Data & Privacy
Transparency Report

Name: gridaroa
Address: Carrera 9 #115-06, Bogotá, Colombia
Telephone: +57 601 514 0900

At gridaroa, we believe web design requires trust. This document outlines exactly how we handle personal data from our clients and visitors in Bogotá and beyond. No vague language, no hidden clauses—just the operational reality of our studio.

"Privacy isn't a feature. It's the baseline for working with real businesses."

Information We Process

Operational Data

Identity & Contact

We collect names, email addresses, and phone numbers strictly for project communication and invoicing. This data is never purchased or aggregated from third parties. It enters our system only when you initiate contact via email, our contact form, or a direct client agreement.

Technical Telemetry

Basic server logs (IP address, browser type, access times) are retained for 30 days to debug security incidents and analyze traffic patterns. We do not use Google Analytics. Our hosting provider may log data at the infrastructure level, but gridaroa does not access user-level behavioral profiles.

Project Assets

Client-provided Figma files, brand assets, and copy drafts are stored on encrypted drives. We treat these as confidential intellectual property. Access is restricted to active project leads.

Storage Logic

Retention Policy

● Active Projects: Until delivery + 30 days
● Leads (Unconverted): Max 90 days
● Server Logs: 30 days rotation

Mitigation: We send a retention notice 7 days before deletion.

Access Control

● Internal: 2FA required for all tools
● External: Never shared without NDA
● Exports: Client-owned, encrypted zip

Trade-off: Slower onboarding for higher security.

Methodology Callout

Vendors & Processors

We act as the Data Controller. We use Processors only to deliver the service. All vendors are vetted for GDPR/LGPD compliance.

Vercel (Hosting) US/EU

Google Workspace (Email) Encrypted

AWS S3 (File Storage) Encrypted at rest

Figma (Design Collab) Client shared

Pitfall Rail: We never use Facebook Pixel or LinkedIn Insight Tag on our own site. We do not retarget visitors.

User Rights

Under LGPD/GDPR, you can:

• Request a copy of your data
• Ask for correction/deletion
• Revoke consent at any time
• File a complaint with the ANPD

Security Protocol

Technical Implementation

We enforce TLS 1.2+ on all connections. Database access is restricted by IP. Physical servers are located in secure data centers with biometric entry.

Breach Response

Detection: Automated alerts within 15 mins
Assessment: Internal audit within 4 hours
Notification: Affected users within 24 hours
Mitigation: Isolate, patch, document

Cookies & Scripts

Essential Only
session_id (24h)
consent_status (30d)

No tracking cookies. No ad networks. The cookie banner you see on this site is handled by our global generator (not injected here).

Read Cookie Policy

Data Protection Officer

For privacy-specific inquiries, contact our designated handler. We respond to all requests within 5 business days.

gridaroa Privacy Team

Carrera 9 #115-06, Bogotá, Colombia

[email protected]

+57 601 514 0900

Mon-Fri: 9:00-18:00

Changes to Policy

We reserve the right to update this policy. Material changes will be notified via email to active clients or a banner on this site for 14 days.

Version 2.1 · Built by gridaroa · Est. 2024

Data & Privacy Transparency Report