The Grid Privacy Policy

Introduction

This Privacy Policy applies to the Personal Data collected by Grid Markets LLC (“The Grid,” “we,” “us,” or “ours”) on this website, thegrid.ai, when you visit our marketing websites, dashboards, and documentation, (collectively our “Sites”), or when you use our Services (as defined in Section 1) and explains how The Grid collects, uses, shares, and protects information about you.

When we use the term “Personal Data” we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an individual.

By using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, you should not use the Services.

1. Who we are and our role

The Grid acts as an independent “data controller” or similar concept under applicable law with respect to your account and profile data, marketplace activity, metering, billing, related logs, and any of the information we collect when you interact with the Site.

For some enterprise or custom integrations The Grid may act as a data processor or service provider on behalf of a customer under a separate data processing or service agreement. In those processor cases that separate agreement will govern how data is handled in more detail.

The Grid operates an AI inference marketplace and routing platform. When we refer to our “Services” that includes:

• Listing standardized AI inference contracts called Instruments and units of those contracts called Instrument Units or Units.
• Matching buyers who consume inference with suppliers who provide models or compute capacity.
• Metering and billing inference usage and related performance and delivery logs.
• Routing your prompts, messages, and other inference inputs to one or more third party AI model providers or AI Inference Aggregators, and then returning their outputs to you.

2. Third Party Services and Sites

This Privacy Policy does not apply to third party websites, models, APIs, or services that are not under our control, including AI model providers that receive data from us to perform inference. Nor does it apply to your own applications and systems that consume The Grid API. Those third parties have their own privacy policies and practices that you should review separately.

3. Personal Data we collect

We collect Personal Data that you provide directly, that is collected automatically when you use the Services or visit our Sites, and that we receive from third parties.

3.1 Personal Data you provide directly

When you create an account, use the platform as a consumer, apply or onboard as a supplier, or communicate with us we may collect the following categories of Personal Data:

• name;
• email address and other contact information;
• information about your professional role and your employer;
• identifiers from sign in providers if you choose them;
• order instructions, account preferences, and similar settings related to your use of the Services; and,
• the content of your support tickets, feedback forms, surveys or other communications to us.

3.2 Personal Data collected when you use the Sites and Services

When you interact with the Sites or Services we automatically collect usage and transaction data. This includes the following categories of Personal Data:

• Billing and account records, including invoices, balances, and related financial information,
• Information about how you use the Services or Sites, such as, usage volumes, rate limit events, and performance metrics required for billing and enforcement, or order/request details, allocation confirmations, and related timestamps;
• Device and technical information, such as IP address, browser type, operating system, and interaction logs; and,
• Audit and compliance logs (which may be stored in immutable formats where required by law).

3.3 Personal Data we receive from third parties

Finally, we may receive Personal Data related to you from third parties. This Personal Data includes:

• Profile information and other identifiers from sign-in providers;
• Financial account numbers and other similar information related to billing from payment service providers;
• Names and other contact information; and,
• Identity verification and sanctions screening data required to comply with applicable law.

4. How we use your information

We use the information we collect for the following purposes.

4.1 To provide and operate the Services

We use your Personal Data to provide and operate the Services, including to:

• Create and manage your account and profiles;
• List instruments, maintain service records and update instrument contract specifications;
• Process purchase requests and allocate Units on the platform;
• Route your inference requests to appropriate suppliers and to return outputs to you;
• Enforce rate limits, Unit expiration windows, and other consumption rules; and,
• Meter Unit and token usage, generate invoices, settle accounts, and reconcile billing records.

Our legal bases for this typically include performance of a contract with you and our legitimate interests in operating a secure and functional marketplace.

4.2 To maintain security, integrity, and compliance

We use your Personal Data to maintain security, integrity, and compliance, including to:

• Log and monitor activity to detect security issues, fraud, and platform abuse;
• Maintain audit logs, immutable records, and other evidence where required by applicable law or our own security standards;
• Investigate and resolve disputes around metering, proof of delivery, or service performance; and,
• Comply with legal obligations, legal reporting obligations, and enforcement requests;

The legal bases for these activities typically include legal obligations and our legitimate interests in maintaining a secure and compliant market.

4.3 To improve and develop the Services

We use your Personal Data to improve and develop the Services, including to:

• Improve routing, benchmarks, and instrument design;
• Debug issues and to optimize infrastructure performance and reliability; and,
• Design and test new products such as new service types and advanced routing features.

Where possible we use aggregated or de-identified data for these improvement activities instead of information that directly identifies you.

4.4 To communicate with you

We use your Personal Data to communicate with you, including to:

• Send transactional messages such as order confirmations, balance updates, rate limit notifications, expiry reminders, and invoices;
• Provide support, respond to your questions, and handle feature or bug reports;
• Market other products, features, services, or offers that we think may be of interest to you; and,
• Send administrative updates about terms, policies, and changes to our Services.

You can manage some of your communication preferences such as marketing emails through account settings or unsubscribe links where those are available.

5. Prompts, outputs, and training data

5.1 How The Grid handles your inference content

By design The Grid routes your prompts, messages, and other inference inputs plus model outputs through our infrastructure and onward to one or more suppliers so that we can deliver the Services.

By default, The Grid does not capture, store, or log the content of your prompts, messages, or model outputs. We route your inference inputs to suppliers and return their outputs to you without retaining copies in our systems.

We may temporarily log inference content only with your express consent, for example when you enable diagnostic logging for debugging or support purposes. You can enable or disable this at any time through your account settings or by contacting support.

We may associate metering metadata such as Unit usage records, proof of delivery information, and billing metadata with your inference activity, but this metadata does not include the content of your prompts or outputs.

We do not sell your prompts or outputs as standalone data products.

We do not use your prompts or outputs to train proprietary models.

5.2 How suppliers handle training data and retention

Each supplier such as a model provider or capacity aggregator has its own data handling and training policies. The Grid does not control and cannot comprehensively audit each supplier's internal data use, retention, or training practices.

By default, all instruments on The Grid are configured with zero data retention at the supplier level, meaning suppliers do not retain your prompts or outputs after fulfilling the request. If we introduce instruments where zero data retention is not available - for example, due to supplier technical constraints or regulatory requirements - we will clearly identify those instruments in the Provider Data Practices Directory and in the relevant instrument documentation before you use them.

We maintain a Provider Data Practices Directory that lists each supplier available on The Grid, along with links to their privacy policy and terms of service, and any data handling configurations we have in place (such as zero data retention agreements). If you need this information, please reach out to us at support@thegrid.ai

While The Grid does not capture or retain your inference content by default, your prompts and inputs are transmitted to one or more suppliers in order to fulfill your inference request. Each supplier's handling of that data - including whether they log, retain, or use it for training or other secondary purposes - is governed by that supplier's own privacy policy and terms of service. You are responsible for reviewing the applicable supplier terms, which are available in our Provider Data Practices Directory, and for configuring routing preferences that match your legal and privacy requirements.

Suppliers that are found to be in violation of their stated data handling commitments may be subject to penalties, suspension, or removal from the platform, particularly for repeat or material violations. If you believe a supplier on The Grid has violated its stated data handling practices, you can report the concern to support@thegrid.ai. We will investigate reports and take appropriate action.

6. Cookies and similar technologies

We use cookies, local storage, and similar technologies for the following purposes:

• Authentication: To support sign-in via third-party identity providers such as Google and GitHub, and to maintain your authenticated session.
• Preferences: To remember your settings and route configurations.
• Analytics: To measure how users interact with dashboards and documentation so that we can improve the product.

You can manage cookie preferences through your browser settings and, where available, through in-product cookie controls or consent banners.

7. How we share information

7.1 With suppliers and model providers

To deliver inference we share your prompts and inputs with the supplier fulfilling your request. We also share the technical context and metadata necessary for the supplier to process the request and for us to verify delivery and performance.

7.2 With service providers and vendors

We use third party service providers to:

• To support operations, including cloud hosting, storage, logging, security, and observability;
• For authentication, email delivery, and customer support;
• To process payments, handle funds and settle invoices; and,
• To understand and improve how the Services and the Sites perform.

These service providers process data on our behalf and are contractually required to protect it and to use it only for the purposes we specify in line with applicable law.

7.3 With affiliates

We may share information with our group companies or future affiliates for purposes consistent with this Privacy Policy, including product development, support, and compliance.

7.4 For legal, safety, and compliance

We may disclose information when it is reasonably necessary to:

• Comply with applicable laws, regulations, legal processes, or government requests;
• Enforce our terms, rules, or agreements
• Protect the rights, property, or safety of The Grid, our users, or the public; or,
• Detect, investigate, and prevent fraud, platform abuse, or security incidents.

7.5 Business transfers

If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred as part of that transaction.

Any such transfer will remain subject to this Privacy Policy or to a successor policy that offers materially similar protections.

We do not sell personal information in the sense of selling it to data brokers for independent use in marketplace for money.

8. International transfers

We may process and store information in countries other than your own, including the United States, Canada, or other jurisdictions where we or our service providers operate.

Where required by law, for example for residents of the European Economic Area, the United Kingdom, or Switzerland, we will implement appropriate safeguards for cross-border transfers.

These safeguards may include standard contractual clauses or similar legal frameworks, as well as technical and organizational measures to protect data in transit and at rest.

9. Data retention

We retain information for as long as necessary to provide the Services and to fulfill the purposes described in this Privacy Policy, or as otherwise permitted or required by applicable law including, to comply with our legal, regulatory, tax, accounting, or reporting obligations.

10. Your rights and choices

Depending on your location and applicable law you may have rights over your Personal Data.

These rights can include the right to:

• Request access to your Personal Data and to obtain a copy of it;
• Request correction of inaccurate or incomplete data;
• Request deletion of your Personal Data;
• Request that we restrict processing of your Personal Data;
• Request your Personal Data that we hold in a structured, commonly used, machine-readable format or to have it transmitted to another service where technically feasible; and,
• Object to certain types of processing.

To exercise any of the rights described above, please contact us at support@thegrid.ai. We may ask you to verify your identity before responding to requests, and we may decline requests where the law allows, for example where fulfilling the request would conflict with our legal retention obligations.

If you are in the European Economic Area, the United Kingdom, or certain other jurisdictions you may have the right to lodge a complaint with your local data protection authority.

11. Children's privacy

The Services are not directed to or intended for individuals under the age of eighteen.

We do not knowingly collect Personal Data from such children.

If we become aware that we have collected Personal Data from a child without appropriate consent, we will take steps to delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our Services, legal obligations, or data handling practices.

When we make material changes we will update the “last updated date” at the top of the Privacy Policy.

Where the law requires it we will provide additional notice of material changes, for example through email or in-product notifications.

Your continued use of the Sites and Services after any changes become effective means that you accept the revised Privacy Policy.

13. Do Not Track

This Site does not currently recognize “Do Not Track” signals.