Privacy Policy

Last Updated: April 7, 2025

This Privacy Policy explains how Space Grid AI ("we", "our", or "us") collects, uses, discloses, and protects personal information in connection with our software-as-a-service (SaaS) platform and related services. This Policy applies to personal data collected from users of our platform and website. By using our services, you agree to the terms of this Privacy Policy.

1. Information We Collect

1.1 Categories of Personal Information

We collect personal and business information that you or your organization provide directly, such as:

- Contact information (names, email addresses, phone numbers, physical addresses)

- Account credentials (usernames, passwords, security questions)

- Company information (company name, position, department)

- Billing and payment information

- User preferences and settings

- Communications with our support team

1.2 Technical and Usage Data

We collect data necessary to provide our services, including:

- Uploaded 3D spatial data which may incidentally contain identifiable features (e.g., faces)

- Device information (IP address, browser type, operating system)

- Usage data (features accessed, time spent, actions taken)

- Performance data (error logs, crash reports)

- Authentication records

1.3 Tracking Technologies

We do not currently use cookies or similar tracking technologies. Should we implement such technologies in the future, we will update this Privacy Policy and provide appropriate notice and consent mechanisms in accordance with applicable law prior to implementation.

2. How We Use Your Information

We use collected data to operate, maintain, and improve our platform and services. Specifically, we use personal information for:

- User authentication and account management

- Service delivery, including platform access and functionality

- Technical support and customer service

- Research and development to improve our platform

- Compliance with legal obligations

- Security monitoring and fraud prevention

- Communication about service updates and features

- Account administration, including billing and payment processing

We do not use personal information for automated decision-making or profiling that produces legal or similarly significant effects concerning you.

3. Legal Basis for Processing (Where Applicable)

If and when applicable (e.g., under the EU or UK General Data Protection Regulation), we process personal data based on one or more of the following legal grounds:

- Performance of a contract: Processing necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into a contract

- Legitimate interests: Processing necessary for our legitimate interests, such as platform improvement, security, and fraud prevention, except where such interests are overridden by your fundamental rights and freedoms

- Compliance with legal obligations: Processing necessary for compliance with a legal obligation to which we are subject

- Consent: Processing based on your specific consent, which may be withdrawn at any time

4. Sharing and Disclosure

4.1 Service Providers and Subprocessors

We do not sell personal information. We may share your information with trusted service providers (e.g., infrastructure, CRM, support platforms) that assist in operating our platform. All such subprocessors are bound by data protection obligations consistent with this Privacy Policy and applicable law.

Current subprocessors include:

- Firebase (cloud infrastructure and database)

- Google Cloud Platform (infrastructure services)

- Stripe (payment processing, if applicable)

We will notify customers of material changes to our subprocessor list via email or through account notifications.

4.2 Legal Requirements

We may disclose personal information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency). We will evaluate such requests on a case-by-case basis and will only disclose information that we determine, in our sole discretion, is necessary to comply with the request or that we are legally obligated to disclose.

4.3 Business Transfers

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information.

5. International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction, including the United States. When we transfer personal data across international borders, we implement appropriate safeguards to protect such information, including:

- Standard contractual clauses approved by the European Commission or applicable authorities

- Encryption and pseudonymization of sensitive information

- Contractual commitments from recipients regarding data protection

- Compliance with applicable export control and trade sanctions regulations

6. Data Security

We use technical and organizational measures to secure your information. These include:

- Encrypted storage and transmission of personal data

- Access controls and authentication measures

- Regular security assessments and penetration testing

- Employee training on data security and confidentiality

- Physical and environmental security controls for our systems

- Incident response procedures

Despite these measures, no electronic transmission or storage system is 100% secure. We cannot guarantee absolute security of your personal information.

7. Data Retention

7.1 Retention Periods

We retain personal data for as long as necessary to provide our services and for the following purposes:

- Active accounts: Data is retained for the duration of your subscription plus 30 days

- Terminated accounts: Basic account information is retained for up to 90 days after termination unless otherwise requested

- Billing information: Retained for 7 years as required by tax and accounting regulations

- Platform logs and security data: Retained for up to 1 year for security and performance analysis

7.2 Data Deletion

Upon termination of your account or upon request (subject to the exceptions outlined below), we will delete or anonymize your personal information within a reasonable time period.

We may retain certain information despite a deletion request if:

- Retention is necessary to comply with legal obligations

- Retention is necessary for our legitimate business interests, such as fraud prevention or security

- The information has been anonymized such that it can no longer be associated with you

8. Your Rights

8.1 Data Subject Rights

Depending on your location, you may have the following rights regarding your personal data:

- Access: The right to request information about personal data we process about you

- Rectification: The right to request correction of inaccurate personal data

- Erasure: The right to request deletion of your personal data in certain circumstances

- Restriction: The right to request limitation of processing in certain circumstances

- Objection: The right to object to processing based on legitimate interests

- Portability: The right to receive your personal data in a structured, machine-readable format

- Withdrawal of consent: The right to withdraw previously given consent

8.2 Exercising Your Rights

To exercise any of these rights, please contact us at alex.hilger@spacegrid.ai. We will respond to all legitimate requests within 30 days. In some cases, we may need additional information to verify your identity before processing your request.

8.3 Complaints

If you believe our processing of your personal information violates data protection laws, you have the right to lodge a complaint with a supervisory authority responsible for data protection in your country of residence.

9. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify affected individuals without undue delay, unless:

- The personal data is encrypted or otherwise protected

- We have taken measures to ensure the high risk is no longer likely to materialize

- It would involve disproportionate effort, in which case we will make a public communication

The notification will include:

- The nature of the breach

- The name and contact details of our data protection contact

- The likely consequences of the breach

- Measures taken or proposed to address the breach

10. Children's Privacy

Our services are intended for business use only and are not directed to children under 16. We do not knowingly collect data from minors. If we become aware that we have collected personal data from children without verification of parental consent, we will take steps to remove that information from our servers.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or business changes. When we do, we will revise the 'Last Updated' date at the top. Material changes will be notified via email to account administrators or through a notice on our platform prior to the change becoming effective. Continued use of our services indicates acceptance of the updated policy.

12. Export Control Compliance

Given the industrial and maritime applications of our platform, we comply with applicable export control laws and regulations. This may affect how we process and transfer certain technical data. We do not knowingly provide services to persons or entities located in countries subject to comprehensive sanctions or trade embargoes, or to individuals or entities subject to targeted sanctions, without appropriate licenses or authorizations.

13. Contact Information

For questions or concerns about this Privacy Policy or our data practices, please contact:

Privacy Team

Email: alex.hilger@spacegrid.ai

Please provide your name, contact information, and the nature of your request so that we can properly address your inquiry.

If we have a Data Protection Officer in the future, their contact information will be provided in an updated version of this Privacy Policy.