Privacy Policy

Last updated: March 2026

Scope and Global Use

Gridwinner is available to users worldwide. This policy applies regardless of where you access the Service. We aim to comply with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the UK GDPR, and other regional requirements. If you are in the European Economic Area (EEA), United Kingdom, or another jurisdiction with specific privacy rights, the sections below describe how we handle your data and how you can exercise your rights.

Our Commitment to Privacy

At Gridwinner, privacy isn't just a feature — it's the foundation of our product. We built Gridwinner specifically to keep your sensitive supplier data safe.

What Data We Don't Collect

Let's start with what we don't do:

  • We don't upload your files. All CSV and Excel processing happens entirely in your browser using Web Workers.
  • We don't see your supplier lists. Your product data, prices, ASINs, and Keepa-style analysis never touch our servers.
  • We don't track your analysis. What you analyze stays on your machine.

What Data We Do Collect

You can use Gridwinner as a guest (limited rows) or create an account for Free and Pro tiers. If you create an account, we collect minimal information:

  • Email address (for authentication)
  • Payment information (processed securely via Stripe, for Pro subscriptions)
  • Basic usage analytics (page views, feature usage counts), where applicable

Authentication

We use Clerk for authentication. Clerk is SOC 2 Type II compliant and handles your login credentials securely. We never see or store your password.

Payment Processing

All payments are processed through Stripe. We never see your full credit card number. Stripe is PCI DSS Level 1 compliant — the highest level of certification.

International Data Transfers

Our service and some of our providers (e.g. Clerk, Stripe) may process data in the United States or other countries outside your residence. Where required by law, we rely on adequacy decisions, standard contractual clauses, or other lawful transfer mechanisms to protect your data when it is transferred internationally.

Cookies

We use minimal cookies for:

  • Authentication session management
  • Basic analytics (if enabled)

We do not use advertising cookies or sell data to third parties. For full details on cookies and how to manage them, see our Cookies Policy. A cookie consent banner may be used on the site (e.g. via Cookiebot or similar) once the domain is connected; you can manage your preferences there.

Data Retention

Since we don't store your analysis data, there's nothing to retain. Account information is kept while your account is active and deleted upon request.

Your Rights

You have the right to:

  • Access any personal data we hold about you
  • Request correction or deletion of your account and data
  • Export your account information (data portability)
  • Opt out of marketing communications
  • Object to or restrict certain processing where applicable by law
  • Lodge a complaint with a supervisory authority in your country

To exercise these rights, contact us at the email below. We will respond within the timeframes required by your jurisdiction.

Contact Us

For any privacy-related questions or requests, contact us at legal@gridwinner.com

Changes to This Policy

We may update this policy occasionally. Significant changes will be communicated via email to registered users. The "Last updated" date at the top reflects the latest revision.