This Privacy Policy explains how madebygrids ("we", "us", "our"), operated by Omar Khalil, collects, uses, and protects your personal data when you visit madebygrids.com (the "Site") or use our services. We comply with the General Data Protection Regulation (Regulation EU 2016/679, "GDPR") and the French Data Protection Act (Loi Informatique et Libertés).
1. Data controller
The data controller for your personal data is:
- Omar Khalil (madebygrids)
- 12 Rue du Faubourg Saint-Antoine, 75011 Paris, France
- SIREN: 923 847 156
- Email: hello@madebygrids.com
2. What data we collect
We collect the following categories of personal data:
a) When you contact us via the contact form: Name, email address, the plan you are interested in (if selected), and the content of your message.
b) When you purchase a service: Name, email address, billing information (processed directly by Stripe — we do not store card details), country of residence, and Tax ID (if applicable).
c) During service delivery: Any information you voluntarily share during the onboarding call or by email (business context, workflow details, Notion workspace access).
d) Automatically, when you visit the Site: IP address (anonymized where possible), browser type and version, pages visited, and referring URL. We use privacy-friendly analytics that do not use cookies and do not collect personally identifiable information.
3. Legal basis for processing
Under GDPR, we process your data on the following legal bases (Article 6):
| Purpose | Legal basis |
|---|---|
| Responding to your contact form inquiry | Pre-contractual measures at your request (Art. 6(1)(b)) |
| Processing your purchase and delivering the service | Performance of a contract (Art. 6(1)(b)) |
| Issuing invoices and meeting tax obligations | Legal obligation (Art. 6(1)(c)) |
| Sending service-related emails (onboarding, delivery, support) | Performance of a contract (Art. 6(1)(b)) |
| Maintaining website security and preventing fraud | Legitimate interest (Art. 6(1)(f)) |
| Analytics on aggregated, anonymized data | Legitimate interest (Art. 6(1)(f)) |
We do not send marketing emails or newsletters unless you have explicitly opted in.
4. How we use your data
We use your personal data to:
- Respond to your inquiries and quote custom work.
- Process your purchase, deliver the workspace, and provide post-delivery support.
- Issue invoices and meet our legal accounting and tax obligations under French law.
- Maintain records of past projects for accounting and legal compliance.
- Improve the Site through aggregated, anonymized usage data.
We do not sell your personal data to third parties. We do not use your data for automated decision-making or profiling.
6. International data transfers
Some of our service providers (Stripe, Vercel) may transfer data outside the European Economic Area (EEA), in particular to the United States. Where this is the case, we ensure appropriate safeguards are in place, including the European Commission's Standard Contractual Clauses (SCCs) and, where applicable, certification under the EU-US Data Privacy Framework (DPF).
7. Data retention
We retain your personal data only as long as necessary for the purposes for which it was collected, or as required by law:
| Data category | Retention period |
|---|---|
| Contact form messages | 3 years from last contact |
| Customer records (name, email, project) | Duration of the contract + 5 years (commercial law) |
| Invoices and accounting records | 10 years (French Commercial Code, Article L123-22) |
After these periods, data is either deleted or anonymized.
8. Your rights under GDPR
You have the following rights regarding your personal data:
- Right of access: obtain a copy of the personal data we hold about you.
- Right to rectification: request correction of inaccurate or incomplete data.
- Right to erasure: request deletion of your data, subject to legal retention obligations.
- Right to restriction: request that we limit how we use your data.
- Right to portability: receive your data in a structured, machine-readable format.
- Right to object: object to processing based on legitimate interest.
- Right to withdraw consent: where processing is based on consent, withdraw it at any time.
To exercise any of these rights, email us at hello@madebygrids.com. We will respond within one month. You also have the right to lodge a complaint with the French supervisory authority, the CNIL (cnil.fr).
9. Data security
We implement appropriate technical and organizational measures to protect your personal data, including HTTPS encryption, access controls, and use of reputable third-party processors. No transmission over the internet is ever 100% secure, but we take reasonable steps to protect your data.
11. Children
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have collected data from a minor, contact us so we can delete it.
12. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated via the Site or by email where appropriate.
13. Contact
For all questions, requests, or complaints regarding your personal data: hello@madebygrids.com