Privacy Policy

1. Introduction

Gridtrove (“we,” “us,” or “our”) operates the Gridtrove platform, including the website gridtrove.com and all associated services (collectively, the “Platform”). We are committed to protecting your personal information and being transparent about how we use it.

This Privacy Policy explains what information we collect, why we collect it, how we use and protect it, and what rights you have over your data. By using the Platform you agree to the practices described here.

2. Information We Collect

Account and Profile Information

• Name, email address, and password (hashed — we never store plaintext passwords)
• Billing and shipping addresses
• Phone number (optional, used for order updates)
• Email verification status and multi-factor authentication settings

Transaction Information

• Order history, line items, quantities, and prices
• Payment method type and last four digits (full card numbers are processed by our payment provider and never stored on our servers)
• Cryptocurrency transaction hashes and wallet addresses used for purchases
• Financing application details where applicable

Usage and Technical Information

• Pages visited, products viewed, and time spent on the Platform
• Solar system sizing inputs entered in the Wizard (load, location, goals)
• Cart contents and checkout funnel activity
• IP address, browser type, device type, and operating system
• Referral source and UTM parameters

Communications

• Messages you send us via the AI chat widget or support email
• Your preferences for marketing communications

Guest Sessions

When you use the Platform without an account, we create an anonymous guest session (identified by a secure random token stored in your browser) to persist your cart and solar sizing results. This token is migrated to your account when you register.

3. How We Use Your Information

• Fulfilling orders: Processing payments, arranging shipping, sending tracking updates
• Account management: Authentication, password resets, email verification
• Product recommendations: Personalising equipment suggestions based on your system sizing inputs and location
• Customer support: Responding to questions, resolving disputes, troubleshooting orders
• Platform improvement: Analysing usage patterns to improve the Wizard, search, and product catalogue
• Security: Detecting fraud, suspicious login attempts, and abuse
• Legal compliance: Meeting applicable legal, regulatory, and tax obligations
• Marketing communications: Sending product updates, educational content, and promotions — only with your consent and always with an unsubscribe option

4. Cookies and Analytics

We use PostHog for product analytics. PostHog collects anonymised usage data such as page views, click events, and funnel completion rates. This data is used to understand how users interact with the Platform and to identify areas for improvement. We do not use this data to build individual advertising profiles.

We use session cookies necessary for authentication (JWT access token, refresh token) and an anonymous guest session cookie. These are strictly necessary for the Platform to function and cannot be disabled without breaking core features.

We do not use third-party advertising cookies or sell your data to ad networks.

5. Sharing Your Information

We share your information only in the following circumstances:

• Payment processors: Your payment details are transmitted directly to our payment processor (XPayLabs) over encrypted connections. We do not receive or store full payment card numbers.
• Shipping carriers: Your name and delivery address are shared with the carrier handling your shipment.
• Certified installers: If you request an installer referral, your contact information and system sizing summary are shared with the installer you select. You control this disclosure.
• Infrastructure providers: We use cloud infrastructure (servers, database, object storage) to operate the Platform. These providers process data under strict data processing agreements.
• Legal requirements: We disclose information when required by law, court order, or to protect the safety and rights of our users or third parties.

We do not sell your personal data.

6. Data Retention

• Account data: Retained for as long as your account is active, plus up to 3 years after closure for legal and dispute resolution purposes
• Order records: Retained for 7 years for tax and accounting compliance
• Analytics data: Retained for 12 months in identifiable form, then aggregated
• Guest sessions: Automatically purged after 90 days of inactivity
• Security logs: Retained for 12 months

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Portability: Request your data in a machine-readable format
• Objection / Opt-out: Opt out of marketing communications at any time via the unsubscribe link in any email, or by contacting us
• Restrict processing: Request that we limit how we process your data in certain circumstances

To exercise any of these rights, contact us at [email protected]. We respond to all requests within 30 days.

8. Security

We implement industry-standard security measures including: TLS encryption in transit, AES-256 encryption at rest for sensitive fields, bcrypt password hashing, JWT authentication with short-lived access tokens, rate limiting on all authentication endpoints, and anomalous-login detection.

No method of transmission over the internet is 100% secure. If you discover a security vulnerability, please report it to [email protected].

9. Children

The Platform is not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced by email to registered users and by posting a notice on the Platform at least 14 days before the changes take effect. Continued use of the Platform after changes take effect constitutes acceptance of the revised policy.

11. Contact

For privacy questions or to exercise your rights, contact us at: