Privacy Policy

Effective: March 2025

Who we are

Gridberry is a web tool that converts spreadsheet data into print-ready PDFs for name badges, labels, and tent cards. We are not a SaaS platform, we don't have user accounts, and we don't sell anything to advertisers.

What data we collect

We collect only what's needed to provide the service:

  • Spreadsheet data — the rows and columns you upload are stored temporarily in an encrypted session so we can render your PDF. No copy is retained after 24 hours.
  • Uploaded images — background and logo images you upload are stored in Cloudflare R2 for the duration of your session (24 hours).
  • Generated PDFs — paid PDFs are stored in Cloudflare R2 for 7 days so we can send a re-download link. After 7 days the file is deleted automatically.
  • Email address — if you choose to receive a re-download link, we store your email address for 7 days alongside the PDF link, then it is deleted.
  • Payment data — payments are processed by Stripe. We never see or store your card details. Stripe's privacy policy applies to payment processing.
  • Anonymous analytics — we use Plausible Analytics, which is cookieless and GDPR-compliant by design. Plausible does not track individuals and does not share data with third parties.

What we do not collect

  • We don't create user accounts or require registration.
  • We don't use advertising trackers, pixels, or retargeting cookies.
  • We don't sell, rent, or share your data with anyone for marketing purposes.
  • We don't use your spreadsheet data to train machine learning models.

How we store and protect your data

Session data is stored in Upstash Redis with a 24-hour TTL. Data is encrypted in transit (TLS) and encrypted at rest. PDFs and images are stored in Cloudflare R2 with access restricted to presigned URLs that expire after 7 days.

Third-party services

Gridberry uses the following sub-processors:

  • Stripe — payment processing (US)
  • Resend — transactional email (US)
  • Cloudflare R2 — file storage (US/EU)
  • Upstash Redis — session storage (US/EU)
  • Plausible Analytics — cookieless analytics (EU)
  • Vercel — hosting and edge runtime (US/EU)

Each sub-processor is subject to their own privacy policy and applicable data protection regulations.

Your rights (GDPR / CCPA)

Because we don't create accounts or track individuals across sessions, most of your data is not linkable to you once the session expires. If you have a specific request — for example, early deletion of a PDF or your email address — contact us and we'll handle it within 30 days.

If you are in the EU, you have the right to access, rectify, or erase personal data we hold, as well as the right to data portability and the right to lodge a complaint with a supervisory authority.

Children

Gridberry is not directed at children under 13. We do not knowingly collect data from anyone under 13.

Changes to this policy

We may update this policy occasionally. Material changes will be noted at the top of this page with a new effective date. Continued use of Gridberry after a change constitutes acceptance of the updated policy.

Contact

Questions? Email us at hello@gridberry.app.