users and ensure the receiving party agrees to protect your information in accordance with this Privacy Policy.

7.5 With Your Consent

We may share your information with your explicit consent or at your direction.

7.6 Sale/Sharing for Advertising

We do not sell Personal Information as that term is commonly defined. If we engage in "sharing" of Personal Information for cross-context behavioral advertising as defined under certain state privacy laws, we will provide an opt-out mechanism as described in Section 10. Where applicable, we honor opt-out preference signals such as Global Privacy Control (Section 15.4).

8. Data Security

We implement appropriate technical and organizational measures to protect your information from unauthorized access, loss, or alteration, including:

  • Encryption: Industry-standard encryption for data in transit and at rest
  • Access Controls: Role-based access controls and authentication requirements
  • Security Monitoring: Continuous monitoring for security threats and vulnerabilities
  • Regular Audits: Security audits and assessments
  • Employee Training: Security awareness training for personnel
  • Incident Response: Procedures for detecting, responding to, and recovering from security incidents

However, no security system is impenetrable, and we cannot guarantee the absolute security of your data. You are responsible for maintaining the confidentiality of your account credentials and for all activities under your account.

9. Data Retention

We retain your information for different periods depending on the type of data and purpose:

  • Account Data: Retained while your account is active and for a reasonable period after account closure (typically 7 years for business records)
  • Transaction Data: Retained for at least 7 years for tax and accounting purposes
  • Biometric Data: Retained for no more than 3 years from last interaction, or as otherwise required by law
  • Video/Audio Recordings: Retained for up to 90 days unless related to security incidents or legal proceedings
  • Background Check Data: Retained for up to 7 years from date of report, or as required by law
  • Audit Logs: Retained for 365 days or as required by law
  • Operational Data: Retained indefinitely for model training, analytics, and service improvement purposes (in aggregated, anonymized form)
  • Verification Documents: Retained only as long as necessary for legal and compliance purposes

We may retain certain information for legal, regulatory, or legitimate business purposes even after you close your account.

10. Your Rights

Depending on your location, you may have rights regarding your personal information, including:

10.1 Right to Access

You have the right to request access to personal information we hold about you, including:

  • The categories of personal information collected
  • The sources of personal information
  • The business or commercial purpose for collecting personal information
  • The categories of third parties with whom personal information is shared
  • Copies of your personal information

10.2 Right to Deletion

You have the right to request deletion of your personal information, subject to certain exceptions, including:

  • Where retention is required by law or legal obligation
  • Where information is necessary to complete a transaction or provide requested services
  • Where information is needed for security or fraud prevention
  • Where information is used for internal purposes reasonably aligned with your expectations

10.3 Right to Correction

You have the right to request correction of inaccurate personal information.

10.4 Right to Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit that data to another service provider, where technically feasible.

10.5 Right to Opt-Out

Where applicable under state law, you may have the right to opt out of (a) the sale of Personal Information, (b) the sharing of Personal Information for cross-context behavioral advertising, (c) targeted advertising, and/or (d) certain automated profiling in furtherance of decisions that produce legal or similarly significant effects. We provide opt-out mechanisms as required by law, including recognition of Global Privacy Control where applicable (Section 15.4).

10.6 Right to Non-Discrimination

We will not discriminate against you for exercising your data rights.

10.7 Exercising Your Rights

To exercise your rights, please contact us using the information provided in Section 14 (Contact Us). We will verify your identity before responding to your request and will respond within the timeframes required by applicable law.

Authorized Agents. Where permitted by law, you may designate an authorized agent to submit a request on your behalf. We may require proof of the agent's authorization and verification of your identity.

Appeals. Where required by law, if we deny your request, you may have the right to appeal our decision. To appeal, contact us using the methods in Section 14 and include "Privacy Appeal" in the subject line.

11. Children's Privacy

The Services are intended for business users and are not directed to children. We do not knowingly collect Personal Information from individuals under 18. If you believe a minor has provided Personal Information through the Services, please contact us and we will take appropriate steps to delete such information, subject to legal requirements.

12. International Data Transfers

Your information may be transferred to and stored in jurisdictions outside your country of residence, including the United States. Where required by applicable law, we use appropriate safeguards for cross-border transfers, which may include contractual protections (such as standard contractual clauses) and additional technical and organizational measures. You may request information about applicable transfer safeguards by contacting us as described in Section 14.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Services. We will post the updated Privacy Policy at https://portal.gridsiteinc.com/privacy and update the "Effective Date" above. Changes apply prospectively from the effective date. Where required by law or where changes are material, we will provide notice through reasonable means (such as email or in-product notice). Your continued use of the Services after the effective date constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: [email protected]

Mail: Legal Department GridSite Technology Inc. 6009 W. Parker Rd., Ste. 149-298 Plano, TX 75074

For data rights requests, please include "Privacy Request" in the subject line and specify which right you wish to exercise.

15. Additional Information

15.1 Data Processing Addendum

Where we process personal data on your behalf as a processor, our Data Processing Addendum (DPA) applies and is incorporated by reference. The DPA provides additional details about our data processing practices and your rights.

15.2 State-Specific Rights

This Privacy Policy is designed to comply with applicable privacy laws, including:

  • California Consumer Privacy Act (CCPA): California residents have additional rights as described in Section 10
  • General Data Protection Regulation (GDPR): EU residents have additional rights as described in Section 10
  • Illinois Biometric Information Privacy Act (BIPA): Illinois residents have additional rights regarding biometric data as described in Section 4
  • Texas Biometric Privacy Laws: Texas residents have rights regarding biometric data as described in Section 4

15.3 Cookies and Tracking Technologies

We use cookies, SDKs, pixels, tags, and similar technologies to (a) operate the Services, (b) remember preferences, (c) authenticate sessions, (d) measure performance and usage, (e) detect fraud and abuse, and (f) improve and develop the Services. Some technologies are placed by third-party providers that support analytics, error monitoring, and communications delivery. Where required by law, we provide choices regarding non-essential cookies through a consent banner or privacy preferences.

15.4 Do Not Track; Global Privacy Control

Browser "Do Not Track" signals may not be uniformly recognized. Where required by applicable law, we treat Global Privacy Control ("GPC") signals as a valid request to opt out of the sale or sharing of Personal Information for cross-context behavioral advertising (if applicable). You may also exercise applicable opt-out rights as described in Section 10.

15.5 Third-Party Links

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party sites you visit.