Legal

Privacy Policy

We take your privacy seriously. This policy explains what data we collect, why we collect it, how we use it, and how you can control it.

Terms of Service
Effective: January 1, 2026 Last Updated: May 1, 2026 Applies to: convertgrid.com & app.convertgrid.com

1. Overview

Welcome to ConvertGrid. ConvertGrid, Inc. ("ConvertGrid," "we," "us," or "our") is committed to protecting your personal information and your right to privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit convertgrid.com, use our application at app.convertgrid.com, or otherwise interact with our services (collectively, the "Services").

Please read this policy carefully. If you disagree with its terms, please discontinue use of our Services.

Short version: We collect only what we need to run our Services. We never sell your personal data. You can access, correct, or delete your data at any time.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Registration: Name, email address, password, company name, website URL, and billing details when you create an account.
  • Profile Information: Job title, phone number, profile photo, and any other details you voluntarily add.
  • Payment Information: Credit card numbers, billing address, and payment details. All payments are processed by Stripe — we do not store full card numbers on our servers.
  • Communications: Messages, support tickets, survey responses, and feedback you send us.
  • Campaign Content: Text, images, design settings, and targeting rules you build inside the ConvertGrid platform.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features clicked, time spent, referral URLs, and other interactions with our Services.
  • Device & Browser Data: IP address, browser type, operating system, device identifiers, screen resolution, and language settings.
  • Log Data: Server logs recording request timestamps, error reports, and diagnostic data.
  • Cookies & Trackers: First-party and third-party cookies, web beacons, and pixels (see Section 5).

2.3 Visitor Data Collected on Your Behalf

When you install the ConvertGrid script on your website, ConvertGrid collects data about your site visitors on your behalf to power targeting and personalization. This includes page URL, referral source, browser/device type, scroll depth, session duration, and behavioral signals (e.g. exit intent). As the website owner you are the data controller; ConvertGrid acts as a data processor under your instructions and our Data Processing Agreement (DPA).

2.4 Information from Third Parties

  • OAuth providers (Google, GitHub) when you choose social sign-in.
  • Integration partners (HubSpot, Mailchimp, Salesforce, Zapier) when you connect them to your account.
  • Publicly available data used for business verification and fraud prevention.

3. How We Use Your Data

We use the information we collect for the following purposes:

Purpose Legal Basis (GDPR)
Provide, operate, and maintain the ServicesContract performance
Process payments and send receiptsContract performance
Send transactional emails (alerts, security notices)Contract performance
Respond to support requests and troubleshoot issuesContract / Legitimate interests
Send product updates and marketing (with opt-out)Legitimate interests / Consent
Analyze usage to improve our ServicesLegitimate interests
Detect fraud, abuse, and security threatsLegitimate interests / Legal obligation
Comply with legal and regulatory obligationsLegal obligation
Personalize your experienceLegitimate interests / Consent

We do not use automated decision-making that produces legal or similarly significant effects without your explicit consent.

4. Sharing & Disclosure

We do not sell, trade, or rent your personal information. We share data only in these circumstances:

4.1 Service Providers

Trusted vendors who help us run our Services, bound by data processing agreements:

  • Stripe — Payment processing
  • Amazon Web Services (AWS) — Cloud infrastructure & storage
  • Google Analytics / Mixpanel — Product analytics
  • Intercom — Customer support & in-app messaging
  • SendGrid / Postmark — Transactional email
  • Sentry — Error monitoring
  • Cloudflare — CDN, DDoS protection, DNS

4.2 Business Transfers

In the event of a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent site notice before your data becomes subject to a different privacy policy.

4.3 Legal Requirements

We may disclose information when required by law or in response to valid requests by public authorities (courts, regulators). Where legally permitted we will notify you in advance.

4.4 Protection of Rights

We may share information to protect the rights, property, or safety of ConvertGrid, our customers, or others — including fraud prevention and security purposes.

4.5 With Your Consent

We may share information with third parties when you have given us explicit consent (e.g. co-publishing a case study about your results).

5. Cookies & Tracking

We use cookies and similar technologies to operate and improve our Services. Here is a summary of cookie categories we use:

CategoryPurposeCan Opt Out?
Strictly Necessary Session management, authentication, security. Required for core functionality. No
Functional Remembering preferences, settings, and personalization choices. Yes
Analytics Understanding how visitors use our site to improve performance. Yes
Marketing Retargeting and measuring advertising campaign effectiveness. Yes

You can manage cookie preferences through your browser settings or via our cookie consent banner. Disabling certain cookies may affect the functionality of our Services.

