Privacy Policy

1. Introduction

Gridline Inc. ("Gridline," "we," "us," or "our") operates the Gridline POS platform, including our web dashboard, mobile applications, and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your personal information and your right to privacy in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Canadian provincial privacy legislation.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, phone number, business name, and business address when you register for an account.
• Payment Information: Credit card details and billing address processed securely through our payment processor, Stripe. We do not store full card numbers on our servers.
• Business Data: Product catalogs, customer records, transaction history, and employee information you enter into the Service.
• Communications: Messages you send to our support team, survey responses, and feedback.

2.2 Information Collected Automatically

• Device Information: IP address, browser type, operating system, device identifiers, and hardware model.
• Usage Data: Pages visited, features used, click patterns, session duration, and error logs.
• Location Data: Approximate location derived from IP address for fraud prevention and service optimization.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process transactions and send related information
• Manage your account and provide customer support
• Send administrative information, updates, and security alerts
• Analyze usage patterns to improve the Service and develop new features
• Detect, prevent, and address technical issues, fraud, and security breaches
• Comply with legal obligations and enforce our terms of service
• Facilitate loyalty program integrations (e.g., SoPoints) as configured by you

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers: Third-party vendors who perform services on our behalf (e.g., Stripe for payments, AWS for hosting, SoPoints for loyalty programs).
• Legal Requirements: When required by law, regulation, legal process, or governmental request.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate notice.
• With Your Consent: When you explicitly authorize us to share information with a third party.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

• Account data: Retained for the duration of your subscription plus 90 days after account closure.
• Transaction records: Retained for 7 years to comply with Canadian tax and financial regulations.
• Usage analytics: Aggregated and anonymized after 24 months.
• Support communications: Retained for 3 years after resolution.

You may request deletion of your data at any time by contacting privacy@gridlinepos.com. We will process your request within 30 days, subject to legal retention requirements.

6. Data Security

We implement industry-standard security measures to protect your information, including:

• AES-256 encryption for data at rest
• TLS 1.3 encryption for data in transit
• Multi-factor authentication for account access
• Regular security audits and penetration testing
• SOC 2 Type II compliant infrastructure (AWS Canada regions)
• Role-based access controls for internal staff

While no method of transmission over the Internet is 100% secure, we strive to use commercially acceptable means to protect your personal information.

7. Cookies and Tracking

We use cookies and similar tracking technologies to:

• Essential Cookies: Required for the Service to function (session management, authentication).
• Analytics Cookies: Help us understand how you use the Service to improve performance and features.
• Preference Cookies: Remember your settings and preferences.

You can control cookie preferences through your browser settings. Disabling essential cookies may affect Service functionality.

8. PIPEDA Compliance and Your Rights

Under PIPEDA and applicable provincial legislation, you have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate or incomplete information
• Withdraw consent for the collection, use, or disclosure of your information (subject to legal or contractual restrictions)
• File a complaint with the Privacy Commissioner of Canada

To exercise any of these rights, contact our Privacy Officer at privacy@gridlinepos.com. We will respond to your request within 30 business days.

9. International Data Transfers

Your information is stored and processed in Canada using AWS Canada (ca-central-1) infrastructure. We do not routinely transfer personal information outside of Canada. In the event that a transfer is necessary (e.g., for a specific service provider), we ensure adequate protection through contractual safeguards.

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child without parental consent, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact: