Privacy Policy

GraySquare Solutions Inc. ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at https://www.graysquare.com/ and use our web development and hosting services.

By accessing our website or using our services, you consent to the practices described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access our website or use our services.

2.1 Personal Information

We may collect personally identifiable information that you voluntarily provide to us, including but not limited to:

  • Full name
  • Email address
  • Telephone number
  • Billing and payment information
  • Business name and details
  • Login credentials for account access
  • Domain registration information

2.2 Technical and Usage Information

When you access our website or services, we may automatically collect certain information, including:

  • IP address
  • Browser type and version
  • Operating system
  • Device information
  • Pages visited and time spent on pages
  • Referring website addresses
  • Access times and dates
  • Clickstream data

2.3 Service-Related Information

In providing our web development, hosting, and website management services, we may collect:

  • Website content and files uploaded to our servers
  • Server logs and performance data
  • Backup data
  • FTP and database access credentials
  • SSL certificate information

We may use the information we collect for the following purposes:

  • To provide, operate, and maintain our services
  • To process transactions and send related information, including purchase confirmations and invoices
  • To manage your account and provide customer support
  • To set up and manage WordPress hosting, managed WordPress solutions, and dedicated server services
  • To perform website maintenance, backups, and security monitoring
  • To communicate with you about updates, security alerts, and administrative messages
  • To send promotional communications (with your consent where required)
  • To improve our website and services
  • To detect, prevent, and address technical issues or fraudulent activity
  • To comply with legal obligations

3.1 Legal Bases for Processing (EU/UK GDPR)

If you are located in the European Economic Area (EEA), Switzerland, or the United Kingdom, we process your personal information under one or more of the following legal bases:

  • Contractual necessity: To provide the services you request, administer your account, and perform our contractual obligations.
  • Legitimate interests: To operate, secure, and improve our services; prevent fraud; and communicate with you about service-related matters (balanced against your rights).
  • Consent: Where required by law (for example, certain marketing communications or non-essential cookies). You can withdraw consent at any time.
  • Legal obligation: To comply with applicable laws, regulations, and lawful requests.

We may also rely on other legal bases where permitted by law.

We may share your information in the following circumstances:

4.1 Service Providers

We may share your information with third-party vendors, contractors, and service providers who perform services on our behalf, including payment processing, data analysis, email delivery, hosting services, infrastructure/hosting providers, analytics providers, and customer service.

4.2 Third-Party Disclosure (What We Share and Why)

We do not sell your personal information. We may disclose your information to third parties in the following cases:

  • Vendors and processors: To operate our business (e.g., payment processing, email delivery, analytics, hosting infrastructure, domain-related services, customer support tools).
  • Professional advisors: Such as legal, accounting, or insurance advisors where necessary for our legitimate business purposes.
  • Compliance and enforcement: To comply with applicable law, regulation, legal process, or governmental request, and to protect the rights, property, or safety of the Company, our customers, or others.
  • Business transfers: In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale/transfer of assets, where information may be transferred as part of that transaction.
  • With your direction or consent: Where you request or authorize the disclosure.

4.3 Legal Requirements

We may disclose your information where required to do so by law or in response to valid requests by public authorities, including to meet national security or law enforcement requirements.

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.

4.5 Protection of Rights

We may disclose your information to protect and defend our rights or property, to protect the safety of our users or the public, or to protect against legal liability.

4.6 With Your Consent

We may share your information for other purposes with your express consent.

5.1 Cookies

We use cookies and similar tracking technologies to track activity on our website and store certain information. Cookies are small data files placed on your device. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. If you disable cookies, some parts of the website may not function properly.

5.2 Types of Cookies We Use

  • Essential Cookies: Necessary for the website to function properly (e.g., security, session management)
  • Analytics Cookies: Help us understand how visitors interact with our website (e.g., pages viewed, traffic sources)
  • Functional Cookies: Enable enhanced functionality and personalization (e.g., remembering preferences)
  • Marketing Cookies: Used to track visitors across websites for advertising purposes (if enabled)

5.3 Third-Party Analytics

We may use third-party analytics services (for example, Google Analytics) to collect and analyze usage information. These services may use cookies and other tracking technologies to perform their services. You can typically opt out through your browser settings and/or vendor-provided opt-out mechanisms where available.

We implement appropriate technical and organizational security measures designed to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include:

  • SSL/TLS encryption for data transmission
  • Daily backups of hosted data
  • Secure server infrastructure
  • Regular security assessments and updates
  • Access controls and authentication protocols

However, no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. The retention period may vary depending on the context of the services we provide and our legal obligations.

