Gridshot
Get Started Free

Privacy Policy

Last updated: April 3, 2026

1. Introduction

Gridshot ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our AI-powered carousel creation platform ("the Service").

2. Information We Collect

Account Information

  • Email address
  • Display name
  • Profile avatar (optional)
  • Password (hashed, never stored in plain text)

Brand Profile Data

  • Brand name, tagline, and website URL
  • Brand colors, fonts, and style preferences
  • Voice description and tone presets
  • Target audience and ideal customer profile information
  • Social media handles and links

Content Data

  • Photos and images you upload
  • AI-generated text (headlines, body copy)
  • Carousel slides and exported images
  • Social media post drafts and publishing history

Technical Data

  • IP address and browser type
  • Device information and operating system
  • Usage patterns and feature interactions
  • Authentication tokens and session data

Website Extraction Data

When you use the brand extraction feature, we fetch publicly available HTML from the URL you provide to analyze brand elements. We do not store the fetched HTML after processing.

3. How We Use Your Information

  • Provide the Service: Process your photos, generate AI copy, create carousels, and publish to social platforms.
  • Brand Analysis: Use your brand profile data to customize AI-generated content to match your voice and style.
  • Account Management: Authenticate your identity, manage your subscription, and communicate about your account.
  • Improve the Service: Analyze usage patterns to fix bugs, improve features, and develop new functionality.
  • Security: Detect and prevent fraud, abuse, and unauthorized access.

4. Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area or United Kingdom, we process your personal data under the following legal bases:

  • Contract Performance: Processing necessary to provide the Service to you, including account management, brand profile storage, content generation, and social media publishing.
  • Legitimate Interest: Analytics and usage monitoring to improve the Service, security measures to protect against fraud and abuse.
  • Consent: Marketing communications (where applicable). You may withdraw consent at any time.
  • Legal Obligation: Processing required to comply with applicable laws, regulations, or legal proceedings.

5. AI Processing

We use Kie.ai (a third-party AI service powered by Google Gemini) to generate text content based on your brand profile and selected parameters.

  • Your brand voice description, tone presets, and audience information are sent to Kie.ai to generate contextually appropriate copy.
  • Photo content is not sent to AI services for text generation. AI copy is generated based on text parameters only.
  • We do not use your content to train AI models.

6. Data Sharing

We share your data only in these circumstances:

  • Social Media Platforms: When you publish content, we share your carousels and captions with the platforms you select (via Bundle Social).
  • AI Providers: Brand profile text data is sent to our AI provider for content generation.
  • Infrastructure Providers: Your data is stored on Supabase (database and file storage) and served via Vercel (hosting).
  • Payment Processors: If you subscribe to a paid plan, billing information is handled by Stripe. We do not store your full credit card details.
  • Legal Requirements: We may disclose data if required by law, court order, or to protect our rights and safety.

We do not sell your personal data to third parties. We do not share your data with advertisers.

7. Data Storage and Security

  • Your data is stored on Supabase infrastructure with row-level security (RLS) policies ensuring data isolation between users.
  • All data transmission is encrypted via HTTPS/TLS.
  • Passwords are hashed using industry-standard algorithms (bcrypt via Supabase Auth).
  • Uploaded photos are stored in isolated, user-scoped storage buckets.
  • API keys and service credentials are stored as encrypted environment variables, never exposed to clients.

8. Data Retention

  • Account data is retained for as long as your account is active.
  • Uploaded photos and created content are retained until you delete them or close your account.
  • Upon account deletion, we will delete your data within 30 days, except where retention is required by law.
  • Aggregated, anonymized analytics data may be retained indefinitely.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data.
  • Portability: Request your data in a machine-readable format.
  • Objection: Object to certain processing of your data.
  • Withdrawal of Consent: Withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at privacy@gridshot.app.

10. Cookies

We use essential cookies for authentication and session management. These cookies are strictly necessary for the Service to function and cannot be disabled. We do not use advertising or tracking cookies.

11. Children's Privacy

The Service is not intended for children under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

12. International Data Transfers

Your data may be processed and stored in the United States or other countries where our infrastructure providers operate. For transfers of personal data from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and on our processors' own transfer mechanisms (Supabase, Vercel, Stripe) to ensure adequate data protection.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. The "Last updated" date at the top indicates when the policy was last revised.

14. Contact Us

For privacy-related questions or requests, contact us at privacy@gridshot.app.