Privacy Policy

Last Updated: November 18, 2025

1. Introduction

GridIron Data ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our API service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name
  • Email address
  • Company name (optional)
  • Subscription tier selection

2.2 Payment Information

Payment processing is handled by third-party payment processors. We do not store complete credit card numbers or payment details on our servers. We receive only transaction confirmations and payment status information.

2.3 API Usage Data

We automatically collect information about your API usage, including:

  • API endpoint accessed
  • Request timestamp and frequency
  • Response status codes
  • IP address
  • User agent and client information
  • API key used

2.4 Technical Information

We collect technical information to improve our service:

  • Browser type and version
  • Operating system
  • Device information
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: To provide, maintain, and improve the API service
  • Account Management: To create and manage your account, process payments, and handle support requests
  • Usage Monitoring: To enforce rate limits, track quota usage, and prevent abuse
  • Communication: To send service announcements, updates, security alerts, and marketing communications (with your consent)
  • Analytics: To analyze usage patterns and improve our service
  • Security: To detect and prevent fraud, unauthorized access, and security threats
  • Legal Compliance: To comply with legal obligations and enforce our terms

4. Data Sharing and Disclosure

4.1 Third-Party Service Providers

We share information with trusted third-party service providers who assist us in operating our service:

  • AWS (Amazon Web Services): Cloud hosting and infrastructure
  • Payment Processors: To process subscription payments
  • Email Service Providers: To send transactional and marketing emails
  • Analytics Providers: To understand service usage

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

  • Comply with legal obligations
  • Protect our rights or property
  • Prevent fraud or security threats
  • Protect user safety

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption in transit (TLS/SSL) and at rest
  • Secure API key generation and storage
  • Regular security audits and monitoring
  • Access controls and authentication
  • DDoS protection and rate limiting

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

  • Account Data: Retained while your account is active and for 30 days after deletion
  • API Usage Logs: Retained for 90 days for security and analytics
  • Payment Records: Retained for 7 years for tax and accounting purposes

7. Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data
  • Export: Receive your data in a portable format
  • Opt-Out: Unsubscribe from marketing communications
  • API Key Management: Regenerate or revoke API keys

To exercise these rights, contact us at privacy@gridirondata.com

8. Cookies and Tracking

We use cookies and similar technologies to:

  • Remember your preferences and settings
  • Analyze website traffic and usage patterns
  • Improve user experience

You can control cookies through your browser settings, but disabling cookies may affect functionality.

9. Third-Party Links

Our service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

10. Children's Privacy

Our service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we discover that we have collected data from a child, we will delete it promptly.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for international transfers.

12. Changes to Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or service announcements. The "Last Updated" date at the top indicates when the policy was last revised.

13. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of the sale of personal information
  • Right to deletion
  • Right to non-discrimination for exercising CCPA rights

Note: We do not sell personal information to third parties.

14. Contact Us

For questions about this Privacy Policy or our data practices, please contact:

Email: privacy@gridirondata.com

Support: support@gridirondata.com