7.1 Retention Periods

Unless a longer retention period is required or permitted by law, we generally apply the following retention approach:

  • Account and customer records (contact details, account settings): Retained for the life of the account and for up to 24 months after account closure to handle follow-up requests, disputes, and recordkeeping.
  • Billing, invoicing, and tax records: Retained for 7 years (or longer if required by applicable tax or accounting laws).
  • Support communications: Retained for up to 24 months to improve customer support and maintain service history.
  • Security logs and system logs: Retained for 30–180 days (or longer if needed to investigate incidents or comply with legal obligations).
  • Backups: Retained on a rolling basis consistent with our operational backup schedules; deleted/overwritten as part of normal rotation unless needed for restoration, incident response, or legal compliance.
  • Marketing preferences and consent records: Retained for as long as needed to demonstrate compliance and honor your preferences.

Upon termination of services, we will retain your data for a reasonable period to allow for data retrieval, after which it will be securely deleted unless retention is required by law, required to resolve disputes, or needed to enforce our agreements.

Depending on your location, you may have certain rights regarding your personal information. Please see the region-specific sections below for details.

8.1 EU/UK Residents (GDPR)

If you are located in the EEA or the UK, you may have the following rights (subject to applicable law):

  • Right of access: Request access to your personal data.
  • Right to rectification: Request correction of inaccurate or incomplete personal data.
  • Right to erasure: Request deletion of your personal data in certain circumstances.
  • Right to data portability: Request a copy of certain personal data in a structured, commonly used, machine-readable format and to have it transmitted to another controller where technically feasible.
  • Right to object: Object to processing based on legitimate interests and to processing for direct marketing.
  • Right to restriction of processing: Request that we limit processing in certain circumstances.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time (this does not affect processing already performed).

How to exercise GDPR rights: Contact us using the details in the “Contact Us” section below.

Data Protection Officer (DPO): GraySquare Solutions Inc. has not appointed a Data Protection Officer at this time. If you need to reach our privacy contact for EU/UK matters, please use the contact details in the “Contact Us” section and include “GDPR Request” in your message subject.

Supervisory authority / lead authority: If you are in the EEA/UK, you also have the right to lodge a complaint with your local supervisory authority. Our lead supervisory authority (if applicable) is: [Placeholder – identify lead supervisory authority, if applicable].

8.2 California Residents (CCPA/CPRA)

If you are a California resident, you may have the following rights (subject to applicable law and verification):

  • Right to Know: Request that we disclose the categories and specific pieces of personal information we collected about you, the sources, purposes, and the categories of third parties with whom we disclosed it.
  • Right to Delete: Request deletion of personal information we collected from you, subject to exceptions.
  • Right to Correct: Request correction of inaccurate personal information we maintain about you.
  • Right to Limit Use and Disclosure of Sensitive Personal Information: Where applicable, you may request that we limit the use and disclosure of sensitive personal information to what is necessary to provide the requested services, perform expected business purposes, and as otherwise permitted by law.
  • Right to Opt-Out of Sale/Sharing: Direct us not to “sell” or “share” your personal information as those terms are defined under California law.

Non-discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

How to exercise CCPA/CPRA rights: Contact us using the details in the “Contact Us” section below and include “California Privacy Request” in your message subject. We may need to verify your identity and/or your requestor authority (if using an authorized agent) before responding.

8.3 Additional Information

Depending on your location, you may also have other rights under applicable privacy laws. To exercise any rights, please contact us using the information provided below. We may need to verify your identity before responding.

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18 without verification of parental consent, we will take steps to remove that information from our servers.

Our website may contain links to third-party websites or services that are not owned or controlled by GraySquare Solutions Inc. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services. We encourage you to review the privacy policies of any third-party websites you visit.

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. By using our services, you consent to the transfer of your information to such countries.

We reserve the right to update or modify this Privacy Policy at any time. Any changes will be effective immediately upon posting the updated Privacy Policy on this page with a revised "Last Updated" date. We encourage you to review this Privacy Policy periodically for any changes.

Your continued use of our website or services after any modifications to this Privacy Policy constitutes your acceptance of such changes.

The table below summarizes (i) categories of personal information we may have collected in the last 12 months, (ii) typical sources, (iii) business/commercial purposes, and (iv) categories of third parties to whom we may disclose the information. The specific personal information collected depends on how you interact with us and which services you use.

Notes:

We do not knowingly collect “sensitive personal information” beyond what is necessary to provide our services and secure access, and we do not use it to infer characteristics about you.

We do not sell your personal information. We also do not share personal information for cross-context behavioral advertising unless expressly stated and enabled in our cookie settings and practices.

13.1 Do Not Sell or Share My Personal Information (California)

California residents may have the right to opt out of the “sale” or “sharing” of personal information (as those terms are defined under CCPA/CPRA).

Do Not Sell or Share Link: [Placeholder – add “Do Not Sell or Share My Personal Information” link on website footer and link URL here]

If we engage in sharing for cross-context behavioral advertising via cookies/third-party tags (if enabled), you may also opt out using the link above and/or by adjusting cookie preferences where available.

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

GraySquare Solutions Inc.
Website: https://www.graysquare.com/

This Privacy Policy is intended to comply with applicable privacy laws and regulations. It is recommended that you consult with a qualified legal professional to ensure compliance with all applicable laws in your jurisdiction.