This Privacy Policy explains how GridVisio collects, uses, and protects your personal data. We are committed to your privacy and comply with the EU General Data Protection Regulation (GDPR) and Romanian data protection law.
GridVisio operates the coverage mapping platform available at gridvisio.com. For the purposes of GDPR, GridVisio acts as the data controller for personal data collected during account registration and platform use.
For data you upload to the platform (such as subscriber records), GridVisio acts as a data processor on your behalf, and you remain the data controller responsible for that data.
Contact: [email protected]
When you register, we collect your name, email address, and password (stored as a hashed value — we never store plain-text passwords). If you subscribe to a paid plan, billing and payment details are collected by Stripe on our behalf — we only receive a payment token and last-4 card digits.
We collect data about how you use the Service, including pages visited, features used, and actions taken. This is used to improve the Service and diagnose technical issues.
You may upload subscriber records, network topology data, geographic coordinates, and other business data to the platform. This data belongs to you. We process it only to provide the Service as described in Section 3.
We automatically collect IP address, browser type and version, operating system, referring URL, and session timestamps for security, fraud prevention, and service optimisation purposes.
If you contact us by email, we retain a record of that correspondence including your email address and the content of the message.
| Purpose | Data used | Legal basis |
|---|---|---|
| Providing and operating the Service | Account data, subscriber data, usage data | Contract performance |
| Processing payments and managing subscriptions | Account data, payment data | Contract performance |
| Sending transactional emails (password reset, billing, notifications) | Email address | Contract performance |
| Responding to support requests | Account data, communications | Legitimate interests |
| Improving and developing the Service | Usage data, technical data (aggregated/anonymised) | Legitimate interests |
| Security, fraud prevention, and abuse detection | Technical data, account data | Legitimate interests / Legal obligation |
| Complying with legal obligations | As required by applicable law | Legal obligation |
We do not sell your personal data to third parties. We do not use your data for advertising or profiling purposes.
We process your personal data on the following legal bases under Article 6 of the GDPR:
We share data with the following trusted third-party processors. Each is subject to appropriate data processing agreements and maintains their own security standards.
| Processor | Purpose | Location | Privacy policy |
|---|---|---|---|
| Stripe, Inc. | Payment processing and subscription management | USA (EU data transfer safeguards apply) | stripe.com/privacy |
| Hetzner Online GmbH | Cloud hosting and infrastructure | Germany (EU) | hetzner.com |
| Resend, Inc. | Transactional email delivery | USA (EU data transfer safeguards apply) | resend.com |
| Google LLC | Maps API for geographic visualisation | USA (EU data transfer safeguards apply) | policies.google.com |
| Cloudflare, Inc. | DNS, CDN, and DDoS protection | USA (EU data transfer safeguards apply) | cloudflare.com |
We do not authorise any processor to use your data for their own purposes beyond providing services to us.
We implement appropriate technical and organisational measures to protect your personal data, including:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay, as required by GDPR Article 33-34.
As a data subject under the GDPR, you have the following rights:
Request a copy of the personal data we hold about you.
Request correction of inaccurate or incomplete personal data.
Request deletion of your personal data where there is no compelling reason for continued processing.
Request that we restrict processing of your data in certain circumstances.
Receive your data in a structured, machine-readable format. Use the export tools in the Service or contact us.
Object to processing based on legitimate interests. We will cease unless we have compelling legitimate grounds.
Where processing is based on consent, withdraw at any time without affecting prior processing.
Lodge a complaint with the Romanian supervisory authority (ANSPDCP) or your local EU supervisory authority.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We may need to verify your identity before processing your request.
Romanian supervisory authority: Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP) — dataprotection.ro
GridVisio uses the following cookies:
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| Session cookie | Maintains your authenticated session | Session / 2 hours | Strictly necessary |
| CSRF token | Security — prevents cross-site request forgery | Session | Strictly necessary |
| Preferences | Remembers UI preferences (map type, filter state) | 1 year | Functional |
We do not use advertising cookies or third-party tracking cookies. The Google Maps API may set its own cookies for map functionality — these are governed by Google's privacy policy.
Strictly necessary cookies cannot be disabled as they are required for the Service to function. You may disable functional cookies through your browser settings, but this may affect your experience.
The Service is not directed at children under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at [email protected] and we will delete it promptly.
Some of our third-party processors are located outside the European Economic Area (EEA), including in the United States. Where we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including:
Our primary hosting infrastructure (Hetzner) is located in Germany and your data is stored within the EU by default.
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the Service at least 14 days before the changes take effect. The current version is always available at gridvisio.com/privacy. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.
For any privacy-related questions, requests to exercise your rights, or concerns about how we handle your data:
GridVisio
Email: [email protected]
Website: gridvisio.com
If you are not satisfied with our response, you have the right to lodge a complaint with the Romanian data protection authority:
ANSPDCP
B-dul Magheru 28-30, Sector 1, Bucharest
dataprotection.ro
[email protected]