gridscoot
legal · privacy

Privacy

We don't want your data. The whole product is structured to minimise it. This page tells you exactly what we collect, why, and how to make it stop.

updated · pre-launcheffective · on first MCP call or sign-upversion · 0.4
01

What we collect

02

What we don't collect

03

A note on agents

If you use Gridscoot through Claude, ChatGPT, Cline, or another MCP-compatible agent, we see the tool call, not the conversation. The agent vendor (Anthropic, OpenAI, etc) sees the conversation but not what we returned to it beyond what the agent decided to surface.

04

Affiliate disclosure

Gridscoot earns commission on purchases made through links on this site. The commission is paid by the retailer, not by you — your purchase price is the same whether you click through us or visit the retailer directly. We never adjust our rankings to favour retailers who pay higher commissions; ranking is algorithmic and based on price, in-stock status, delivery speed, and retailer freshness signals.

Affiliate networks involved: Commission Factory, Amazon Associates AU, eBay Partner Network. Read their respective privacy policies if you care; we're a referrer, not a processor.

05

Data retention

Anonymous clicks
Retained 365 days (auto-pruned). When you follow an outbound link, we log the product, retailer, destination URL, and the click timestamp. We hash your IP address with a salt that rotates every UTC day — the raw IP is never stored, and the hash is truncated to 16 hex characters so cross-day correlation is infeasible. We hash the user-agent string the same way. Anonymous clicks are never linked to your account; signed-in clicks store your user id so you can see your own click history if we add that surface later.
Price history
365 days (auto-pruned).
API call logs
7 days (auto-pruned).
Account data
Until you delete it — request via the contact path below. We'll delete your account within 30 days.
06

EU rights (GDPR)

If you access Gridscoot from within the European Union (or the United Kingdom under UK-GDPR), the General Data Protection Regulation gives you these rights regarding personal data we hold about you:

To exercise any of these rights, write to the contact channel below. We do not require a specific form. Identity verification may be requested where strictly necessary to prevent disclosure to the wrong party.

07

California rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (as amended by the California Privacy Rights Act) gives you these rights regarding personal information Gridscoot holds about you:

To exercise these rights, use the contact channel below. We will verify your request and respond within the 45-day statutory window (extendable once by 45 days on notice).

08

Cross-border data transfers

Gridscoot is operated from Australia. Personal data you provide will be transferred to, processed in, and stored on infrastructure outside the European Economic Area and outside California:

Where personal data is transferred from the EEA/UK to a third country, we rely on either (a) an adequacy decision of the European Commission for the destination country, or (b) Standard Contractual Clauses (SCCs) with the relevant subprocessor and supplementary measures appropriate to the data category. The subprocessor list is intentionally short — Gridscoot is structured to minimise the number of parties holding any personal data.

German residents: please also see the Impressum for the §5 TMG operator-identity disclosure required for services made available in Germany.

09

Limitations + best-effort

This policy describes our intended practices and the data we set out to minimise. It is not a service-level guarantee. The hashes, salts, and minimisation steps described here are best-effort engineering practices, not warranted technical controls. Implementation errors, third-party provider compromises, or events beyond our reasonable control could cause additional data to be collected or retained inadvertently.

Where that happens we will act on it consistently with our obligations under the Australian Privacy Act 1988 (Cth) and the Notifiable Data Breaches scheme. Your non-excludable rights under that legislation are not limited by this policy or by our Terms.

10

Contact

Questions, privacy requests, or account deletion: the contact email hello@gridscoot.com.auis reserved but the domain isn't registered yet (we're early-access). Until launch, the working channels are: (a) the waitlist signup — we read every reply; (b) GitHub issues on the public repo, linked from /about. We respond within 7 days.