Privacy Policy
Last updated: April 26, 2026
Who we are
UnGrid (“we”, “us”) operates the website and related services. For GDPR purposes, the data controller is the legal entity named on our contact page and in our legal notice (imprint).
Data we collect
- Account and sign-in: If you create an account, we store your email address and a secure password hash, and we may store optional profile fields you provide. An HTTP-only session cookie keeps you signed in.
- Checklists and planning tools: Progress you save (e.g. plan checklists, calculator inputs) may be stored in our database and tied to your account when you are logged in. Before sign-in, similar data may be stored only on your device (see cookies and storage below).
- Shop purchases: When you buy physical goods through our shop, Shopify processes checkout and shares order information with us as needed to fulfill your order (for example email, shipping address, line items). We do not store full payment card numbers on our servers.
- Digital PDF purchases (Mollie): For certain paid downloads, Mollie processes payment. We store payment references and status in our systems to deliver your download and meet legal obligations.
- Guide unlocks: For some guides (for example hardware-linked PDFs), we may verify purchase using your email and order reference against Shopify records.
- Offline app sync: If you use the UnGrid offline app while signed in, checklist progress may sync to our servers over HTTPS when you are online.
- Affiliate and redirect links: Clicks on
/go/links may be logged with pseudonymous data (for example referrer, a hash of the user-agent, timestamp, path). We do not aim to identify individuals from these logs. - Server and security logs: Our hosting provider may log technical data such as IP address, timestamps, and requested URLs.
- Cookie and analytics choice: We record your analytics preference (allow or reject Umami) in your browser's local storage so we do not reload analytics after you opt out.
Purposes and legal bases (GDPR)
- Contract — to provide the site, account, purchases, downloads, and support you request.
- Legitimate interests — to secure the service, prevent abuse, improve content, and measure affiliate performance in a privacy-conscious way, where we do not rely on consent.
- Legal obligation — where we must retain records for tax, accounting, or compliance (including anonymised or minimised order records).
- Consent — we load Umami analytics only if you opt in via the cookie banner or cookie preferences. You may withdraw that consent at any time; we will stop loading analytics on your device.
Processors and sharing
We use service providers that process data on our instructions, including for example:
- Hosting and database (e.g. Netlify, Supabase/PostgreSQL) for the web app and stored data.
- Shopify for storefront, cart, and checkout for physical goods.
- Mollie for payment processing for applicable digital purchases.
- Umami (analytics) — when you consent, page views and optional custom events are processed by Umami (for example Umami Cloud).
We do not sell your personal data.
Analytics (Umami)
If you opt in, we use Umami to understand aggregate traffic (for example which guides are read). The Umami script does not load until you accept analytics. Technical details depend on your Umami product and hosting; review Umami's documentation and your dashboard settings. If our configuration changes, we will update this policy and may bump the consent version so you can choose again.
Cookies and similar storage
The table below summarises the main technologies we use. Essential items are needed for core functionality (sign-in, checkout path, cart session). Analytics is optional and only runs after consent.
| Technology | Purpose | Storage | Legal basis |
|---|---|---|---|
ungrid_session (HTTP-only cookie) | Keep you signed in | Browser cookie, ~30 days | Contract / legitimate interests (security) |
ungrid-calculator-data (cookie) | Remember calculator inputs for this browser session | Session cookie | Legitimate interests / convenience |
sessionStorage (ungrid_cart, etc.) | Shopping cart for this tab/session | Until tab/session ends | Contract (purchase flow) |
localStorage (guest checklist, plan progress, preferences) | Save progress before you create an account | Until you clear site data | Legitimate interests / consent where applicable |
localStorage (ungrid_cookie_consent) | Remember analytics choice | Until you clear site data or we bump policy version | Consent (for analytics flag) |
| Umami script | Aggregate analytics | Loaded only after opt-in; see Umami docs | Consent |
Retention
We retain data only as long as needed for the purposes above. Account data and related progress are removed when you delete your account, except where we must keep minimised records for legal, tax, or accounting reasons. Order rows tied to you may be anonymised (contact and address fields removed or replaced) rather than deleted so we can meet retention rules. Payment processors may retain their own records according to their policies and law.
Your rights (EEA/UK)
You may have the right to access, rectify, erase, restrict, object, and port your personal data, and to lodge a complaint with a supervisory authority. If you have an account, you can download a copy of your data and request account deletion from My account. You can also contact us via the contact page. Erasing your account on our systems does not automatically erase data held by Shopify, Mollie, or other processors; you may exercise rights with them directly or ask us to help coordinate where feasible.
International transfers
Providers may process data outside the EEA or UK. Where required, we rely on appropriate safeguards (such as EU Standard Contractual Clauses or UK equivalents) offered by our providers.
Digital Services Act and illegal content
If you believe content on our site is illegal under applicable law, you may report it to us at hello@ungrid.store with enough detail for us to locate the material. We are not a large-scale user-generated content platform; this channel is for good-faith reports about our published pages. Final procedures should be confirmed with counsel for your role under the DSA and national law.
Automated decisions and AI
We do not use your personal data for solely automated decisions with legal or similarly significant effects. We do not offer an in-product generative-AI or chat feature that processes your inputs as personal data. Allowing search or AI crawlers via robots.txt is a publishing choice for public pages and is not the same as operating a high-risk AI system under the EU AI Act. If we add AI-powered features later, we will update this policy and assess applicable obligations.
Children
Our services are not directed at children under 16. We do not knowingly collect their personal data.
Changes
We may update this policy from time to time. The “Last updated” date will change when we do.
Contact
Questions or requests: use our contact page.