Privacy Principles
This statement describes the core principles that guide how Gradelog handles personal data — regardless of where in the world a customer is located. For U.S.-specific rights under CCPA/CPRA and complete data practice details, see our Privacy Policy.
Effective: July 2026 · Questions: privacy@gradelog.com
We collect and process personal data only when we have a lawful basis to do so — such as fulfilling a service contract (operating the platform for your subscription), complying with a legal obligation, or pursuing a legitimate business interest that does not override your rights. We do not collect data for undisclosed purposes.
We use data only for the purposes for which it was collected. If we need to use data for a materially different purpose, we will notify you and, where required, seek your consent before doing so.
We collect only the personal data we actually need to deliver the Gradelog platform. Field data (grade shots, photos, job-site measurements) belongs to you and is stored on your behalf — not mined for our own purposes. We do not collect data speculatively.
We take reasonable steps to keep the personal data we hold accurate. If you believe we hold inaccurate data about you, you can request a correction at any time by contacting us at privacy@gradelog.com.
We implement technical and organizational security measures appropriate to the sensitivity of the data we hold — including encryption in transit (TLS) and at rest, access controls based on the principle of least privilege, and regular security reviews.
Our infrastructure runs on Vercel (application hosting) and Supabase (database), both of which maintain SOC 2 Type II certifications and independent data center controls. Payment data is processed by Stripe; we do not store raw card numbers.
For full security details, see our Security page.
We are transparent about what data we collect and why. We do not sell your personal data to third parties for advertising. We share data only with the sub-processors necessary to operate the platform — listed publicly at gradelog.com/subprocessors.
Regardless of your location, you can contact us to:
California residents have additional rights under CCPA/CPRA, described fully in our Privacy Policy.
Gradelog is based in the United States. Your data is stored and processed primarily on infrastructure located in the U.S. (Supabase on AWS us-east-2; Vercel global edge). If you access Gradelog from outside the United States, your data will be transferred to and processed in the U.S.
Where we transfer data from the European Economic Area (EEA) or the United Kingdom to the U.S., we rely on appropriate safeguards such as the EU Standard Contractual Clauses (SCCs). A Data Processing Agreement (DPA) is available upon request for customers subject to GDPR at privacy@gradelog.com.
We retain personal data only for as long as necessary to deliver the service and comply with legal obligations. Account data is retained for the duration of your subscription plus a brief transition period. Upon cancellation, we delete or anonymize your data within 30 days, unless required by law to retain it longer.
This statement may be updated from time to time. We will post the updated statement on this page with a revised effective date. For material changes, we will provide additional notice by email or in-app notification.
Looking for the full Privacy Policy?
This Global Privacy Statement covers our worldwide principles. For complete details on data collection, U.S. consumer rights (CCPA/CPRA), cookies, field data handling, and sub-processors, see our Privacy Policy.
Read Privacy PolicyGradelog · 420 Industrial Blvd, Nash TX 75569 · privacy@gradelog.com
See also: Privacy Policy · Cookie Policy · Sub-Processors