6. Data Retention

We retain personal information only as long as necessary for the purposes outlined in this policy, or as required by law:

  • Account data: Retained for the duration of your subscription plus 90 days post-closure to allow reactivation.
  • Billing records: Retained for 7 years to comply with financial and tax regulations.
  • Support communications: Retained for 3 years after your last interaction.
  • Analytics & log data: Retained in identifiable form for 24 months, then aggregated or deleted.
  • Visitor data collected on your behalf: Retained according to the settings you configure in your ConvertGrid dashboard.

When you delete your account, we initiate deletion or anonymization of your personal data within 30 days, except where retention is legally required.

7. Your Rights

Depending on your location, you may have the following rights over your personal information:

7.1 GDPR Rights (EU / EEA / UK Residents)

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Restriction: Request that we restrict processing in certain circumstances.
  • Data Portability: Receive your data in a structured, machine-readable format.
  • Object: Object to processing based on legitimate interests or for direct marketing.
  • Withdraw Consent: Withdraw consent at any time where processing is consent-based.

7.2 CCPA Rights (California Residents)

  • Right to know what personal information is collected and how it is used.
  • Right to request deletion of personal information.
  • Right to opt-out of the sale of personal information (we do not sell personal information).
  • Right to non-discrimination for exercising your privacy rights.

7.3 How to Exercise Your Rights

Email us at privacy@convertgrid.com or use the Account Settings → Privacy panel in your dashboard. We will respond within 30 days (GDPR) or 45 days (CCPA). Identity verification may be required.

You can download a full export of your data, manage marketing preferences, or request account deletion directly from Account Settings → Privacy — no email required.

8. Security

We implement industry-standard technical and organizational measures to protect your data:

  • AES-256 encryption for data at rest; TLS 1.2+ for all data in transit.
  • SOC 2 Type II compliant infrastructure hosted on AWS.
  • Role-based access controls and the principle of least privilege for all internal systems.
  • Regular third-party penetration testing and vulnerability assessments.
  • Two-factor authentication (2FA) available and strongly recommended for all accounts.
  • Automated anomaly detection and a documented security incident response plan.
  • Employee security training and background screening.

Despite our best efforts, no method of transmission over the internet is 100% secure. In the event of a data breach affecting your personal data, we will notify you and relevant regulatory authorities within 72 hours as required by law.

9. International Data Transfers

ConvertGrid is headquartered in the United States. If you access our Services from outside the US, your data may be transferred to, stored in, and processed in the United States or other countries where our service providers operate.

For transfers from the EEA, UK, or Switzerland, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • EU–U.S. Data Privacy Framework for qualifying transfers.
  • Supplementary technical and organizational safeguards where appropriate.

By using our Services you acknowledge that your information may be processed in countries with different data protection laws than your country of residence.

10. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16 without verifiable parental consent, we will delete it promptly. If you believe we have inadvertently collected such data, contact us at privacy@convertgrid.com.

11. Third-Party Links & Integrations

Our Services may link to third-party websites or integration partners (HubSpot, Mailchimp, Zapier, etc.). These parties operate under their own independent privacy policies. We are not responsible for their data practices and encourage you to review their policies before sharing personal information.

When you connect a third-party integration, you authorize ConvertGrid to exchange the data needed to power that integration. You can disconnect any integration at any time from Settings → Integrations in your dashboard.

12. Policy Changes

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. When we make material changes we will:

  • Post the updated policy here with a revised "Last Updated" date.
  • Send an email notification to the address on file at least 14 days before changes take effect.
  • Display a prominent banner in the app dashboard alerting you to the update.

Continued use of our Services after the effective date constitutes acceptance of the revised policy. If you disagree with the changes, you must stop using our Services before they take effect.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact our Privacy Team:

ConvertGrid, Inc. — Privacy Team

Email: privacy@convertgrid.com

Address: 340 Pine Street, Suite 800, San Francisco, CA 94104, USA

EU Representative: eu-privacy@convertgrid.com

If you are not satisfied with our response you have the right to lodge a complaint with your local data protection authority (e.g. the ICO in the UK, or the relevant EU supervisory authority in your member state).

Have a privacy question?

Our Privacy Team typically responds within 1–2 business days. For urgent data deletion or security-related requests, please mark your subject line accordingly.

Email Privacy Team