Data controller
stablegrid is operated by [Company Name], registered at [Registered Address]. For any privacy or data-protection enquiry (including exercise of the rights listed below), contact support@stablegrid.io.
We do not currently have a dedicated Data Protection Officer. Data-protection requests are handled by the team at the address above.
What we collect
We collect account information (name, email), learning progress, session usage, billing records for paid subscriptions, and optional analytics events — the latter only after consent for the Analytics category.
Why we collect it
Data is used to authenticate your account, persist your learning progress and kWh balance, deliver paid features, process payments, keep the service reliable and secure, and — with your consent — understand aggregate product usage.
Legal basis for processing
Under Article 6 GDPR we rely on the following legal bases:
- Processing purpose
- Account creation and authentication
- Legal basis
- Contract (Art. 6(1)(b) GDPR)
- Processing purpose
- Learning progress and session history
- Legal basis
- Contract / Legitimate interest (Art. 6(1)(b) / (f))
- Processing purpose
- Product analytics
- Legal basis
- Consent (Art. 6(1)(a)) — opt-in via cookie banner
- Processing purpose
- Marketing emails
- Legal basis
- Consent (Art. 6(1)(a)) — opt-in, withdraw any time
- Processing purpose
- Billing and subscription management
- Legal basis
- Contract (Art. 6(1)(b)) + Legal obligation (Art. 6(1)(c))
| Processing purpose | Legal basis |
|---|---|
| Account creation and authentication | Contract (Art. 6(1)(b) GDPR) |
| Learning progress and session history | Contract / Legitimate interest (Art. 6(1)(b) / (f)) |
| Product analytics | Consent (Art. 6(1)(a)) — opt-in via cookie banner |
| Marketing emails | Consent (Art. 6(1)(a)) — opt-in, withdraw any time |
| Billing and subscription management | Contract (Art. 6(1)(b)) + Legal obligation (Art. 6(1)(c)) |
How long we keep your data
- Data category
- Account data (email, name, auth identifiers)
- Retention period
- Until account deletion
- Data category
- Learning progress and kWh balance
- Retention period
- Until account deletion
- Data category
- Billing records and invoices
- Retention period
- 7 years (tax and accounting law)
- Data category
- Support correspondence
- Retention period
- Up to 24 months after resolution
- Data category
- Analytics events (with consent)
- Retention period
- Up to 14 months from collection
| Data category | Retention period |
|---|---|
| Account data (email, name, auth identifiers) | Until account deletion |
| Learning progress and kWh balance | Until account deletion |
| Billing records and invoices | 7 years (tax and accounting law) |
| Support correspondence | Up to 24 months after resolution |
| Analytics events (with consent) | Up to 14 months from collection |
Sub-processors
We rely on the following sub-processors to deliver the service. Each is bound by a data-processing agreement consistent with GDPR Article 28.
- Provider
- Supabase
- Region
- United States
- Purpose
- Authentication, database, file storage
- Provider
- Stripe
- Region
- United States
- Purpose
- Payment processing and billing
- Provider
- Cloudflare
- Region
- United States
- Purpose
- Turnstile CAPTCHA, CDN, DDoS protection
- Provider
- Vercel
- Region
- United States
- Purpose
- Application hosting and edge delivery
| Provider | Region | Purpose |
|---|---|---|
| Supabase | United States | Authentication, database, file storage |
| Stripe | United States | Payment processing and billing |
| Cloudflare | United States | Turnstile CAPTCHA, CDN, DDoS protection |
| Vercel | United States | Application hosting and edge delivery |
International data transfers
Several of our sub-processors are based in the United States. Where personal data is transferred outside the European Economic Area, transfers are protected by the European Commission’s Standard Contractual Clauses (SCCs) and, where applicable, supplementary technical measures such as encryption in transit and at rest.
Your rights
If you are in the European Economic Area or the United Kingdom you have the following rights in relation to your personal data:
- Access (Art. 15)
- Request a copy of the personal data we hold about you.
- Rectification (Art. 16)
- Ask us to correct inaccurate or incomplete data.
- Erasure (Art. 17)
- Request deletion of your data ("right to be forgotten").
- Restriction (Art. 18)
- Ask us to pause processing in specific situations.
- Portability (Art. 20)
- Receive your data in a machine-readable export.
- Objection (Art. 21)
- Object to processing based on legitimate interests.
- Withdraw consent (Art. 7(3))
- Revoke any consent-based processing at any time.
- Complaint (Art. 77)
- Lodge a complaint with your local supervisory authority.
To exercise any of these rights, email support@stablegrid.io. You can also use the self-service GDPR export and account deletion tools in Settings > Danger Zone. You always have the right to lodge a complaint with your local supervisory authority.
Your controls
You can request a GDPR export or permanently delete your account in Settings > Danger Zone. These actions require authentication.
You can change cookie choices at any time from the persistent Cookie settings control shown across the site.
Contact
For privacy questions, contact support@stablegrid.io.