Legal

Privacy Policy

Last updated: 19 June 2026

This Privacy Policy explains how madebygrids ("we", "us", "our"), operated by Made By Grids LLC, collects, uses, and protects your personal data when you visit madebygrids.com (the "Site") or purchase our products. Where we serve customers in the European Economic Area or the United Kingdom, we comply with the General Data Protection Regulation (Regulation EU 2016/679, "GDPR") and applicable data protection law.

1. Data controller

The data controller for your personal data is:

2. What data we collect

We collect the following categories of personal data:

a) When you contact us via the contact form: Name, email address, the topic you selected, and the content of your message.

b) When you make a purchase: Name, email address, billing information (processed directly by our payment provider, Stripe โ€” we do not store card details), country of residence, and Tax ID (if applicable).

c) When you request a free template: The email address you submit, which we use to send you the download link for the template you requested.

d) Automatically, when you visit the Site: IP address (anonymized where possible), browser type and version, pages visited, and referring URL. We use privacy-friendly analytics that do not use cookies and do not collect personally identifiable information.

4. How we use your data

We use your personal data to:

  • Respond to your inquiries sent through the contact form.
  • Process your order and deliver your template download, including order and support emails.
  • Send you a free template when you request one by email.
  • Issue receipts and meet our accounting and tax obligations under applicable law.
  • Improve the Site through aggregated, anonymized usage data.

We do not sell your personal data to third parties. We do not use your data for automated decision-making or profiling.

5. Data sharing

We share your data only with the following categories of recipients:

a) Service providers (sub-processors):

Provider Purpose Location Safeguards
Stripe, Inc. Payment processing USA EU SCCs / DPF
Hostinger International Ltd. Website hosting EU (Cyprus) GDPR (EU)
Google Fonts, jsDelivr, and unpkg Font, icon, and interface asset delivery EU / USA Provider safeguards

b) Legal and accounting professionals:

Where strictly necessary (e.g., for accounting, tax filings, or in the event of a legal dispute).

c) Public authorities:

Where required by law (e.g., tax administration, court orders).

6. International data transfers

Some of our service providers (Stripe, Hostinger, Google Fonts, jsDelivr, and unpkg) may transfer data outside the European Economic Area (EEA), in particular to the United States. Where this is the case, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs), provider security commitments, and, where applicable, certification under the EU-US Data Privacy Framework (DPF).

7. Data retention

We retain your personal data only as long as necessary for the purposes for which it was collected, or as required by law:

Data category Retention period
Contact form messages 3 years from last contact
Customer records (name, email, order) 5 years from purchase (commercial law)
Free-template email requests Until you ask us to delete it
Invoices and accounting records 10 years (standard accounting retention)

After these periods, data is either deleted or anonymized.

8. Your rights under GDPR

You have the following rights regarding your personal data:

  • Right of access: obtain a copy of the personal data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure: request deletion of your data, subject to legal retention obligations.
  • Right to restriction: request that we limit how we use your data.
  • Right to portability: receive your data in a structured, machine-readable format.
  • Right to object: object to processing based on legitimate interest.
  • Right to withdraw consent: where processing is based on consent, withdraw it at any time.

To exercise any of these rights, email us at hello@madebygrids.com. We will respond within one month. You also have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.

9. Data security

We implement appropriate technical and organizational measures to protect your personal data, including HTTPS encryption, access controls, and use of reputable third-party processors. No transmission over the internet is ever 100% secure, but we take reasonable steps to protect your data.

10. Cookies

For details on the cookies and tracking technologies we use, see our Cookie Notice.

11. Children

Our products are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have collected data from a minor, contact us so we can delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated via the Site or by email where appropriate.

13. Contact

For all questions, requests, or complaints regarding your personal data: hello@madebygrids.com