Privacy Policy

GridHand AI LLC ("GridHand AI", "we", "us", or "our") is a Wisconsin limited liability company that provides AI automation services to small and medium-sized businesses. This Privacy Policy explains how we collect, use, and protect information when you use our platform at gridhand.ai and related services (collectively, the "Service").

We collect the following categories of information: **Account Information**: When you create an account, we collect your name, business name, email address, password (hashed), industry, city, and billing information. **Business Profile Data**: Information you provide to configure your workers — including business hours, services offered, frequently asked questions, phone numbers, addresses, and tone preferences. **Customer Contact Data**: Phone numbers and names of your customers that you provide or that are passed through third-party integrations (e.g., Make.com scenarios) for the purpose of sending automated communications on your behalf. **Usage Data**: Records of tasks your workers complete, messages sent, activity logs, and interaction history with Commander. **Payment Information**: Billing is handled by Stripe. We do not store full credit card numbers — only the last 4 digits, card type, and expiration date as provided by Stripe. **Technical Data**: IP addresses, browser type, device information, and cookies collected when you use the platform.

We use the information we collect to: (a) Provide, operate, and improve the Service (b) Send automated communications (SMS, email) on behalf of your business (c) Process billing and manage your subscription (d) Monitor worker performance and send you health alerts (e) Respond to your support requests (f) Comply with legal obligations (g) Detect and prevent fraud or abuse We do not use your business data or your customers' data for advertising, profiling, or any purpose beyond providing the Service.

When you use GridHand AI to send communications to your customers, their names and phone numbers are processed on your behalf. You are the data controller for your customers' information. We act as a data processor under your instruction. You are responsible for: (a) Ensuring you have appropriate consent to contact your customers (b) Maintaining accurate opt-out records (c) Complying with applicable privacy laws regarding your customers' data We automatically honor SMS opt-out requests ("STOP" replies) and remove opted-out numbers from future automated sends.

We do not sell your data. We share information only in the following circumstances: **Service Providers**: We work with trusted third-party providers to operate the Service, including: — Supabase (database hosting) — Twilio (SMS delivery) — Stripe (payments) — Anthropic / Groq (AI processing) — Resend (transactional email) — Make.com (automation workflows) — Vercel (platform hosting) Each provider has its own privacy policy and data processing terms. **Legal Requirements**: We may disclose information if required by law, subpoena, court order, or to protect the rights, property, or safety of GridHand AI LLC, our clients, or others. **Business Transfers**: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.

We retain your account and business data for as long as your account is active. Activity logs and message history are retained for up to 24 months. After account termination, we delete your data within 90 days, except where we are required to retain it for legal or compliance purposes. You may request deletion of your data at any time by contacting us at gridhand.ai@gmail.com.

We implement industry-standard security measures including: — Encrypted data storage and transmission (TLS/SSL) — Row-level security in our database — Hashed passwords (handled by Supabase Auth) — Service role key separation (no client-side access to admin operations) No security system is perfect. We cannot guarantee absolute security, but we take reasonable steps to protect your information.

We use cookies and similar tracking technologies to maintain your session and remember your preferences. We use Supabase Auth session cookies to keep you logged in. We do not use third-party advertising or tracking cookies. You can disable cookies in your browser settings, but this may affect your ability to use the Service.

Depending on your location, you may have the following rights regarding your personal data: — **Access**: Request a copy of the data we hold about you — **Correction**: Request correction of inaccurate data — **Deletion**: Request deletion of your data — **Portability**: Request your data in a machine-readable format — **Objection**: Object to certain types of processing To exercise any of these rights, contact us at gridhand.ai@gmail.com. We will respond within 30 days.

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have collected information from a minor, contact us at gridhand.ai@gmail.com and we will delete it promptly.

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies before providing any information.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in your dashboard. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us: GridHand AI LLC Email: gridhand.ai@gmail.com State of formation: Wisconsin